Information Security
A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes by removing or neutralizing the malicious code
What is Antivirus Software?
A mechanism that implements access control for a system resource by listing the identities of the system entities that are permitted to access the resource. Overlapping layers of protection put in place so that if one layer fails other layers succeed in protecting is known as....
What is an Access Control List (ACL)?
A digital form of social engineering to deceive individuals into providing sensitive information.
What is phishing?
An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception)
What are Advanced Persistent Threats?
A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized.
What is a firewall?
The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.
What is Data Breach?
The process of confirming the correctness of the claimed identity.
What is Authentication?
A technique relies on human trust to give the criminal physical access to a secure building or area.
What is tailgaiting?
An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.
What is an attack?
A list of entities that are considered trustworthy and are granted access or privileges.
What is a whitelist?
A technique to breach the security of a network or information system in violation of security policy.
What is an Exploit?
An organization that studies computer and network INFOSEC in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security.
What is a Computer Emergency Response Team (CERT)?
The use or urgent voice mails convince victims they need to act quickly to protect themselves from arrest or other risk.
What is Vishing?
An unauthorized user who attempts to or gains access to an information system.
What is a hacker?
A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.
What is a worm?
An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations. The evidence of daily decisions and operations within DOI and its bureaus/offices.
What is a passive attack?
The principle of allowing users or applications the least amount of permissions necessary to perform their intended function.
What is Least Privilege?
An email that is used to carry out targeted attacks against individuals or businesses.
What is spear-phishing?
One or more individuals with the access and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity's security, systems, services, products, or facilities with the intent to cause harm.
What is an insider threat?
The most widely-installed LAN technology. Specified in a standard, IEEE 802.3, an Ethernet LAN typically uses coaxial cable or special grades of twisted pair wires. Devices are connected to the cable and compete for access using a CSMA/CD protocol. The contents of electronic documents that can carry out or trigger actions automatically, on a computer platform, without the intervention of a user. Active content includes built in macro processing, scripting languages, or virtual machines. A significant share of today’s malware involves this type of programs.
What is Ethernet?
Cryptographic transformation of data (called "plaintext") into a form (called "cipher text") that conceals the data's original meaning to prevent it from being known or used.
What is encryption?
The process by which risks are identified and the impact of those risks determined.
What is Risk Assessment?
The use of a false identity to trick victims into giving up information.
What is Pretexting?
A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard.
What is a vulnerability?
A network point that acts as an entrance to another network.
What is a Gateway?