5 - Human Aspects in Cyber Security Flashcards
Social Engineering
Manipulate people to execute an attack
Attack Lifecycle for Social Engineering
- Information Gathering
- Relationship Development
- Exploitation
- Execution to achieve the objective
Information Gathering methods
- Reconnaissance (social media, public info etc)
- Public info
- Social media
- Dumpster diving
- Cold Calling
Impersonation
Impersonating a TRUSTED member in regards to security and tech etc.
2 Common Social Media Scams
- Fake logins, articles, groups etc
- Catfishing
Road Apples
Eg bait with desirable info.
Aim to get user to open it
Pretexting
inventing a scenario to gain access to information
Phishing
Emails/phone calls that appear legitimate with a sense of urgency
Shoulder Surfing
Someone “eyeing” sensitive information without the person realising
Dumpster Diving
Going through someone’s rubbish/trash
4 Data classifications
Public Use
Internal Use
Confidential
Top Secret
4 examples of Access Segregation
Controls
MFA
Restrict physical access
Guards
Why are screensavers useful?
They can be used to repeatedly remind users of policy