Physical Security
This physical security breach occurs when an unauthorized individual follows an authorized person into a restricted area or facility.
What is tailgating (or piggybacking)?
Name 2 Examples of Cyber Attacks
What are Phishing, Malware Attack, Hacking, Passwords Attack, DDOS Attack?
Primarily responsible for maintaining overall security posture of the systems within their organization.
Who is the Information System Security Manager (ISSM)?
This strategic security model eliminates the concept of implicit trust based on network location, requiring continuous verification of every user and device.
What is Zero Trust?
This term describes any observable occurrence in a system or network, such as a log entry or a door opening, which may or may not signify a breach of security policy.
What is a security event?
This is a specially accredited room or building where sensitive compartmented information can be stored, discussed, and processed securely.
What is a SCIF (Sensitive Compartmented Information Facility)?
The fraudulent practice of sending emails to reveal personal information (passwords, credit card numbers)
What is phishing?
Authorizes a system to operate based upon cybersecurity risk determination.
Who is the Authorizing Official (AO)?
This hardware-based security chip, typically integrated into a motherboard, provides a secure boot process and stores encryption keys.
What is a Trusted Platform Module (TPM)?
During this final phase of an incident response, the team reviews the event to identify areas for improvement in tools, training, or policy.
What is Lessons Learned?
This method of sanitization uses a strong magnetic field to completely erase data from magnetic media like hard drives or tapes.
What is degaussing?
In this type of attack, an adversary secretly intercepts and potentially alters the communication between two parties who believe they are directly communicating.
What is a Man-in-the-Middle (MitM) attack?
This individual has the ultimate organizational responsibility for a specific set of data, including deciding who has access to it and how it should be classified.
Who is the Data Owner?
This architectural method physically or logically isolates a secure network from all other networks, including the internet, to prevent data exfiltration.
What is an Air Gap or CRN
This term refers to the chronological documentation or paper trail that records the sequence of custody, control, and transfer of digital evidence.
What is the Chain of Custody?
This infamous worm was the first known malware specifically designed to cause physical damage to industrial hardware by manipulating PLC frequencies.
What is Stuxnet?
This specific type of spyware covertly records the keys struck on a keyboard, primarily used by adversaries to steal credentials.
What is a keylogger?
This role is responsible for the technical handling and storage of data, ensuring that the owner's security requirements (like backups and encryption) are enforced.
Who is the Data Custodian?
This core Zero Trust concept involves breaking down a network into granular, protected segments to prevent an adversary from moving laterally after an initial compromise.
What is microsegmentation?
This critical phase of the incident response lifecycle involves limiting the scope and magnitude of an ongoing cyber attack to prevent further damage.
What is containment?
This type of centralized system is used to monitor and control dispersed graphical assets like power grids, water treatment plants, and pipelines.
What is SCADA (Supervisory Control and Data Acquisition)?
This form of cybersquatting targets users who incorrectly enter a website address into their browser, redirecting them to a malicious, visually identical site designed to harvest credentials.
What is typosquatting (or URL hijacking)?
This officer is responsible for ensuring the organization complies with laws and regulations regarding the protection of sensitive personal data and non-mission PII.
Who is a Privacy Officer?
Zero Trust operates on this primary directive, which mandates that no user or device is trusted by default, regardless of whether they are inside or outside the network perimeter.
What is "Never Trust, Always Verify"?
This term describes a standardized, step-by-step set of predefined procedures used by security analysts to triage and respond to specific types of cyber threats.
What is a playbook (or runbook)?