Menu Close

CompTIA Security+ SY0-701 – Kurs

CompTIA Security+ ist eine weltweit anerkannte, herstellerneutrale Zertifizierung, welche die grundlegenden Fähigkeiten und Kenntnisse in der IT-Sicherheit bestätigt. In diesem Artikel teile ich meine persönlichen Aufzeichnungen und Erkenntnisse, die ich während meiner Vorbereitung auf das Security+ Examen gesammelt habe. Da das Examen auf Englisch ist, werde ich die Notizen ebenfalls auf Englisch verfassen.

Table of Contents



General Security Concepts12%
Threats, Vulnerabilities, and Mitigations22%
Security Architecture18%
Security Operations28%
Security Program Management and Oversight20%

Exam Details

  • Number of questions: Maximum of 90
  • Types of questions: Multiple-choice and performance-based
  • Length of test: 90 minutes
  • Recommended experience: A minimum of 2 years of experience in IT administration with a focus on security, hands-on experience with technical information security, and broad knowledge of security concepts

Exam Objectives

General Security Concepts

Compare and contrast various types of security controls.

Managing security controls

  • Many different categories
  • Categories can be combined
  • Some controls may exist in multiple categories

Control categories

  • Technical controls
    • Software or hardware based
  • Managerial controls
    • Administrative, security policies, design and standard procedures
  • Operational controls
    • People, guards and awareness programs
  • Physical controls
    • Fences, locks, badge readers and doors

Control types

  • Preventive
    • Block access to a resource
  • Deterrent (abschreckend)
    • Discourage an intrusion attempt, does not prevent
  • Detective
    • Identify and log an intrusion attempt, does not prevent
  • Corrective
    • Apply a control after an event has been detected, reverse the impact
    • Continue operating with minimal downtime
  • Compensating
    • Use other means to fix/workaround the issue
    • Temporary most of the time
  • Directive
    • Ask/order someone to do it
    • Weak control
CategoriesPreventiveDeterrent DetectiveCorrectiveCompensatingDirective
TechnicalFirewallSplash screenSystem logsBackup recoveryBlock instead of patchFile storage policies
ManagerialOn-boarding policyDemotionReview login reportsPolicies for reporting issuesSeparation of dutiesCompliance policies
Operational Guard shackReception deskProperty patrolsContact authoritiesRequire multiple security staffSecurity policy training
Physical Door lockWarning signMotion detectorsFire extinguisherPower generatorSign: Authorized Personnel Only
Examples of control types and categories

Summarize fundamental security concepts.

Confidentiality, Integrity, and Availability (CIA)

  • Fundamentals of security
  • Confidentiality – Prevent disclosure of information to unathorized indivduals or systems (encryption, access control, 2FA and permissions)
  • Integrity – Messages can’t be modified without detection (hashing, checksums, digital signatures, certificates)
    • Non-repudiation – Data really is from the source
  • Availability – Systems must be up and running (redundancy, fault tolerance, patching)
Confidentiality, integrity, and availability triad


  • You can’t deny it
  • Proof of integrity (data is unchanged), like a hash or a signature (real)
  • Proof of authentication (who sent the data)
  • A hash alone is not sufficient, we need a proof of the origin
  • Digital signature (hash signed/encrypted with private key)


  • Hashing involves transforming data into fixed-length strings of letters and numbers using a special algorithm called a hash function.
  • Unlike encryption, which can be reversed, hashing is a one-way process.

Digital signature

  • Creation
    • You hash the data (file, message, etc.) you want to sign (using algorithms like SHA-1, MD5, etc.).
    • Then, you encrypt the hash with your private key. This encrypted hash becomes your digital signature.
  • Verification
    • Calculate a hash of the same data (file, message, etc.).
    • Decrypt the digital signature using public key.
    • Compare the two hash values. If they match, the signature is considered valid. Otherwise, it indicates either a different key was used or data alteration.
Create digital signature
Verify digital signature

AAA framework

  • Identification – Who wants access?
  • Authentication – Proof of the identity (password, MFA)
  • Authorization – Grant permissions for authenticated identity (roles)
  • Accounting – Log and protocol of resources used

Authenticating systems

  • Users use credentials/passwords
  • Systems use digitally signed certificates, created by a Certification Authority (CA)
  • Certificates can be included in login/authentication process
  • Certificate is compared against CA-Certificate and CRL

Authorization model

  • No model
    • User has direct permissions on resources
    • Gets complex with more users and resources
  • Abstraction model
    • Users do not have direct access on resources
    • Users, groups, roles and permissions are structured
    • Reduce complexity/simpler administration
    • Clear relationships between users and resouces
Role-Based Access Control (RBAC)

