Social Engineering
I can be found on your desk. I am supposed to be covered when not in use. Leaving me exposed will reveal personal information like SSN, DOB, DOD#, etc.
What is Personally Identifiable Information (PII)?
This should be located visibly in your workspace so my information can be seen. Every user should have this in case something happens.
What is the Cybersecurity Incident Reporting Aid?
Recommended: 8-12 minimum number of characters including a mix of letters, numbers, and special characters.
What is a strong password?
A current or former USARC employee who intentionally misuses their access to harm the organization, steal data, or sabotage systems.
What is a malicious insider threat?
I meet DOD standards & NSA-compliant. I have cross-cut teeth and can tear a document fast. The only device used for destroying evidence.
What is an authorized shredder?
The practice of looking at someone's computer from behind, without them noticing, being nosey. Trying to gain personal information by looking over.
What is Shoulder Surfing?
Malicious software is installed on a system without the user's knowledge, through email attachments or infected websites. The goal is to steal data and/or damage computer systems.
What is malware software?
A tool that can help users generate and store complex, unique passwords for their accounts. No more guessing and locking accounts.
What is a password manager?
A user begins accessing systems or data outside the scope of their job responsibilities.
What is a non privileged user?
I'm portable, small, and cute. I can do flips, fold, slide, but never bend. I can only hang with a partner after works hours.
What is a cell phone?
Sending broad emails that looks legit, but my goal is to obtain your sensitive information.
*Bonus point if you can name this particular type that targets specific personnel.......
What is Phishing?
An attacker overwhelms a system, server, or network with traffic, rendering it unavailable to legitimate users.
What is a Distributed Denial-of-Service (DDoS) attack?
A security feature that adds an extra layer of protection by requiring a second form of verification, like a code sent to your phone or email.
What is two-factor authentication (2FA)?
Risk posed by an individual at USARC who may unintentionally or intentionally compromise security through actions like mishandling data, ignoring policies, or abusing access.
What is an insider threat?
I am tapped/clicked all day and not supposed to be used in the USARC HQ building. My connection is through USB; you can hardly see me.
What is a wireless mice/keyboard device?
Following people in a restricted room is what I like to do. I'm not authorized to be there, but why not, I'll just smile and nod.
What is Tailgating?
Encrypting user data and demanding payment, in exchange for access back on their device.
What is ransom ware?
This isn't allowed, but it's common and risky habit involving using the same password across multiple accounts.
What is a password reuse?
Someone is who dislikes their job and/or team members. This type of user is dangerous because they can cause the most harm.
What is a disgruntled user?
Unauthorized device that can mimic a legitimate Wi-Fi network, tricking users into connecting and unknowingly exposing their data to attackers.
What an evil twin access point?
Using artificial intelligence to mimic a trusted person’s voice or image, to manipulate employees into taking urgent actions like transferring funds or sharing sensitive data.
What is deepfake impersonation?
Used as a decoy system or resource set up to attract cyber attackers so security teams can observe their tactics without risking real assets.
What is a honeypot?
An advanced password strategy involving using a long, unique passphrase that combines unrelated words, numbers, and symbols.
What is a passphrase password?
The monitoring approach that helps detect insider threats by analyzing user behavior over time. It flags anomalies such as unusual login times, large file transfers, or unauthorized access attempts.
What is User and Entity Behavior Analytics (UEBA)?
Unauthorized wireless device connected to a secure network, potentially allowing attackers to intercept data or gain access.
What is a rogue device or rogue access point?