Security Foundations
This basic security practice involves keeping your software up-to-date to fix known vulnerabilities.
What is patching?
This type of malicious software is designed to disguise itself as legitimate software to trick you into installing it.
What is a Trojan horse?
This security tool acts like a gatekeeper, controlling incoming and outgoing network traffic based on predetermined rules.
What is a firewall?
This common practice helps protect your online accounts by requiring a code from your phone in addition to your password.
What is two-factor authentication (or multi-factor authentication)
This type of attack uses artificial intelligence to create highly convincing fake videos or audio recordings.
What is a deepfake?
This principle grants users only the necessary access to perform their job duties.
What is least privilege?
This kind of attack floods a system with traffic to make it unavailable to legitimate users.
What is a Denial-of-Service (DoS) attack?
This type of software is designed to detect and remove malicious software from your computer.
What is antivirus software?
This type of software helps prevent sensitive data, like credit card numbers, from leaving a company's network.
What is Data Loss Prevention (DLP)?
This recent cybersecurity incident involved a supply chain compromise, where attackers injected malicious code into widely used software to gain access to numerous organizations' systems.
What is the SolarWinds attack (or Sunburst attack)?
This term refers to the unauthorized viewing, theft, or use of sensitive data.
What is a data breach?
This social engineering tactic uses urgent or threatening language to manipulate victims into revealing sensitive information or making payments.
What is scareware?
This process scrambles data to make it unreadable without the proper decryption key.
What is encryption?
This Canadian federal law protects personal information collected by private-sector organizations.
What is the Personal Information Protection and Electronic Documents Act (PIPEDA)?
This type of security approach assumes that no user or device can be trusted by default and requires verification at every stage.
What is Zero Trust security?
This security measure combines something you know (like a password) with something you have (like a phone) for stronger authentication.
What is two-factor authentication (or multi-factor authentication)?
This type of attack exploits a vulnerability that is unknown to the software vendor.
What is a zero-day exploit?
This system monitors network or system activity for malicious events or policy violations and sends alerts.
What is an Intrusion Detection System (IDS)?
This is the process of identifying and evaluating potential security risks to your data and systems.
What is a risk assessment?
This type of attack exploits vulnerabilities in the way data is transferred between a website and a user's browser, potentially allowing attackers to steal cookies or manipulate sensitive information.
What is a Man-in-the-Middle (MitM) attack?
These three core principles (often abbreviated as CIA) are the foundation of information security.
What are confidentiality, integrity, and availability?
This advanced type of malware is often used for espionage and can remain hidden on a system for a long time.
What is an Advanced Persistent Threat (APT)?
This security measure uses unique biological traits to verify a person's identity.
What is biometrics?
This principle in data security emphasizes collecting only the necessary data and using it only for its intended purpose.
What is data minimization?
This advanced persistent threat group, believed to be state-sponsored, has been linked to sophisticated cyberespionage campaigns and the use of the NotPetya malware.
Who is Sandworm (or Telebots, Voodoo Bear)?