Gap analysis

  • Baseline
    • Set of goals
  • Framework
    • Formal standards (ISO/IEC 27001, NIST 800-171 Revision 2)
  • People
    • Formal experience
    • Current training
    • Knowledge of security policies
  • Processes
    • IT systems
    • Existing security policies
  • Comparison
    • Evaluation of people, systems and processes
    • Identify weaknesses and deviations
  • Gap Analysis Report
    • Clear view of the state
    • Steps to fill the gaps and reach the initial goal
    • Costs time and money
    • Requires good change management

Zero trust

  • Network access
    • Covers device, process and person
    • Credentials, MFA, RBAC, encryption, monitoring, etc.
    • Authenticate every time you access resources
  • Split the network architecture into different Functional (Network) Planes
    • Also for physical, virtual and cloud
  • Split the network into Security Zones
    • Firewall rules and access rules
    • Implicit/explicit allow or deny rules
    • Define trusted or untrusted networks
  • Adaptive identity
    • Do not simply trust the information provided
    • Include other information, like source of the request
    • Anomalies to baselined user behavior
    • Relationship to resources (customer, service provider, employee)
    • Limit access to the network (NAC, VPN)
    • Policy-driven access control
    • Adaptive identity in combination with rules and policies
  • Policy Enforcement Point (PEP)
    • Subject and systems (users, applications, non-human entities)
    • PEP is the gatekeeper
    • Allow, monitor and terminate connections to resources (= action)
  • Policy Decision Point (PDP)
    • Process for authentication decision
  • Policy Engine
    • Evaluates each access decision based on policy
    • Decides on grant, deny or revoke access
    • Includes information from external resources
  • Policy Administrator
    • Communicates with PEP (actions, allow or disallow)
    • Generates access tokens or credentials
Zero trust – Policy enforcement and decision points

Network planes in general

  • Data plane
    • Network forwarding; including underlay
    • Devices like Switches and Firewalls
    • Functions like trunking, encryption, NAT
    • Trust Zones
    • Subject/System
    • Policy Enforcement Point
  • Control plane
    • Defines the actions of the data plane
    • Defined by policies and rules
    • Routing tables, session tables, NAT tables
    • Adaptive identity
    • Threat scope reduction
    • Policy-driven access control
    • Policy Administrator
    • Policy Engine
Separation of management, control and data plane

Physical security

  • Barricades/bollards (Absperrpfosten) – Channel people through a specific access point (or keep vehicles out), highlight a restricted area
  • Access control vestibule (Zugangskontrollvorraum) – Small space with two sets of interlocking doors, such that the first set of doors must close before the second set opens:
    • All doors unlocked, opening one locks the others
    • All doors locked, unlocking one locks the others
    • While one door is opened, the other can’t be unlocked
    • Personenschleuse
  • Fencing (Zaun)
    • Robust, protects the perimeter
    • Transparent or opaque
    • Prevent climbing (height, razor wire)
  • Video surveillance (Überwachungskamera)
    • Aka Closed circuit television (CCTV)
    • Digital fence or guard
    • Motion recognition, alarming, object identification
  • Security guard
    • Two-person integrity/control (Vieraugenprinzip)
    • Protects objects or validates identities
    • Access badge for identification (also for the guards)
  • Lighting (Beleuchtung)
    • Improves Non-IR cameras
    • Helps facial recognition and object identification
  • Infrared (IR) sensor
    • Detects infrared radiation in light and dark
    • Common in motion detectors
  • Pressure sensor
    • Detects change in force
    • User on floor and windows
  • Microwave sensor
    • Detects movement acress large areas
  • Ultrasonic sensor
    • Detect motion, collision detection, etc.

Deception and disruption technology

  • Honeypots
    • Manufactured attack target to lure cybercriminals away from legitimate targets
    • Analye attacker behavior and information
  • Honeynet
    • Network of servers, workstations, routers, switches, firewalls
    • Deception network of honeypots
    • Keep the attacker busy
  • Honeyfiles
    • File with fake information
    • Bait for the honeynet to lure the attacker
    • Add honeyfiles to public file shares
    • Send alarm if file is accessed
  • Honeytoken
    • Traceable data to the honeynet
      • Fake API credentials – Do not grant access
      • Fake email addresses – See who uses it and for what
      • Notification sent when used
    • You know where the data came from
    • Other examples are database records, cookies, web page pixels

Explain the importance of change management processes and the impact to security.


  • Change
    • Software upgrade, patch an application
    • A change of system and configuration
    • Always a risk, if the update fails or there is an error
  • Change owner
    • Owns the process, doesn’t have to be the one performing the change
    • Updates are provided to the owner for all steps
    • Ensures the correct execution of the process
  • Stakeholders
    • Everyone impacted by the change (single person to whole company)
    • Everyone who has input for the change management process
  • Change management (process)
    • Clear policies on frequency, duration, installation and rollback process
    • Should be well documented and easily available
    • Is a standard operating procedure
    • Hard to implement and control
    • Determine owner and stakeholder
    • Perform impact analysis and approval process
    • Plan for backout
    • Update documentation
  • Standard Operating Procedure (SOP)
    • A set of detailed, step-by-step instructions that describe how to perform a repeatable process or task within an organization’s IT system.

