Tools of Defense

Question 1

firewall

Answer 1

Hardware or software designed to block unauthorized network access while permitting authorized communications.

Question 2

cloud computing

Answer 2

The practice of using remote servers on the Internet to store, manage, and process data.

Question 3

security awareness training

Answer 3

Any training that raises the awareness of a user to potential threats, and how to avoid them.

Question 4

Kevin Mitnick

Answer 4

“World’s Most Wanted Hacker” in the 90s
“World’s Most Famous Hacker” today
successful Fortune 500 security consultant
part owner and the Chief Hacking Officer of KnowBe4
Kevin’s main contribution to KnowBe4 is his experience
KMSAT named after him

Question 5

learning management system (LMS)

Answer 5

A system for the administration, documentation, tracking, reporting, and delivery of e-learning education courses or training programs.

Question 6

return on investment (ROI)

Answer 6

Measures the amount of return on an investment relative to the investor’s cost. For IT Security this is measured by “reduction in risk.”

Question 7

Shareable Content Object Reference Model (SCORM):

Answer 7

A technical standard that governs how online learning content and Learning Management Systems communicate with each other.

Question 8

What are the Six Steps to Success SAT?

Answer 8

Step 1: Have a security policy, and have each employee read and sign it.

Step 2: Have all employees take mandatory SAT (online), with a clear deadline and reasons why they’re taking the training.

Step 3: Make SAT part of the onboarding process (the process of integrating new hires in a company).

Step 4: Regularly test employees to reinforce the SAT its application.

Step 5: Have employees who fail phishing tests meet privately with a supervisor or HR; reward employees with low failure rates.

Step 6: Send regular security hints and tips via email to all employees.

Question 9

7 reasons why an organization would outsource SAT

Answer 9

1. reduce costs
2. access to talent
3. geographic reach and scalability
4. compliance
5. mitigate risk
6. business focus
7. leverage the cost of technology

Question 10

What is defense in depth and what are its 6 layers?

Answer 10

A security discipline that refers to having layers of protection in an IT infrastructure.

1. Policies, Procedures, and Awareness
2. perimeter
3. internal network
4. host
5. application
6. data

Question 11

social engineering indicators (SEI)

Answer 11

A feature of KnowBe4’s simulated phishing campaigns that shows a user the red flags they missed when clicking on a link in a simulated phishing campaign.

Question 12

Artificial Intelligence Driven Agent (AIDA)

Answer 12

A tool that uses artificial intelligence (AI) to automatically create integrated campaigns that send emails, text, and voicemail to an employee, simulating a multi-vector social engineering attack.