4.2 Human Element Security Flashcards
Why are people the weak link in a security program? (3x)
We have little control over what a person clicks, send data over unprotected channels or handover passwords.
Why shouldn’t you allow employees to attach personal equipment to your organization’s network?
Can introduce malicious code. Perhaps let them use them on a border network
How can you more effectively reach users in your security awareness and training efforts?
Set effective policies and teach employees to recognize danger.
How might you train users to recognize phishing email attacks?
Give them examples, make training interesting.
Why is it important not to use the same password for all your accounts?
Once attacker has one they can access all your sites.
What is pretexting?
Using a familar person, family member, manager, a trusted person to convince a target to give up a certain bit of information or perform an action they wouldn’t ordinarily do .
Why might using the wireless network in a hotel with a corporate laptop be dangerous?
Could put sensitive data at risk. Use a VPN
Why might clicking a shortened URL from a service such as bit.ly be dangerous?
Could be Malware disguised.
What is phishing?
When through electronic communication, a target clicks on a link that has the target enter personal information or installs malware.
Why is it important to use strong passwords?
Force needed to break is exponentially harder
Define tailgating. Why is it a problem?
People letting others follow through physical accesses.
How does HUMINT gather intelligence?
Human intelligence (HUMINT) involves data gathered by talking to people, which can be used as a basis for other social engineering attacks.
_____________________ is information collected from publicly available sources, such as job postings and public records.
Open source intelligence (OSINT) is information collected from publicly available sources, such as job postings and public records.
Résumés and job postings can reveal…
sensitive information about an organization’s technology and structure.
______ _________tools can provide attackers with personal information and location data about targets.
Social media
Public records can offer a wealth of information about _________, including ________ and _________ history.
individuals, including legal and financial history
_________ and ________can be powerful tools for information gathering, especially when using advanced search operators
Google and other search engines
____________can reveal sensitive information about the creator and history of documents.
metadata
is a search engine that looks for information on internet-connected devices, potentially revealing vulnerabilities.
Shodan
_______ is an intelligence-gathering tool that uses relationships between data points to discover related information.
Maltego
_______ ________ is a targeted form of phishing that requires advanced reconnaissance to appear more credible.
Spear phishing
_________ _________ ____________ _________are essential for protecting organizations from social engineering attacks.
Security awareness training programs
Educating users about malware involves teaching _______________.
them to be cautious when clicking links or opening attachments.
Organizations should set _____ for when and how employees can use personal equipment in the workplace.
rules
__________ ________policies help prevent sensitive information from being left unattended on desks.
Clean desk
Effectively communicating ________and ________ to users is crucial for ensuring compliance and security awareness.
policies; regulations
Making security awareness training _______ and ________ can improve retention of important information.
engaging; interactive