Preparing the change

  • Impact analysis
    • Low, medium, high risks
    • Potential risks (fix doesn’t do anything, breaks something, failures, corruption)
    • Risks not doing the change
  • Maintenance window
    • Plan for impact on systems and users
    • Consider potential downtimes
    • Consider important schedules of the customer
  • Change approval process
    • Formal process with information (document)
    • Purpose of the change
    • Scope of the change
    • Schedule date and time (maintenance window)
    • Determine affected systems and impact
    • Change control board analyzes the risks
    • Change control board approves the change
    • Get end-user acceptance after the change is done
  • Backout plan
    • Way to undo and revert the change
    • Some changes are difficult to revert
    • Plan for the backout not to work
    • Have backups

After the change

  • Test environment or test results
    • Sandbox for testing a change, not the production system
    • Try the change and determine if there are unknown risks
    • Confirm successful backup procedure

Technical implications

  • Allow lists/deny lists
    • Applications may be explicit allowed/forbidden
    • May impact the change process
  • Restricted activities
    • Scope of changes that are allowed/tolerated
    • May be expanded during a change due to issues
  • Downtime
    • Scheduled during non-production hours
    • Changes can be disruptive
    • Failover clusters to reduce impact
    • Use automation where possible
    • Send an email or insert it into change calendar
  • Legacy application
    • Installed a long time ago, often no support
    • „Do not change a running system“-mentality
    • Document the system and try to upgrade or replace it
  • Dependencies
    • Read the manuals
    • Upgrade step-by-step and look for upgrade paths
  • Documentation
    • Needs to be part of the change management process
    • Should include steps how to add/remove systems
  • Version control
    • Track changes to a file or configuration data
    • Router configuration, Windows OS patches, registry entries
    • Some systems have it built-in or need additional software

Explain the importance of using appropriate cryptographic solutions.

Public key infrastructure

  • Key escrow
    • There is a legitimate interest (business, law, government) to have insight in encrypted data
    • Keys are stored at a third party (maybe in the same organization)
    • Access to keys is permitted in specific cases

Encrypting data

  • Data types
    • Data at rest – Files on storage media
    • In transit/transport – On the network
  • File Encryption
    • Full-disk (Bitlocker)
    • Partition or volume
    • File (Encrypting File System)
  • Database
    • Whole database (symmetric)
    • Single columns (symmetric, per row)
  • Transport
    • Applications – HTTPS, FTPS, SFTP
    • VPN – SSL-VPN (TLS), IPsec

Secure key storage

  • Trusted Platform Module (TPM)
    • Cryptography hardware
    • Processor with RNG and key generator
    • Persistent memory with keys burned in
    • Versatile memory to store keys and configuration
    • Password protected
  • Hardware Security Module (HSM)
    • High-end hardware
    • Clustered and has redundant power and components
    • Used to store keys, to encrypt and decrypt data (offloading)
  • Key management system (KMS)
    • On-premises or cloud based
    • Separate keys from data
    • Create or rotate keys automatically
    • Log key usage or assign keys to users
  • Secure enclave
    • Not the same as TPM!
    • Protected area for secrets
    • Has its own boot rom and monitors system boot process
    • Real-time memory encryption
    • AES encryption in hardware
    • Root cryptographic keys


  • Keys and algorithms
    • Algorithms are know, keys are kept secret
    • Different keys for different use cases or outputs
    • Do not reuse the key
    • Larger and complex keys are more secure (brute force)
    • Symmetric keys should be 128 bits or larger
    • Asymmetric keys can be 3072 bits or larger
  • Key stretching
    • Make a weak key stronger
    • Hash the password, hash the hash, etc.
    • Brute force attacks would eeds to recalculate all the hashes
  • Key exchange
    • Out-of-band key exchange (telephone, courier)
    • In-band key exchange (encrypt symmetric key with asymmetric encryption)
      • Asymmetric encryption is complex and slow, use symmetric session keys
      • Quick and repeated (re)generation of keys and exchange with asymmetric encryption
      • Session keys are also known as ephemeral keys
    • Key exchange algorithms
      • Generate symmetric key from asymmetric keys of both partys


  • Steganography
    • Obfuscation technique to hide information inside of an image or TCP packets
    • Or dots on printed pages (watermarks, printer information)
    • Audio/video interlaced or hidden data
  • Tokenization
    • Not encryption or hashing!
    • Replace data with a placeholder
    • Common with credit cards, use one time tokens
    • Device communicates with remote token service server
    • Merchant devices compares presented token with token on server
  • Data masking
    • Replace some parts of data with ****
    • Shuffle can also be used
  • Salting
    • Random data added to a password before hashing
    • Salt and the password are concatenated and fed to a cryptographic hash function
    • May be combined with key stretching
    • The output hash value is then stored with the salt in a database
    • Protects gegen rainbow table and bruteforce attacks


