Enemy Tactics
The act of disguising a communication or identity so that it appears to be associated with a trusted or authorized source.
What is Spoofing?
A word or phrase that verifies that you and only you have access to the account.
What is a Password?
Overlapping layers of protection put in place so that if one layer fails the other layers succeed in protecting is known as...
What is Defense in Depth?
A program that is designed to read Hyper Text Markup Language (HTML) web pages downloaded from Internet websites.
What is a Browser? (or Web Browser)
The weakest link in every computer system.
What is the user?
A targeted attack against a specific individual.
What is Spear Phishing?
A security technology that requires multiple methods of authentication based on time, location, something you have, something you are, and something you know.
What is Multi-Factor Authentication?
It needs to be rotated on a regular basis, consist of minimum of 12 characters, and cannot be reused.
What is a Password?
Programs that automate or provide extra functionality on a computer or in an application or browser. JavaScript and Python are examples of this type of language.
What is Scripting? (or Scripting Code / Scripting Language)
A Virus that is able to replicate itself without user activation.
What is a Worm?
What is a Denial-of-Service (DOS) Attack?
By disabling or not clicking this in your browser you are preventing cross-site request forgery.
What is Remember Me? (Keep Me Signed In)
The act of keeping your workspace free of clutter and sensitive information locked away when not in use.
What is a Clean Desk?
An extension of the Hypertext Transfer Protocol.
What is HTTPS?
This is writen to do harm and be classified into many categories based on how they propagate and behave.
What is a Virus? (Computer Virus)
An attack in which cybercriminals utilize trial-and-error tactics to decode passwords, personal identification numbers (PINs), and other forms of login data by leveraging automated software to test large quantities of possible combinations.
What is a Brute-Force Attack?
Any combination of your name, home address, phone number, credit card, bank account numbers, email address(s), or social security number.
What is PII? (Personally Identifiable Information)
What is a Business Continuity & Disaster Recovery Plan? (BCDR)
Describe devices with sensors, processing ability, software and other technologies that connect and exchange data with other devices and systems over public and private communication networks.
What is Internet of Things? (IoT)
The use of personality, knowledge of human nature, and social skills to steal passwords, keys, tokens, or other credentials to gain access to systems.
What is Social Engineering?
A common type of attack in which attackers eavesdrop on communications between two targets.
What is a Man-in-the-Middle Attack?
An Identifier that uniquely tracks actions to individuals.
What is an Account? (or Account ID, Login ID)
Details how to deal with found vulnerabilities based on their CVSS (Common Vulnerability Scoring System) score.
What is Patch Mangement Procedure? (Patch Mangement Policy is also acceptable)
A program, script, macro or other portable instruction that can be shipped unchanged to a variety of platforms and executed with the same result. It is being adapated to run on cell phones and tablets. Some of the most common forms are JavaScript, eXtended Markup Language (XML), AJAX, ActiveX, and Flash.
What is Mobile Code?
Is the risk presented to an organization by current or past employees who have knowledge of how the organization works.
What is Insider Threat?