Misc.
Physical Security
Cyber Attacks
The Enemy
Internet
100

What is the method of access control by which users must present multiple, separate pieces of identification, such as a password and keycard, in order to access a system?

Multi-Factor Authentication (MFA)

100
A necessary process to limit the kinds of hardware and software which minimizes the number of different vulnerabilities and reduces exposure to security weaknesses.
What is Standardization?
100

You bring your laptop to a local restaurant. Without your knowledge, the customer at the table behind you watches you log in to your email, thereby learning your username and password. What is this type of attack called?

Shoulder surfing

100
The weakest link in every computer system. The one person who can through thoughtlessness, unawareness or accident, cause loss of work products through deletion, corruption or improperly safeguarding data.
Who are you? (Who am I?)
100
A program, script, macro or other portable instruction, that can be shipped unchanged to a variety of platforms and executed with the same result. Some of the most common forms of mobile code are JavaScript, Asynchronous JavaScript and eXtended Markup Language (XML) or AJAX, Java applets, ActiveX, and Flash. It is being adapted to run on cell phones, PDAs, and other devices.
What is Mobile Code?
200

This core principle of information security ensures information is not accidentally or maliciously changed.

Integrity

200
The list of computers, laptops, software, equipment owned by an organization.
What is Inventory?
200

What is the term for harmful software that seeks to damage or exploit the machines that run it?

Malware

200
Is the risk presented to an organization by current or past employees who have knowledge of how the organization works and what and where the most valuable (damaging) information might reside.
What is Insider threat?
200
Easily readable programs that automate or provide extra function on a computer system or in an application or browser. ActiveX and JavaScript are examples of this type of language.
What is Scripting? (or Scripting Code or Scripting Language)
300

This core principle of information security ensures systems, networks and devices needed to protect data are up and running.

Availability

300
The use of personality, inowledge of human nature and social skills to steal passwords, keys tokens or other credentials to gain access to systems.
What is Social Engineering?
300

An attacker goes to a local coffee shop and creates a wireless network using the shop's name, hoping unsuspecting customers will log on. What is this type of attack called?

Spoofing

300
These are well run groups of crooks who methodically look for computer vulnerabilities to steal large numbers of financial or credit card accounts for financial profit.
Who are organized crime groups?
300
A type of a program that takes scripting language and reads it so it can be acted on by a browser or an application. These are found in almost all operating systems, web browsers and many commercial off the shelf application programs.
What is an Interpreter?
400

This is the process of evaluating vulnerabilities and threats, identifying countermeasures, and applying mitigating actions to reduce risk to an acceptable level, based on the value of the information.

Risk Management

400
30-50% of all data loss due to the people already within the organization.
What is Insider Threat?
400

After clicking an advertisement on an unsecure website, your computer freezes. A message appears, demanding you pay a certain amount of money to unlock your computer. What is this type of attack called?

Ransomware

400
They are structured groups funded by other governments and dedicated to mapping out the internet addresses for the purpose of espionage and possible computer attacks.
What is state sponsored hacking?
400
The contents of electronic documents that can carry out or trigger actions automatically, on a computer platform, without the intervention of a user. Active content includes built in macro processing, scripting languages, or virtual machines. A significant share of today’s malware involves this type of programs.
What is Active Content?
500

This core principle of information security ensures information is only available to authorized persons.

Confidentiality

500
Overlapping layers of protection put in place so that if one layer fails other layers succeed in protecting is known as....
What is Defense in Depth?
500

A scammer creates a fake email and sends it to thousands of people, hoping some of them will click on a link and give up their personal information. What is this type of attack called?

Phishing

500
They are people who traditionally tried to gain access to computers remotely to learn more and for intellectual curiosity. Currently, they only make up 17% of computer intrusions.
Who are hackers?
500
A program that is designed only to read Hyper Text Markup Language (HTML) web pages downloaded from Internet websites. They can have helpers or add-on functions incorporated by using interpreters to read the additional instructions and provide different web content types. Internet Explorer, Firefox and Safari are examples of these.
What is a browser? (or web browser)
M
e
n
u