  • Keep track of transactions
  • Records are stored in a synchronzed ledger (Hauptbuch)
  • Used for payment, identification, voting
  • Hash is calculated from previous blocks of transactions in this block (hashes)

Digital certificate

  • Certificate
    • Public key and digital signature
    • Self signed, CA or web of trust (signed by others)
    • X.509 is the standard format
    • Details like serial number, version, algorithm, issuer, alternate names, key, extensions, etc.
    • Root certificates (of CAs) must be trusted
    • Third-party CAs may be installed in the computer, operating system or browser store
    • Revoke via Certificate Revocation List (CRL) on the CA or dedicated space
  • Certificate signing request (CSR)
    • Information and public key are used to create CSR
    • CA validates identity
    • CA signs the certificate with its own private key
    • CA sends back the signed certificate to applicant
  • Online Certificate Status Protocol (OCSP)
    • Better scalability for OCSP checks than CRL
    • OCSP response contains less data so it puts less burden on network and client resources.
    • OCSP responder may return a signed response signifying that the certificate specified in the request is ‚good‘, ‚revoked‘, or ‚unknown‘. If it cannot process the request, it may return an error code.

Threats, Vulnerabilities, and Mitigations

Compare and contrast common threat actors and motivations.

Nation stateExternalExtensiveVery high
UnskilledExternalLimitedVery low
HacktivistExternalSome foundingCan be high
Insider threatInternalMany resourcesMedium
Organized crimeExternalOften extensiveVery high
Shadow ITInternalMany resourcesLimited

Explain common threat vectors and attack surfaces.

Attack vectors

  • Message based (SMS, Mail, Text and often used for phishing or spam)
  • Image based (SVG = XML = Embedded HTML or JS possible)
  • File based (Malware, embedded into other file types like archives or PDF)
  • Voice calls (Vishing, spam, DOS)
  • Removable files (USB stick, malware, virtual keyboard, data exfiltration)
  • Vulnerable software
  • Insecure networks (WiFi, missing NAC)
  • Open network ports
  • Default credentials
  • Supply chain (underlying infrastructure or software, source code, MSP)


  • Typosquatting
    • URL hijacking by missspelling
  • Pretexting
    • Create a trap, lying, making up stories or drama
    • Example: Microsoft support calling because of malware
    • May lead to impersonation
  • Vishing
    • Voice phishing
  • Smishing
    • SMS phishing
  • Other
    • Fake check scam
    • Phone verification scam
    • CEO scam


  • Impersonation
    • Pretend to be someone else, trustworthy
    • Overload with details and complex topics
  • Eliciting information
    • Extract information from the victim
    • Often used with vishing
  • Identity fraud
    • Identity or credit card stolen and abused
    • Also bank fraud

Watering Hole Attacks

  • Attacker can’t get into your network
  • Attacker „poisons“ the water
  • He waits where you will go to/invite you to a infected place
    • Infected website
    • Attacks on third party before you (may hit other targets)
  • Defense-in-depth
    • Layered defense (firewall, IPS, AV)
    • Also look at the waterholes

Other Social Engineering Attacks

  • Misinformation
    • Create fake users
    • Create content
    • Post on social media
    • Amplify message
    • Real users share the message
    • Mass media picks up the story
  • Brand impersonation

Explain various types of vulnerabilities.

Given a scenario, analyze indicators of malicious activity

Explain the purpose of mitigation techniques used to secure the enterprise.

Security Architecture

Compare and contrast security implications of different architecture models.

Given a scenario, apply security principles to secure enterprise infrastructure.

Compare and contrast concepts and strategies to protect data.

Explain the importance of resilience and recovery in security architecture.

Security Operations

Given a scenario, apply common security techniques to computing resources.

Explain the security implications of proper hardware, software, and data asset management.

Explain various activities associated with vulnerability management.

Explain security alerting and monitoring concepts and tools.

Given a scenario, modify enterprise capabilities to enhance security.

Given a scenario, implement and maintain identity and access management.

Explain the importance of automation and orchestration related to secure operations.

Explain appropriate incident response activities.

Given a scenario, use data sources to support an investigation.

Security Program Management and Oversight

Summarize elements of effective security governance.

