Social Engineering
This social engineering tactic involves an unauthorized individual following an authorized person through a secure entry point.
What is tailgating (or piggybacking)?
This three-letter acronym stands for any health-related information, such as medical records or diagnoses, that can be used to identify a patient.
What is Protected Health Information (PHI)?
This acronym refers to unclassified information created or possessed by the government that, while not classified, still requires safeguarding and dissemination controls.
What is Controlled Unclassified Information (CUI)?
This is a method of cybersecurity that protects against unauthorized access to facilities, equipment, and resources.
What is physical security?
True/False:
It is acceptable to OPORDS, STRATCOMs, WARNOs into into ChatGPT?
False
This social engineering technique involves creating a fabricated scenario or story to trick a victim into divulging information or performing an action, often by impersonating someone in authority or with a legitimate need for the information.
What is pretexting?
This 1996 U.S. law establishes national standards to prevent the disclosure of sensitive patient data and individually identifiable health information without the patient's consent or knowledge.
What is the Health Insurance Portability and Accountability Act (HIPAA)?
Name the color used at the top/bottom of CUI documents:
What is purple?
These can include biometric scanners, keycard systems, and security guards, all designed to control who can enter a secure area.
What are access control mechanisms?
This attack method relies on human curiosity, often involving an attacker leaving a malware-infected physical device, such as a USB flash drive, in a public place for an unsuspecting victim to find and use.
What is baiting?
These are typically considered the most critical type of PII, as they can directly lead to identity theft or financial fraud, and include data like Social Security numbers, driver's license numbers, or financial account information.
What is sensitive PII?
True/False:
MS Teams can be used for CUI discussions.
True
This type of environmental control system is crucial in data centers to prevent hardware damage and ensure optimal performance by regulating temperature and humidity.
What are HVAC (Heating, Ventilation, and Air Conditioning) systems?
In this sophisticated attack, the perpetrator doesn't initiate contact. Instead, they manipulate a situation, causing a technical problem and position themselves as the authority to solve it, compelling the victim to seek them out and willingly offer information.
What is reverse social engineering?
Match the type of information with PII/PHI:
a. social security card
b. doctor's notes w/patient name, identifier
c. roster with name
d. patient's medical record
What is:
a. PII
b. PHI
c. n/a
d. PHI
True/False:
CUI materials can be taken home. The materials can be loosely carried in my work bag with no cover sheet.
False:
You can take CUI home. CUI documents must have a CUI cover sheet (SF901) and on top of material. It must be in an opaque envelope without CUI markings.
These physical barriers, ranging from fences to reinforced walls and mantraps, are designed to deter, delay, or detect unauthorized entry into sensitive areas.
Bonus: Name one barrier USARC uses
What are perimeter defenses?
Bonus: Bollards
In this attack, a perpetrator compromises a specific website or online service that they know their intended victims frequent, hoping to infect their computers when they visit this "trusted" location.
What is a watering hole attack?
While not unique on their own, these data points (zip code, gender, and date of birth), can be combined and cross-referenced with other data sources to re-identify individuals in what was thought to be an anonymous dataset.
What are quasi-identifiers?
True/False:
CUI is a classification marking, not a control marking.
False.
This is a U.S. government codename for a set of standards for limiting electromagnetic radiation emanations from electronic equipment to prevent eavesdropping and the reconstruction of sensitive data.
What is TEMPEST?