Attackers be like...
A type of attack that tricks users into revealing credentials via fake emails or messages.
What is phishing?
This 3-letter term for a software flaw sounds like an uninvited guest at a summer picnic.
What is a bug?
Regular training to help recognize phishing emails and social engineering attempts.
What is security awareness training?
CIA triad.
What is Confidentiality, Integrity, and Availability?
An authentication method requiring two or more different verification factors.
What is Multi-Factor Authentication (MFA)?
A method of systematically trying many password combinations until the correct one is found.
What is a brute-force attack?
This attack consists of intercepting data between two people who think they are talking directly to each other.
What is a Man-in-the-Middle (MitM) attack?
The process of converting information into an unreadable format to protect it.
What is encryption?
You should never plug one of these 'found' items into your work computer, as they can be pre-loaded with malware that installs automatically.
What is a USB Drive?
The users only have the access strictly necessary to perform their job.
What is least privilege principle?
The 2017 global ransomware attack that affected hospitals and companies via a Windows vulnerability.
What was WannaCry?
This 'sweet' term refers to a computer system set up as a decoy to lure in hackers so security teams can study their methods.
What is a honeypot?
The process of identifying, evaluating, and prioritizing security risks.
What is risk management?
Dividing a network to limit lateral movement of attackers.
What is network segmentation?
Security model that assumes no user or device should be trusted by default, even inside the corporate network.
What is Zero Trust?
This attack involves injecting malicious scripts into web pages viewed by other users.
What is Cross-Site Scripting (XSS)?
This attack uses AI to create highly convincing fake audio, video, or images that impersonate individuals for malicious purposes.
What is deep fake?
The concept of using multiple security controls together so that if one fails, others still provide protection.
What is defense in depth?
Simulating controlled attacks to identify vulnerabilities before real attackers do.
What is penetration testing (pen testing)?
An attack where an attacker gains higher access rights than originally granted.
What is privilege escalation?
An attack that injects malicious code into a web application's input fields to manipulate a database.
What is SQL injection?
A type of attack where malicious code is hidden inside legitimate software updates or third-party components.
What is a supply chain attack?
The plans to maintain (or recover) the service online in case of disaster, interruption, or malfunction.
What are SCP and DRP?
A control that restricts responsibilities among different individuals to prevent conflicts of interest.
What is Segregation of Duties (SOD)?
This flaw occurs when a system fails to properly enforce user permissions, allowing an attacker to access unauthorized data or functionality.
What is Broken Access Control?