We created this Cyber Security Cheat Sheet initially for students of our Cybersecurity Bootcamp. But we're now sharing it with anyone that wants to learn and remember key cybersecurity definitions, tools, and information.
Enter your email below and we'll send it to you 👇
If you’ve stumbled across this cheatsheet and are just starting to learn Cybersecurity, you've made a great choice because there's no time to waste!
There is more and more valuable data and assets online every day, and many companies don't have the proper defenses set up to protect their digital assets. So hackers are constantly on the lookout for new targets to attack. This means becoming a Cybersecurity Expert or Ethical Hacker is a great career choice with lots of demand.
However, if you're stuck in an endless cycle of YouTube tutorials and want to start building real world projects, become a cybersecurity professional, have fun and actually get hired, then come join the Zero To Mastery Academy.
You'll not only learn to become a top 10% Cybersecurity Engineer by learning advanced topics most courses don't cover. But you'll also practice & perfect your skills using real-world exercises and projects.
Just want the cheatsheet? No problem! Please enjoy and if you'd like to submit any suggestions, feel free to email us at firstname.lastname@example.org
Assets are anything that a cyber security strategy should protect. It can be both physical and digital assets ranging from physical computer machines to softwares and data that needs to be protected
Access Control (AC)
The selective restriction of access to Users on a certain platform, application, or software.
Process of proving an individual is who they claim they are. Authentication can be completed by providing several factors for authentication such as: usernames, passwords, 2fa (two factor authentication) codes.
A software used for detecting and removing a malicious software from the machine that the antivirus is installed on. The detection methods used can vary from signature detection (which makes it important to keep antivirus software always up to date to newer methods such as AI or pattern recognition of malware which some antiviruses have.
A copy of data stored in a safe environment which can be used to restore the data in case the original one gets compromised/deleted. Usually backup is stored on a different/separate physical device. If there are not multiple backups, losing the backup data would result in ultimate data loss (considering original data was also deleted/compromised).
An error/mistake in software code which can (not necessary) lead to a vulnerability being present.
BYOD (Bring Your Own Device)
A common term usually found in a company’s security policy which determines whether the employees can bring their own device to work.
A collection of computers which have been infected by a malicious software in order to run commands given to them by the attacker from the Command and Control Centre.
A team of experts with a goal to defend and protect an organization from Cyber Attacks. They are constantly analyzing organizations security and implementing new measures to improve its defences.
A hacker who violates computer security for their own personal profit. The hacking done by a black hat hacker is in many cases with malicious intent and in all cases without permission.
Physical or virtual assets that are important/vital to the organization. Usually cyber security strategies will be based around these types of assets.
An attempt to compromise the protected system. Goals of Cyber Attacks depend on the attackers mindset and can range from simple information gathering to damaging the critical infrastructure and data.
Mathematical processes performed on data to provide the confidentiality, authentication and integrity. The goal of Cryptography is to protect the information and communication so that only those who the information is intended to can process it and read it.
CVE (Common Vulnerabilities and Exposures)
A database of publicly disclosed information security issues. A CVE number uniquely identifies one vulnerability from the list.
Unwanted disclosure or access to confidential information.
Act of intentionally stealing data. Data theft can happen through physical theft or through data leakage.
DDOS (Distributed Denial of Service)
An attack during which the access of a certain system is blocked usually due to purposely ran flooding attacks and connection resource demand.
Proving the identity through a third party entity which is set to be the certificate authority.
Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery, investigation, examination and analysis of material found in digital devices, often in relation to mobile devices and computer crime.
Also known as Data Loss Prevention is a collection of security strategies used to prevent the occurrence of data loss and data leakage.
Converting cleartext into ciphertext (seemingly random form of data).
Encryption Key is a random string of bits created for scrambling and unscrambling data. They are designed with intention to be unpredictable and unique.
A tool used for security which can be both a hardware and a software tool, used for filtering traffic. A firewall is controlled by a set of rules which determine which traffic will be let through and which traffic will be blocked. There are different types of firewalls such as Host based or Network Based firewalls.
A purposefully vulnerable system used for trapping Black Hat Hackers. It is a false system made as a decoy for the hacker to fall for. It is used to trick the attacker into exploiting the honeypot which can alert security experts of a potential threat being present.
IDS (Intrusion Detection System)
An Intrusion Detection System (IDS) is a monitoring system that detects suspicious activities and generates alerts when they are detected.
IPS (Intrusion Prevention System)
A security tool used to constantly monitor the network for malicious activity and once discovering malicious activity, takes the action to block and prevent it.
Potential that an employee or anyone that is considered to be internal personnel could pose a risk to the security of an organization.
Malicious software or Malware is code written with an intent to cause harm and violate the security of a system. There are many types of Malware: RATs, Keyloggers, Trojans, Rootkits, Backdoors, Adwares.
Collecting/Capturing packets off of a data network communication.
An update used to repair the previously existing bug or flaw in the code/system. A patch can also be called implementing new features and capabilities.
Phishing is considered to be a social engineering attack which tricks the target to give their confidential information such as usernames and passwords without knowing it. Phishing attacks are number one threat on the internet and in most cases they happen over email, phone number or social networks.
Security evaluation in which the pen-tester performs various checks and scans with various tools in order to discover a bug or vulnerability being present in the system. Once the pentest is done, the pen-tester submits a report to the organization revealing all the things he found during the Penetration Test.
IT risk management is the application of risk management methods to manage IT threats. IT risk management involves procedures, policies, and tools to identify and assess potential threats and vulnerabilities in IT infrastructure.
A group of cybersecurity experts that perform offensive security exercises on the company to test its security. The goal of this is to act as an attacker and find out as many potential vulnerabilities which can compromise the system/assets of an organization.
The act of isolating a system or an application in order to perform testing.
Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. Social Engineering is used in one of the biggest threats on the internet: Phishing Attacks.
Unwanted messages usually received through email or text messages.
Two-Factor Authentication (also known as 2FA) is an act of proving your identity in additional ways compared to just proving it with a password. Usually 2FA is done via additional code being sent to email or to the phone number linked to that account. 2FA can also be implemented with adding additional pins, smart cards or fingerprints.
Virtual Private Network is a communication link between systems which is encrypted in order to provide a more secure and private communication.
Vulnerability Is a flaw in code or system that weakens the overall security of that system.
A white hat hacker or ethical hacker is an individual who uses hacking skills to identify security vulnerabilities in hardware, software or networks.
Reports are a necessary, and important, part of cybersecurity. Writing reports will differ depending on several factors such as the scope of your analysis, the organization structure, the important assets that need to be secured ... however there are some simple tips we can consider when writing any type of cyber security report:
These are the key tools you should use for cybersecurity.