Module 2 Flashcards
Computer Virus
Malicious code written to interfere with computer operations and cause damage to data and software.
Malware
Software designed to harm devices or networks.
Social Engineering
A manipulation technique that exploits human error to gain private information, access, or valuables.
Phishing
The use of digital communications to trick people into revealing sensitive data or deploying malicious software.
Common Types of Phishing Attacks
Business Email Compromise (BEC)
Spear Phishing
Whaling
Vishing
Smishing
Business Email Compromise(BEC)
A threat actor sends an email message that seems to be from unknown source to make a seemingly legitimate request for information, in order to obtain a financial advantage.
Spear Phishing
A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source.
Whaling
A form of spear phishing. Threat actors target company executives to gain access to sensitive data.
Vishing
Exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.
Smishing
The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.
Common Types of Malware Attacks
Viruses
Worms
Ransomware
Spyware
Viruses
Malicious code written to interfere with computer operations and cause damage to data and software. A virus needs to be initiated by a user (i.e., a threat factor), who transmits the virus via a malicious attachment or file download. When someone opens the malicious attachment or download, the virus hides itself and other files and now infected system. When the infected files are opened, it allows the virus to insert its own code to damage and/or destroy data in the system.
Worms
Malware that can duplicate and spread itself across systems on its own. In contrast to a virus, a worm does not need to be downloaded by user. Instead, it self-replicates and spreads from an already infected computer to other devices on the same network.
Ransomware
A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access.
Spyware
Malware that’s used to gather and sell information without consent. Spyware can be used to access devices. This allows thread actors to collect personal data, such as private emails, text, voice and image recordings, and locations.
Why Social Engineering Attacks are Effective
Authority
Intimidation
Consensus/Social Proof
Scarcity
Familiarity
Trust
Urgency
USB Baiting
An attack in which a threat actor strategically leaves a malware USB stick for an employee to defined an unknowingly infected network.
CISSP Domains
Security and Risk Management
Asset Security
Security Architecture and Engineering
Communications and Network Security
Identify and Access Management
Security Assessment and Testing
Security Operations
Software Development Security
Security and Risk Management
Defines security goals and objectives, risk mitigation, compliance, business continuity, and the law.
Asset Security
Secure his digital and physical assets. It’s also related to storage, maintenance, retention, and destruction of data.
Security Architecture and Engineering
Optimize his data security by ensuring effective tools, systems, and processes are in place.
Communication and Network Security
Manage and secure physical networks and wireless communications.
Identify and Access Management
Keep data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications.
Security Assessment and Testing
Conducting security control testing, collecting an analyzing data, and conducting security audits to monitor for risk, threats, and vulnerabilities.