Security policies

  • Acceptable Use Policies (AUP)
    • How to use assets, how to not
    • Usage of internet, phone mail
  • Business continuity
    • Plan for worst case, workarounds for disaster
    • How to keen business running
  • Disaster recovery plan
    • How to keep IT running or get back online
    • Restore of systems, data, IT and applications
    • Backup datacenter
  • Security incidents
    • Policies and next steps after breach or potential infection
    • Plan against DDoS or data loss
  • Incident response lifecycle
    1. Preparation
    2. Detection and analysis
    3. Containment, eradication and recovery
    4. Post-incident activity


  • Incident response team (tech)
  • IT security management (organization, support)
  • Compliance officers (knows the rules and process)
  • Technical staff (tech)
  • User community

Governance structures

  • Governance
    • Overall complex system or framework of processes, functions, structures, rules, laws and norms
  • Board
    • Panel of specialists
    • Sets tasks for committees
  • Committees
    • Subject-matter experts
    • Considers input from the board
    • Presents the results to the board

Security Procedures

  • Security orchestration, automation, and response (SOAR)
    • Primarily focuses on threat management, security operations automation, and security incident responses.
    • SOAR platforms can instantly assess, detect, intervene, or search through incidents and processes without the consistent need for human interaction.
    • Playbooks

Explain elements of the risk management process.

  • Risk assessments
    • One-time – Project, acquisition, installation, new threats
    • Continuous – Process, change management
    • Ad hoc – One specific purpose, new attack type
    • Recurring – Standard (internal or mandated) intervals
    • Other examples: Pentest


  • Life
  • Property
  • Safety
  • Finance

Risk level matrix

Almost certainMediumMediumHighExtremeExtreme

Risk appetite

  • Risk-taking deemed acceptable
  • Threshold before actions are taken
  • Posture: Conservative, neutral, expansionary
  • Tolerance: How much above threshold will be tolerated

Risk Management Strategies

  • Accept with exemption – You can’t follow the rules
  • Accept with exception – You need more time and do it then
  • Avoid
  • Mitigate

Third-party risk

  • Risk-assessment for third party
  • Use contracts to enforce secure environment (right-to-audit clauses)

Explain the processes associated with third-party risk assessment and management.


  • Rules of engagement – Purpose, scope, time, place, IP addresses, contacts, processes, devices, applications, etc.

Vendor selection process

  • Due diligence – Investigation or exercise of care that a reasonable business or person is normally expected to take before entering into an agreement or contract with another party or an act with a certain standard of care.
    • Financial status, pending legal issues, background checks, interviews
  • Conflict of interest – A situation in which a person or organization is involved in multiple interests, financial or otherwise, and serving one interest could involve working against another.
  • Vendor monitoring – Ongoing monitoring and management of vendor relationship.

Summarize elements of effective security compliance.

Regulatory compliance

  • SOX – Sarbanes-Oxley Act – Law that mandates certain practices in financial record keeping and reporting for corporations.
  • HIPAA – Health Insurance Portability and Accountability Act – Healthcare standards for care information
    • Class 6 Felony – 50.000$ or 1 year prison
    • Class 5 Felony – 100.000$ or 5 years in prison (false pretense)
    • Class 4 Felony – 250.000$ or 10 years in prison (intent)
  • GLBA Gramm–Leach–Bliley Act – Disclosure of privacy information from financial institutions

Explain types and purposes of audits and assessments.

Given a scenario, implement security awareness practices.



  • AAA Authentication, Authorization, and Accounting
  • ACL Access Control List
  • AES Advanced Encryption Standard
  • AH Authentication Header
  • AI Artificial Intelligence
  • AIS Automated Indicator Sharing
  • ALE Annualized Loss Expectancy
  • AP Access Point
  • API Application Programming Interface
  • APT Advanced Persistent Threat
  • ARO Annualized Rate of Occurrence
    • How often will it occur?
  • ARP Address Resolution Protocol
  • ASLR Address Space Layout Randomization
  • ATT&CK Adversarial Tactics, Techniques, and Common Knowledge
  • AUP Acceptable Use Policy
  • AV Antivirus
  • Annual Rate of Occurence (ARO)
    • Propability of negative events
  • API
  • Asset value (AV)
    • Value of the asset including cost, effects, fines, etc.


  • BASH Bourne Again Shell
  • BCP Business Continuity Planning
  • BGP Border Gateway Protocol
  • BIA Business Impact Analysis
  • BIOS Basic Input/Output System
  • BPA Business Partners Agreement
    • How to handle owner stake, finances, decision making process, financial issues
  • BPDU Bridge Protocol Data Unit
  • BYOD Bring Your Own Device


