5.6 Flashcards
Security awareness, user training
An activity that an organization does to lure their employees into clicking a fake phishing link
Phishing campaign
A process that searches for risky, unexpected, or unintentional behavior of a person or service. This process is often automated.
Ex. modifying host files, replacing core OS files uploading sensitive files
Logging in from another country, increase in data transfers
Typing the wrong domain name, misplacing USB drives, misconfiguring security settings
Anomalous behavior recognition
A specialized team in an organization that establishes security awareness, integrates user training, assesses the performance of security awareness programs, and may even create customized training courses for the specific security standards in use for the organization.
Security awareness team
An attribute of end users where they are always looking for security threats or unusual activity. They need to be ready for anything.
Situational awareness
Security concerns for hybrid/remote work environments (3)
Access from family and friends
Endpoint security
Security policies for VPN access
A security perspective of looking at the network from the attacker’s perspective: What information is especially sensitive, and what will an attacker want? This data should have more security measures than others.
Operational security