Show:
Social Engineering
Common SAV Findings
CORA Prep
Incident Response
Cybersecurity
100

Manipulating individuals into divulging confidential or personal information that may be used for fraudulent purposes.



What is Social Engineering?

100

This should always be removed from computer/laptop when walking away. This item should be no more than an arms length away.

What is a CAC card or token?

100
To apply or maintain permissions to prevent an account from getting information they are not authorized to see while making the information available to those who are authorized.
What is Access Control?
100
They are people who traditionally tried to gain access to computers remotely to learn more and for intellectual curiosity. Currently, they only make up 17% of computer intrusions.
Who are hackers?
100
A program that is designed only to read Hyper Text Markup Language (HTML) web pages downloaded from Internet websites. They can have helpers or add-on functions incorporated by using interpreters to read the additional instructions and provide different web content types. Internet Explorer, Firefox and Safari are examples of these.
What is a browser? (or web browser)
200

Targets a specific person or group using deceptive messages or emails, disguised coming from a trusted source.

What is Spear Phishing?

200

This should not be left laying around on your desk. If you are not actively using it, it should be put away.

What is PII?

200
An identifier that uniquely tracks actions to individuals.
What is an Account? (or Login ID)
200
Is the risk presented to an organization by current or past employees who have knowledge of how the organization works and what and where the most valuable (damaging) information might reside.
What is Insider threat?
200
Easily readable programs that automate or provide extra function on a computer system or in an application or browser. ActiveX and JavaScript are examples of this type of language.
What is Scripting? (or Scripting Code or Scripting Language)
300

A phishing technique using phone calls to deceive the caller. The goal is to gain sensitive information.


Bonus 20pt: Give an example of a phishing technique (10 seconds)

What is Vishing?

300

This can be laying around, unmarked. Do NOT leave this unattended in a sipr cafe. 

What is Unlabled Media?

300
Functional managers classify data and grant approval to those whose jobs require access to the information.
Who are Data Managers?
300
These are well run groups of crooks who methodically look for computer vulnerabilities to steal large numbers of financial or credit card accounts for financial profit.
Who are organized crime groups?
300
A type of a program that takes scripting language and reads it so it can be acted on by a browser or an application. These are found in almost all operating systems, web browsers and many commercial off the shelf application programs.
What is an Interpreter?
400

Gaining physical access to a secure area by following someone with access.


Bonus 20pts: Give an example. (10 seconds)

What is Tailgating or Piggyback?

400

I can be opened or closed, but never left cracked. When closed, you should verify that I can't be opened again.

What are unsecured Doors?

400
As a result of the VA breach in 2006 where PII of over a million veterans was lost, it is now a requirement to delete all sensitive data extracts on individual computers after this number of days.
What is 90 days?
400
They are structured groups funded by other governments and dedicated to mapping out the internet addresses for the purpose of espionage and possible computer attacks.
What is state sponsored hacking?
400
The contents of electronic documents that can carry out or trigger actions automatically, on a computer platform, without the intervention of a user. Active content includes built in macro processing, scripting languages, or virtual machines. A significant share of today’s malware involves this type of programs.
What is Active Content?
500

Targeting high profile individuals, such as CEOs using personalized emails to transfer funds coming from trusted source to gain access to the company's sensitive information.

What is Whaling?

500

I love to eat paper. You should make sure I'm NSA approved or someone can put the pieces back together.

What is an unapproved shredder?

500
It is a word or phrase that verifies that you and only you had access to the account.
What is a Password?
500
The weakest link in every computer system. The one person who can through thoughtlessness, unawareness or accident, cause loss of work products through deletion, corruption or improperly safeguarding data.
Who are you? (Who am I?)
500
A program, script, macro or other portable instruction, that can be shipped unchanged to a variety of platforms and executed with the same result. Some of the most common forms of mobile code are JavaScript, Asynchronous JavaScript and eXtended Markup Language (XML) or AJAX, Java applets, ActiveX, and Flash. It is being adapted to run on cell phones, PDAs, and other devices.
What is Mobile Code?