  • CA Certificate Authority
  • CAPTCHA Completely Automated Public Turing Test to Tell Computers and Humans Apart
  • CAR Corrective Action Report
  • CASB Cloud Access Security Broker
  • CBC Cipher Block Chaining
  • CCMP Counter Mode/CBC-MAC Protocol
  • CCTV Closed-circuit Television
  • CERT Computer Emergency Response Team
  • CFB Cipher Feedback
  • CEO
  • CHAP Challenge Handshake Authentication
  • Protocol
  • CIA Confidentiality, Integrity, Availability
  • CIO Chief Information Officer
  • CIRT Computer Incident Response Team
  • CMS Content Management System
  • COOP Continuity of Operation Planning
  • COPE Corporate Owned, Personally Enabled
  • CP Contingency Planning
  • CRC Cyclical Redundancy Check
  • CRL Certificate Revocation List
  • CSO Chief Security Officer
  • CSP Cloud Service Provider
  • CSR Certificate Signing Request
  • CSRF Cross-site Request Forgery
  • CSU Channel Service Unit
  • CTM Counter Mode
  • CTO Chief Technology Officer
  • CVE Common Vulnerability Enumeration
  • CVSS Common Vulnerability Scoring System
  • CYOD Choose Your Own Device


  • Data Loss Prevention (DLP)
  • Denial of Service (DoS)
  • Distributed Denial of Service (DDoS)
  • DAC Discretionary Access Control
  • DBA Database Administrator
  • DDoS Distributed Denial of Service
  • DEP Data Execution Prevention
  • DES Digital Encryption Standard
  • DHCP Dynamic Host Configuration Protocol
  • DHE Diffie-Hellman Ephemeral
  • DKIM DomainKeys Identified Mail
  • DLL Dynamic Link Library
  • DLP Data Loss Prevention
  • DMARC Domain Message Authentication Reporting and Conformance
  • DNAT Destination Network Address Translation
  • DNS Domain Name System
  • DoS Denial of Service
  • DPO Data Privacy Officer
  • DRP Disaster Recovery Plan
  • DSA Digital Signature Algorithm
  • DSL Digital Subscriber Line


  • Exposure factor (EF)
    • Percentage of the value lost due to an incident (0 – 1)
    • 0 = 0%
    • 1 = 100%
  • EAP Extensible Authentication Protocol
  • ECB Electronic Code Book
  • ECC Elliptic Curve Cryptography
  • ECDHE Elliptic Curve Diffie-Hellman Ephemeral
  • ECDSA Elliptic Curve Digital Signature Algorithm
  • EDR Endpoint Detection and Response
  • EFS Encrypted File System
  • ERP Enterprise Resource Planning
  • ESN Electronic Serial Number
  • ESP Encapsulated Security Payload


  • File Integrity Monitoring (FIM)
  • FACL File System Access Control List
  • FDE Full Disk Encryption
  • FPGA Field Programmable Gate Array
  • FRR False Rejection Rate
  • FTP File Transfer Protocol
  • FTPS Secured File Transfer Protocol


  • GCM Galois Counter Mode
  • GDPR General Data Protection Regulation
  • GPG Gnu Privacy Guard
  • GPO Group Policy Object
  • GPS Global Positioning System
  • GPU Graphics Processing Unit
  • GRE Generic Routing Encapsulation


  • Hardware Security Module (HSM)
  • HA High Availability
  • HDD Hard Disk Drive
  • HIDS Host-based Intrusion Detection System
  • HIPS Host-based Intrusion Prevention System
  • HMAC Hashed Message Authentication Code
  • HOTP HMAC-based One-time Password
  • HTML Hypertext Markup Language
  • HTTP Hypertext Transfer Protocol
  • HTTPS Hypertext Transfer Protocol Secure
  • HVAC Heating, Ventilation Air Conditioning
  • HIPAA – Health Insurance Portability and Accountability Act


  • IoC
  • IPS
  • IaaS Infrastructure as a Service
  • IaC Infrastructure as Code
  • IAM Identity and Access Management
  • ICMP Internet Control Message Protocol
  • ICS Industrial Control Systems
  • IDEA International Data Encryption Algorithm
  • IDF Intermediate Distribution Frame
  • IdP Identity Provider
  • IDS Intrusion Detection System
  • IEEE Institute of Electrical and Electronics
  • Engineers
  • IKE Internet Key Exchange
  • IM Instant Messaging
  • IMAP Internet Message Access Protocol
  • IoC Indicators of Compromise
  • IoT Internet of Things
  • IP Internet Protocol
  • IPS Intrusion Prevention System
  • IPSec Internet Protocol Security
  • IR Incident Response
  • IRC Internet Relay Chat
  • IRP Incident Response Plan
  • ISO International Standards Organization
  • ISP Internet Service Provider
  • ISSO Information Systems Security Officer
  • IV Initialization Vector


  • KDC Key Distribution Center
  • KEK Key Encryption Key


  • L2TP Layer 2 Tunneling Protocol
  • LAN Local Area Network
  • LDAP Lightweight Directory Access Protocol
  • LEAP Lightweight Extensible Authentication Protocol


