C836 Ch.8 Flashcards
Name the most common security awareness issues
Protecting data, passwords, social engineering, network usage, malware, the use of personal equipment, clean desk, policy knowledge
Why is protecting data a security awareness issue?
Users need to understand the criticality of carefully handling data from both a compliance and a customer retention and reputation perspective
Why are passwords a security awareness issue?
Users need to understand the importance of strong passwords and password handling best practices
Social engineering
A technique used by an attacker that relies on the willingness of people to help others
Pretexting
A technique involving a fake identity and a believable scenario that elicits the target to give out sensitive information or perform some action which they would not normally do for a stranger
Phishing
A social engineering technique that uses electronic communications (email, texts, or phone calls) to convince a potential victim to give out sensitive information or perform some action
Spear phishing
A social engineering technique that targets a specific company, organization, or person, and involves knowing specifics about the target to appear valid
Tailgating (also known as piggybacking)
A method by which a person follows directly behind another person who authenticates to the physical access control measure, thus allowing the follower to gain access without authenticating
Why is network usage a security awareness issue?
Users need to understand the security issues around connecting devices to networks, such as connecting outside devices to the corporate network, and connecting corporate resources to a public network
Why is malware a security awareness issue?
Users need to be educated in what malware is and how to avoid it
Why is the use of personal equipment a security awareness issue?
Users need to be made aware of policies regarding personal devices in the workplace to protect a company’s assets
Why is the clean desk policy a security awareness issue?
Users need to be made aware of the clean desk policy to protect sensitive information at all times, even when away from one’s desk
Why is policy and regulatory knowledge a security awareness issue?
Users need to be aware of established corporate policies and regulations to maintain compliance throughout the organization
Security Awareness, Training, and Education (SATE)
A program that seeks to make users aware of the risk they are accepting through their current actions and attempts to change their behavior through targeted efforts