4.2 Human Element Security Flashcards
Why are people the weak link in a security program? (3x)
We have little control over what a person clicks, send data over unprotected channels or handover passwords.
Why shouldn’t you allow employees to attach personal equipment to your organization’s network?
Can introduce malicious code. Perhaps let them use them on a border network
How can you more effectively reach users in your security awareness and training efforts?
Set effective policies and teach employees to recognize danger.
How might you train users to recognize phishing email attacks?
Give them examples, make training interesting.
Why is it important not to use the same password for all your accounts?
Once attacker has one they can access all your sites.
What is pretexting?
Using a familar person, family member, manager, a trusted person to convince a target to give up a certain bit of information or perform an action they wouldn’t ordinarily do .
Why might using the wireless network in a hotel with a corporate laptop be dangerous?
Could put sensitive data at risk. Use a VPN
Why might clicking a shortened URL from a service such as bit.ly be dangerous?
Could be Malware disguised.
What is phishing?
When through electronic communication, a target clicks on a link that has the target enter personal information or installs malware.
Why is it important to use strong passwords?
Force needed to break is exponentially harder
Define tailgating. Why is it a problem?
People letting others follow through physical accesses.
How does HUMINT gather intelligence?
Human intelligence (HUMINT) involves data gathered by talking to people, which can be used as a basis for other social engineering attacks.
_____________________ is information collected from publicly available sources, such as job postings and public records.
Open source intelligence (OSINT) is information collected from publicly available sources, such as job postings and public records.
Résumés and job postings can reveal…
sensitive information about an organization’s technology and structure.
______ _________tools can provide attackers with personal information and location data about targets.
Social media