  • Mean Time Between Failures (MTBF)
    • Time between outages – total uptime divided by number of breakdowns
  • Mean Time to Repair (MTTR)
    • Average time, including analysis, to fix an issue
  • Memorandum of Understanding (MOU)
    • General common goals of two parties, not signed
    • More like a letter of intent
  • MaaS Monitoring as a Service
  • MAC Mandatory Access Control
  • MAC Media Access Control
  • MAC Message Authentication Code
  • MAN Metropolitan Area Network
  • MBR Master Boot Record
  • MD5 Message Digest 5
  • MDF Main Distribution Frame
  • MDM Mobile Device Management
  • MFA Multifactor Authentication
  • MFD Multifunction Device
  • MFP Multifunction Printer
  • ML Machine Learning
  • MMS Multimedia Message Service
  • MOA Memorandum of Agreement
    • Next step above MOU
    • Legal document, but not a contract
  • MPLS Multi-protocol Label Switching
  • MSA Master Service Agreement
    • Used together with SOW
    • Legal contract and agreement of terms
    • Broad framework to cover later transactions or projects
    • (Rahmenvertrag)
  • MSCHAP Microsoft Challenge Handshake Authentication Protocol
  • MSP Managed Service Provider
  • MSSP Managed Security Service Provider
  • MTBF Mean Time Between Failures
    • Mean time between outages (or problems)
    • Based on historical data
    • Plan for outages or replacement
  • MTTF Mean Time to Failure
  • MTTR Mean Time to Recover
    • Average time (all steps) to fix an issue
  • MTU Maximum Transmission Unit


  • NAC Network Access Control
  • NAT Network Address Translation
  • NDA Non-disclosure Agreement
    • Protects trade secrets, business activities, protected information
    • Unilateral, bilateral or multilateral possible
    • Signed contract
  • NFC Near Field Communication
  • NGFW Next-generation Firewall
  • NIDS Network-based Intrusion Detection System
  • NIPS Network-based Intrusion Prevention System
  • NIST National Institute of Standards & Technology
  • NTFS New Technology File System
  • NTLM New Technology LAN Manager
  • NTP Network Time Protocol


  • OCSP
  • OAUTH Open Authorization
  • OCSP Online Certificate Status Protocol
  • OID Object Identifier
  • OS Operating System
  • OSINT Open-source Intelligence
  • OSPF Open Shortest Path First
  • OT Operational Technology
  • OTA Over the Air
  • OVAL Open Vulnerability Assessment Language


  • Policy Decision Point (PDP)
    • System in control plane, that consists of Policy Engine and Policy Administrator
    • Used in zero trust network
  • Policy Enforcement Point (PEP)
    • System in data plane, that allows, monitors and terminates connections
    • Used in zero trust network
  • P12 PKCS #12
  • P2P Peer to Peer
  • PaaS Platform as a Service
  • PAC Proxy Auto Configuration
  • PAM Privileged Access Management
  • PAM Pluggable Authentication Modules
  • PAP Password Authentication Protocol
  • PAT Port Address Translation
  • PBKDF2 Password-based Key Derivation Function 2
  • PBX Private Branch Exchange
  • PCAP Packet Capture
  • PCI DSS Payment Card Industry Data Security Standard
  • PDU Power Distribution Unit
  • PEAP Protected Extensible Authentication Protocol
  • PED Personal Electronic Device
  • PEM Privacy Enhanced Mail
  • PFS Perfect Forward Secrecy
  • PGP Pretty Good Privacy
  • PHI Personal Health Information
  • PII Personally Identifiable Information
  • PIV Personal Identity Verification
  • PKCS Public Key Cryptography Standards
  • PKI Public Key Infrastructure
  • POP Post Office Protocol
  • POTS Plain Old Telephone Service
  • PPP Point-to-Point Protocol
  • PPTP Point-to-Point Tunneling Protocol
  • PSK Pre-shared Key
  • PTZ Pan-tilt-zoom
  • PUP Potentially Unwanted Program


  • Radio Frequency Identification (RFID)
  • Recovery Time Objective (RTO)
  • Recovery Point Objective (RPO)
  • Remote Desktop Protocol (RDP)
  • RA Recovery Agent
  • RA Registration Authority
  • RACE Research and Development in Advanced
  • random number generator (RNG)
  • Communications Technologies in Europe
  • RAD Rapid Application Development
  • RADIUS Remote Authentication Dial-in User Service
  • RAID Redundant Array of Inexpensive Disks
  • RAS Remote Access Server
  • RAT Remote Access Trojan
  • RBAC Role-based Access Control
  • RBAC Rule-based Access Control
  • RC4 Rivest Cipher version 4
  • RDP Remote Desktop Protocol
  • RFID Radio Frequency Identifier
  • RIPEMD RACE Integrity Primitives Evaluation
  • Message Digest
  • ROI Return on Investment
  • RPO Recovery Point Objective
    • How much damage or data loss is acceptable to bring the systems back online with?
  • RSA Rivest, Shamir, & Adleman
  • RTBH Remotely Triggered Black Hole
  • RTO Recovery Time Objective
    • How long until the business or infrastructure is back online?
  • RTOS Real-time Operating System
  • RTP Real-time Transport Protocol
  • ROE – Rules of engagement: Purpose and scope of risk assessment or pentest


