SCAP
Security content automation protocol (SCAP) → standardized framework that allows different vulnerability scanners to identify and report the same vulnerability consistently, preventing duplicate or mismatched findings across tools.
Security Benchmarks
Security benchmarks → documented best-practice configuration standards for systems and applications that define a secure baseline and help reduce misconfigurations across environments.
Agent Check
Agent check → compliance assessment method where software installed on a device reports security posture details such as patch status, antivirus state, or configuration settings.
Agentless Check
Agentless check → compliance assessment method that scans devices remotely without installed software, relying on network access or credentials but offering less detailed visibility.
DLP
Data loss prevention (DLP) → security technology that monitors and controls sensitive data to prevent unauthorized access, sharing, or exfiltration through email, endpoints, or networks.
SNMP
Simple network management protocol (SNMP) → protocol used to monitor and manage network devices by querying management information bases using object identifiers, typically communicating over user datagram protocol ports 161 and 162.
MIB
Management information base (MIB) → structured database used by simple network management protocol that defines what device information can be monitored or managed.
OID
Object identifier (OID) → unique numeric identifier used within a management information base to reference specific device metrics or configuration values accessed through simple network management protocol.
SNMP Traps
Simple network management protocol traps → unsolicited alert messages sent by devices to a management system using user datagram protocol port 162 when predefined events or thresholds occur.
NetFlow
NetFlow → network traffic analysis technology that uses probes to collect flow data and sends it to collectors, providing visibility into traffic patterns, bandwidth usage, and potential security incidents.
-
Security Controls10
-
The CIA Triad & Non-Repudiation8
-
AAA & Gap Analysis10
-
Zero Trust12
-
Physical Security8
-
Deception & Disruption4
-
Change Management9
-
Technical Change Management9
-
Public Key Infrastructure & Encrypting Data24
-
Key Exchange & Encyption Technology10
-
Obfuscation8
-
Hashing & Digital Signatures9
-
Digital Certificates12
-
Threat Actors8
-
Common Threat Vectors12
-
Common Social Engineering Attacks9
-
Application & Memory-Based Attacks9
-
SQL Injections & Cross-site Scripting6
-
Operating System & Hardware Vulnerabilities7
-
Virtualization & Cloud-specific Vulnerabilities10
-
Supply Chain & Misconfiguration Vulnerabilities10
-
Mobile Device & Zero-day Vulnerabilities7
-
An Overview of Malware14
-
Viruses, Worms, Spyware & Bloatware10
-
Other Malware Types & Physical Attacks9
-
Denial of Service & DNS Attacks10
-
Wireless & On-Path Attacks:6
-
Replay Attacks & Malicious Code9
-
Cryptographic & Password Attacks8
-
Indicators of Compromise10
-
Segmentation, Access Control & Mitigation Techniques10
-
Hardening Techniques10
-
Cloud Infrastructures9
-
Network Infrastructure Concepts14
-
Infrastructure Considerations15
-
Intrusion Prevention7
-
Network Appliances & Port Security16
-
Firewall Types & Secure Communication11
-
Data Types & Classifications12
-
States of Data & Protecting Data14
-
Resiliency9
-
Capacity Planning, Backups & Recovery Testing9
-
Infrastructure Hardening & Secure Deployment11
-
Wireless Security Settings11
-
Application Security7
-
Asset Management, Vulnerability Scanning & Threat Intelligence14
-
Penetration Testing & Analyzing Vulnerabilities14
-
Vulnerability Remediation & Security Monitoring10
-
Security Tools10
-
Secure Protocols, OS & Email Security15
-
Monitoring Data & Endpoint Security13
-
Identity & Access Management8
-
Access Controls10
-
Incident Response & Planning10
-
Digital Forensics & Log Data17
-
Security Policies, Standards, Procedures & Considerations12
-
Data Roles, Risk Analysis & Management Strategies14
-
Business Impact Analysis & Agreement Types15
-
Compliance, Privacy, Audits & Assessments11
-
Penetration Testing, Security Awareness & User Training10
