Phishing
This is the goal of credential harvesting emails.
What is to get credentials/passwords?
What is ransomware?
This is the most common form of authentication.
What is a password?
This principle states that users should only have the access they need to complete essential job functions.
What is least privilege?
This simple action should be done every time you leave your workstation.
What is lock it/lock your computer?
This type of phishing involves phone calls rather than emails.
What is vishing?
This type of malware disguises itself as legitimate software to remain undetected.
What is a trojan?
Adding an additional requirement to authenticate yourself is known as this.
What is 2FA?
This common vulnerability occurs when user input is not properly sanitized.
What is SQL Injection?
These physical security tools record video of areas requiring protection.
What is a security camera/CCTV.
This type of phishing targets a specific executive or high level user.
What is whaling?
This type of malware detects and collects keystrokes on the compromised machine.
What is a keylogger?
What newly created internal document should everyone review to understand password requirements?
This security strategy involves a multi layered approach, so that if one layer fails there is another layer to get through.
What is defense in depth?
This seemingly innocent act involves holding open the door for someone when entering a secure area.
What is tailgating?
This attack prays on human emotions and attempts to manipulate users.
What is social engineering?
This type of malware spreads and replicates itself without user interaction.
What is a worm?
Authentication using your face or thumbprint is an example of this.
What is biometrics or biometric authentication?
This development practice integrates security into every step of the software development lifecycle.
What is DevSecOps?
This radio wave based technology is responsible for allowing most keycards to function, among many other purposes.
What is RFID, or radio frequency identification.
This tactic involves attackers using domains that look similar to real ones to trick users.
What is typosquatting?
This seven stage process explains how the typical malware attack progresses.
What is the cyber kill chain?
What are the three categories of authentication methods?
What is knowledge, possession, and inherence. Or something you know, something you have, and something you are.
This yearly list of the ten most critical web application security risks is a valuable resource for developers.
What is OWASP Top 10?
This often overlooked aspect of building ambiance is actually a key piece physical security controls.
What is lighting?