  • Secure Shell (SSH)
  • SIM
  • Simple Network Management Protocol (SNMP)
  • Structured Query Language (SQL)
    • Relational database management system language
  • Security Information and Event Management (SIEM)
  • Security Orchestration, Automation and Response (SOAR)
  • SSL
  • S/MIME Secure/Multipurpose Internet Mail Extensions
  • SaaS Software as a Service
  • SAE Simultaneous Authentication of Equals
  • SAML Security Assertions Markup Language
  • SAN Storage Area Network
  • SAN Subject Alternative Name
  • SASE Secure Access Service Edge
  • SCADA Supervisory Control and Data Acquisition
  • SCAP Security Content Automation Protocol
  • SCEP Simple Certificate Enrollment Protocol
  • SD-WAN Software-defined Wide Area Network
  • SDK Software Development Kit
  • SDLC Software Development Lifecycle
  • SDLM Software Development Lifecycle Methodology
  • SDN Software-defined Networking
  • SE Linux Security-enhanced Linux
  • SED Self-encrypting Drives
  • SEH Structured Exception Handler
  • SFTP Secured File Transfer Protocol
  • SHA Secure Hashing Algorithm
  • SHTTP Secure Hypertext Transfer Protocol
  • SIEM Security Information and Event Management
  • SIM Subscriber Identity Module
  • SLA Service-level Agreement
    • Minimum terms for services provided like uptime, response time, etc.
  • SLE Single Loss Expectancy
    • Monetary loss if single event occurs?
    • SLE = Asset value (AV) x Exposure Factor (EF)
  • SMS Short Message Service
  • SMTP Simple Mail Transfer Protocol
  • SMTPS Simple Mail Transfer Protocol Secure
  • SNMP Simple Network Management Protocol
  • SOAP Simple Object Access Protocol
  • SOAR Security Orchestration, Automation, Response
  • SoC System on Chip
  • SOC Security Operations Center
  • SOW Statement of Work
    • Used together with a MSA
    • Details the scope of job and location, acceptance criteria, schedules
    • Measure if the job was done properly
    • (Leistungsbeschreibung)
  • SPF Sender Policy Framework
  • SPIM Spam over Internet Messaging
  • SQL Structured Query Language
  • SQLi SQL Injection
  • SRTP Secure Real-Time Protocol
  • SSD Solid State Drive
  • SSH Secure Shell
  • SSL Secure Sockets Layer
  • SSO Single Sign-on
  • STIX Structured Threat Information eXchange
  • SWG Secure Web Gateway


  • TACACS+ Terminal Access Controller Access Control System
  • TAXII Trusted Automated eXchange of Indicator Information
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • TGT Ticket Granting Ticket
  • TKIP Temporal Key Integrity Protocol
  • TLS Transport Layer Security
  • TOC Time-of-check
  • TOTP Time-based One-time Password
  • TOU Time-of-use
  • TPM Trusted Platform Module
  • TTP Tactics, Techniques, and Procedures
  • TSIG Transaction Signature


  • UAT User Acceptance Testing
  • UAV Unmanned Aerial Vehicle
  • UDP User Datagram Protocol
  • UEFI Unified Extensible Firmware Interface
  • UEM Unified Endpoint Management
  • UPS Uninterruptable Power Supply
  • URI Uniform Resource Identifier
  • URL Universal Resource Locator
  • USB Universal Serial Bus
  • USB OTG USB On the Go
  • UTM Unified Threat Management
  • UTP Unshielded Twisted Pair


  • VBA Visual Basic
  • VDE Virtual Desktop Environment
  • VDI Virtual Desktop Infrastructure
  • VLAN Virtual Local Area Network
  • VLSM Variable Length Subnet Masking
  • VM Virtual Machine
  • VoIP Voice over IP
  • VPC Virtual Private Cloud
  • VPN Virtual Private Network
  • VTC Video Teleconferencing


  • WAF Web Application Firewall
  • WAP Wireless Access Point
  • WEP Wired Equivalent Privacy
  • WIDS Wireless Intrusion Detection System
  • WIPS Wireless Intrusion Prevention System
  • WO Work Order
  • WPA Wi-Fi Protected Access
  • WPS Wi-Fi Protected Setup
  • WTLS Wireless TLS


  • XDR Extended Detection and Response
  • XML Extensible Markup Language
  • XOR Exclusive Or
  • XSRF Cross-site Request Forgery
  • XSS Cross-site Scripting

See also

Schreiben Sie einen Kommentar

Ihre E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahren Sie mehr darüber, wie Ihre Kommentardaten verarbeitet werden .

Table of Contents