Access
creating one or more barriers around a resource that only authenticated users can gain access to
Access Control
the goals for providing a secure information management system
CIA triad
A social engineering technique of discovering things about an organization based on what it throws away
Dumpster Diving
protecting against system failure by providing extra capacity
Redundancy (Fault Tolerance)
software that records information about a PC and its user such as a user's purchase history
Adware
a network attack that aims to disrupt a service usually by overloading it
Denial of Service
default administrative and guest accounts configured on servers and network devices that provide possible points of unauthorized access
default accounts
listening in to communications sent over media
Eavesdropping
device that provides alternative AC power supply in the event of a power failure (requires a battery)
UPS
software installed without user's knowledge to gather passwords or financial information
SPYWARE
the basic security principle stating that something should be allocated with the minimum necessary rights, privileges, or information to perform their role
least privilege
identifying, testing, and deploying OS and application updates via patches
Patch Management
attacker intercepts communications between two hosts
Man in the Middle
the principle that something should not be so secure that it is completely inaccessible
Availability
type of malware that tries to extort money from the victim
Ransomeware
attacker disguises identity to gain network access
Spoofing
permissions attached or configured on a network device, resource, or file and folder
Access Control List
social engineering tactic to obtain someone's password or PIN by observing him/her as they type it
Shoulder Surfing
a secret text string used as part of a logon
Password
A malicious software program hidden with an innocuous-seeming piece of software.
Trojan Horse
email attack created to trick users into providing authentication or financial information
Phishing
a means for a user to prove their identity to a computer/server
Authentication
these attacks include impersonation, domination, and charm to gain trust
Social Engineering
access control model where resources are assigned permissions according to job function rather than personally
Role Based Access Control
code designed to infect computer files when it is activated, it is also programmed to carry out malicious actions such as deleting files or changing system settings
Virus