Cyber Security

Information

Physical Security

Availability

The Enemy

Scary Stuff

100

Random seemingly unrelated facts, numbers, words or statistics.

What is Data?

100

Overlapping layers of protection put in place so that if one layer fails other layers succeed in protecting is known as....

What is Defense in Depth?

100

To apply or maintain permissions to prevent an account from getting information they are not authorized to see while making the information available to those who are authorized.

What is Access Control?

100

They are people who traditionally tried to gain access to computers remotely to learn more and for intellectual curiosity. Currently, they only make up 17% of computer intrusions.

Who are hackers?

100

software designed to harm devices or networks

Malware

200

Data compiled into documents, maps, charts, and other forms of information gives assets dollar _____________

What is Value?

200

The list of computers, laptops, software, equipment owned by an organization.

What is Inventory?

200

An identifier that uniquely tracks actions to individuals.

What is an Account? (or Login ID)

200

Is the risk presented to an organization by current or past employees who have knowledge of how the organization works and what and where the most valuable (damaging) information might reside.

What is Insider threat?

200

Malicious code written to interfere with computer operations and cause damage to data and software.

What is a virus

300

Any combination of your name, your home address or phone number, credit card or account numbers or social security number.

What is PII? (or Personally Identifiable Information)

300

The use of personality, inowledge of human nature and social skills to steal passwords, keys tokens or other credentials to gain access to systems.

What is Social Engineering?

300

Functional managers classify data and grant approval to those whose jobs require access to the information.

Who are Data Managers?

300

These are well run groups of crooks who methodically look for computer vulnerabilities to steal large numbers of financial or credit card accounts for financial profit.

Who are organized crime groups?

300

Malware that can duplicate and spread itself across systems on its own

What is a worm?

400

The evidence of daily decisions and operations within DOI and its bureaus/offices.

What are Federal Records?

400

30-50% of all data loss due to the people already within the organization.

What is Insider Threat?

400

As a result of the VA breach in 2006 where PII of over a million veterans was lost, it is now a requirement to delete all sensitive data extracts on individual computers after this number of days.

What is 90 days?

400

They are structured groups funded by other governments and dedicated to mapping out the internet addresses for the purpose of espionage and possible computer attacks.

What is state sponsored hacking?

400

A malicious attack where threat actors encrypt an organization's data and demand payment to restore access

What is Ransomware?

500

A legal notification directing you or the bureau/office to preserve any documentary material that may berelevant to a pending or foreseable lawsuit or administrative adjudication.

What is Litigation Hold?

500

A necessary process to limit the kinds of hardware and software which minimizes the number of different vulnerabilities and reduces exposure to security weaknesses.

What is Standardization?

500

It is a word or phrase that verifies that you and only you had access to the account.

What is a Password?

500

The weakest link in every computer system. The one person who can through thoughtlessness, unawareness or accident, cause loss of work products through deletion, corruption or improperly safeguarding data.

Who are you? (Who am I?)

500

Describe Social engineering and name 2 examples

Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. Human error is usually a result of trusting someone without question. It’s the mission of a threat actor, acting as a social engineer, to create an environment of false trust and lies to exploit as many people as possible.

Some of the most common types of social engineering attacks today include:

Social media phishing: A threat actor collects detailed information about their target from social media sites. Then, they initiate an attack.
Watering hole attack: A threat actor attacks a website frequently visited by a specific group of users.
USB baiting: A threat actor strategically leaves a malware USB stick for an employee to find and install, to infect a network.
Physical social engineering: A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.