16. Lesson Conclusion
Lesson Conclusion
ND545 C1 L3 15 Lesson Conclusion
Lesson Summary
In this lesson, you learned a little bit about how to think like a hacker. We covered the Hacking Lifecycle, Vulnerability Management, and Threats, Attacks, and Exploits.
By now, you should be able to:
- categorize assets, risks, threats, vulnerabilities, exploits
- identify different types of vulnerabilities in a system
- identify the categories of a cyber threat
- determine the phase of a cyber attack
- and recognize common exploits
Glossary
- Asset: A major application, general support system, high impact program, physical plant, mission-critical system, personnel, equipment, or a logically related group of systems.
- Vulnerability: Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat.
- Threat: Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
- Exploit: A hardware or software tool designed to take advantage of a flaw in a computer system, typically for malicious purposes such as installing malware.
- Risk: A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence.
- Attack: Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.
- Penetration Testing: A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of an information system.
Source: https://csrc.nist.gov/glossary/
Further research
- MITRE Common Vulnerabilities and Enumeration - https://cve.mitre.org
- NIST National Vulnerability Database - https://nvd.nist.gov/general
- MITRE ATT&CK Framework - https://attack.mitre.org/
- The Jargon File contains a more thorough explanation of the hacking lifecycle including a comprehensive glossary of hacking terms.