Social Engineering
This item, often found on a desk, should be kept covered when not in use. If left exposed, it may reveal sensitive personal data such as Social Security Numbers, Dates of Birth, or Department of Defense identifiers.
What is Personally Identifiable Information (PII)?
This item should be posted in user's workspace. It provides instructions to follow in case of a cyber incident.
What is the Cybersecurity Incident Reporting Aid?
A current or former USARC employee who intentionally misuses their access to harm the organization, steal data, or sabotage systems.
Who is an insider threat?
Contains 8-12 minimum characters including a mixture of letters, numbers, and special characters. Cannot be previously used.
What is a strong password?
This device meets DoD standards and is NSA-compliant. It's designed to have cross-cut teeth and used to destroy classified or sensitive information.
What is an authorized shredder?
This sneaky practice involves peeking at someone’s computer screen from behind or the side, often without their knowledge, in an attempt to gather personal or sensitive information.
What is shoulder surfing?
This type of software is secretly installed on a user’s system; often via email attachments or compromised websites. The intent is to steal sensitive information or cause harm to computer systems.
What is malware?
This behavior includes: trying to access systems or data outside the scope of their job responsibilities, obtaining sudden wealth, or working non-scheduled hours.
What is are indicators of a potential insider threat?
A tool that can help users generate and store complex and unique passwords for their accounts. No more guessing and locked-out accounts.
What is a password manager?
This device is compact and can flip, fold, slide, but never bend. It is often seen paired with a partner after works hours and used for entertainment.
What is a cell phone?
This deceptive tool is scanned using a phone’s camera. Cybercriminals embed malicious code within it to redirect users to fake websites, aiming to steal sensitive data or install malware.
What is QR code?
This type of cyber attack overwhelms a system, server, or network traffic, rendering it unavailable to legitimate users.
What is a Distributed Denial-of-Service (DDoS) attack?
Risk posed by an individual at USARC who may unintentionally compromise security through actions such as mishandling data, engaging phishing emails, being unaware of policies, or misusing access.
What is an unintentional insider threat?
A security feature that adds an extra layer of protection by requiring a SECOND form of verification, such as a code sent to your phone or email.
What is two-factor authentication (2FA)?
This device can be tapped or clicked. It's supposed to be connected with a USB cord, but users sneak me in to use. It's prohibited in the USARC HQ building.
What is a wireless mice or keyboard?
This unauthorized act involves slipping into a restricted area by closely trailing someone with access—often relying on a friendly smile or confident nod to avoid suspicion.
What is tailgating?
This attack encrypts user data and demands payment, in exchange for access to their device.
What is ransomware?
This individual may who dislike their job and/or team members. This user can cause significant harm to an organizations systems.
What is a disgruntled user?
A common and risky behavior involving redundant credentials for multiple accounts.
What is password reuse?
Unauthorized device that can mimic a legitimate Wi-Fi network, tricking users into connecting and unknowingly exposing their data to attackers.
What is a rogue or evil twin access point?
Using artificial intelligence to mimic a trusted person’s voice or image, to manipulate employees into taking urgent actions like transferring funds or sharing sensitive data.
What is deepfake impersonation?
Name the most common cyber incident for USARC FY2024.
**Bonus 500pts: name the 2nd most common
What are plugging cell phones into laptops?
**Adult Content
The monitoring approach that helps detect insider threats by analyzing user behavior over time. It flags anomalies such as unusual login times, large file transfers, or unauthorized access attempts.
What is User and Entity Behavior Analytics (UEBA)?
An advanced password strategy involving using a unique combination of words.
What is passphrase?
This is an unauthorized activity unless you are an Data Transfer Agent (DTA)?
What is transferring/downloading to an external storage device?