Security Policies and Implementation Issues
This practice involves ensuring that the actions of individual information system users can be uniquely tied to those individuals for accountability purposes.
What is Audit and Accountability?
This type of attack involves a hacker trying combinations from a pre-arranged list of values, often derived from words in a dictionary, against encrypted passwords.
What is an Offline Dictionary Attack?
This type of attack tries to learn or use information from a system without affecting its resources.
What is a Passive attack?
This term is used to describe a network of compromised computers used to perform coordinated attacks.
What is a Botnet?
These types of attackers initiate threats from outside the perimeter, like from the internet.
What are "outsiders" or "external attackers"?
These are detailed plans or recommendations which aim to control how a system or organization offers security services to safeguard sensitive resources.
What are Security Policies?
This attack relies on trying passwords like "123456" or "password" because of their common usage.
What is a Popular Password Attack?
This type of attack comes from someone who already has system access but uses it in a non-approved manner.
What is an Inside attack?
This attack involves an attacker intercepting communication between two parties without detection.
What is a Man-in-the-Middle (MitM) attack?
This principle advocates giving users the minimal levels of access needed for their tasks.
What is the Principle of Least Privilege (PoLP)?
The action of establishing and enforcing security configuration settings for IT products used within organizational information systems falls under this category.
What is Configuration Management?
In this attack, the intruder takes advantage of a momentarily unattended machine that is logged into a network or service.
What is Workstation Hijacking?
A measure considering both the adverse impacts of a potential circumstance and its chance of happening.
What is Risk?
A clandestine method of bypassing normal authentication to gain unauthorized control of a system.
What is Privilege Escalation?
The act of ensuring that data sent or received has not been altered during transit.
What is Data Integrity?
These plans are made to ensure the availability of critical information resources and continuity of operations in emergency scenarios.
What is Contingency Planning?
If an attacker knows the username of an administrator, they might employ this type of attack to break into their account.
What is a Specific Account Attack?
This term describes any situation or event with the potential to harm organizational operations through an information system.
What is Threat?
This is the term for when software or an application runs code from an untrusted source without the user's knowledge.
What is Code Injection?
This entity, often hierarchical, in Public Key Infrastructure (PKI) verifies the authenticity of digital certificates.
What is a Certificate Authority (CA)?
A system's vulnerability points, including open ports on servers, services inside a firewall, and employees susceptible to social engineering attacks, collectively form this concept.
What is an Attack Surface?
Due to the convenience, many users fall into the trap of password reuse, opening them up to this type of exploit.
What is Exploiting Multiple Password Use?
This term defines the action or intent by an individual or group to harm information systems or the data within.
What is an Attack?
Describing the practice of digitally eavesdropping on network communications, it's a pervasive threat on unsecured Wi-Fi networks.
What is Sniffing or Packet Sniffing?
This term describes the potential harm to a computer system's asset like corrupting, leaking, or making it unavailable.
What is Vulnerability?