Tools of Defense Drill #1

Question 1

firewall:

Answer 1

Hardware or software designed to block unauthorized network access while permitting authorized communications.

Question 2

cloud computing:

Answer 2

The practice of using remote servers on the Internet to store, manage, and process data, rather than a local server or a personal computer.

Cloud servers get all the latest software and security updates, making them less vulnerable to attack.

Example: The use of Google Apps (gmail, docs, calendar, etc.)

Question 3

SAT

Answer 3

security awareness training.

Any training that raises the awareness of a user to potential threats, and how to avoid them.

The goal of SAT is to get users to make smarter security decisions and help their organization manage the ongoing problem of social engineering.

The user is the last line of defense in an attack by the bad guys!

Question 4

Kevin Mitnick:

Answer 4

In the mid-nineties, he was known as the “World’s Most Wanted Hacker.” Today, Kevin’s positioned as “The World’s Most Famous Hacker.” Kevin is a very successful Fortune 500 security consultant, part owner and the Chief Hacking Officer of KnowBe4.

Based on his 30+ years of first-hand experience with hacking and social engineering, KnowBe4 created KMSAT, which stands for “Kevin Mitnick Security Awareness Training.”

Kevin’s main contribution to KnowBe4 is his experience!

Question 5

LMS

Answer 5

learning management system

A system for the administration, documentation, tracking, reporting, and delivery of e-learning education courses or training programs.KMSAT (Kevin Mitnick Security Awareness Training) uses an LMS.

Note: You are using an LMS right now while doing this course! It’s called Bridge.

Question 6

ROI

Answer 6

return on investment.

Measures the amount of return on an investment relative to the investor’s cost.

In IT security, ROI is measured as “reduction in risk,” not as a concrete financial gain. Without proper security awareness training, a company can experience a loss of reputation, productivity, and revenue.

Question 7

SCORM

Answer 7

Shareable Content Object Reference Model

A technical standard that governs how online learning content and Learning Management Systems communicate with each other. Note: Our customers access our security awareness training modules through an LMS. Those modules are follow the SCORM standard.

Question 8

Security Awareness Training - The Six Steps

Answer 8

Step 1:
Have a security policy, and have each employee read and sign it.

Step 2:
Have all employees take mandatory SAT (online), with a clear deadline and reasons why they’re taking the training.

Step 3:
Make SAT part of the onboarding process (the process of integrating new hires in a company).

Step 4:
Regularly test employees to reinforce the SAT its application.

Step 5:
Have employees who fail phishing tests meet privately with a supervisor or HR; reward employees with low failure rates.

Step 6:
Send regular security hints and tips via email to all employees.

Question 9

Why Organizations Outsource Security Awareness Training

Answer 9

There are 7 reasons why an organization would outsource security awareness training (why they seek our product):

1. Reduce costs
2. Access to talent
3. Geographic reach and scalability
4. Compliance
5. Mitigate risk
6. Business Focus
7. Leverage the cost of technology

Question 10

Reduce Costs:

Answer 10

It’s cheaper for organizations to purchase training than to create it.

Question 11

Access to Talent:

Answer 11

Organizations use professionals, rather than internal (staff who may have limited skills and/or understanding).

Question 12

Geographic Reach and Scalability:

Answer 12

Online training content can be done anywhere there’s an internet connection. It’s easier for organizations to grow and manage increased demands for training by using a provider who has content on demand.

Question 13

Compliance:

Answer 13

Training is required for organizations who must comply with specific laws or industry guidelines, including security awareness training.

Question 14

Mitigate Risks:

Answer 14

There are less risks and problems with training when using a professional service.

Question 15

Business Focus:

Answer 15

Training is not the main focus for most organizations.

Question 16

Leverage the Cost of Technology:

Answer 16

Using an LMS for training and other SaaS type apps streamlines training and reduces costs.

Question 17

Defense in Depth

Answer 17

Defense in depth is a security discipline that refers to having layers of protection in an IT infrastructure. It is designed this way so that security is not dependent on any single layer, especially in the event of an attack.

Some examples:

Policies, Procedures, and Awareness: Published policies, implemented security procedures, and trained employees.

Perimeter: A firewall to prevent unauthorized access to the network.

Internal Network: Software or hardware tools that scan the network for attackers and traffic that shouldn’t be there.

Host: The individual computers on the network, running antivirus.

Application: Correct configurations, securely written code, and access privileges.

Data: Encrypting confidential data, or password protecting databases.

Question 18

EZXploit:

Answer 18

A tool used in simulated phishing campaigns to point out how easy it is for a bad guy to obtain the user’s information, providing the user was tricked into clicking the link in the phishing email.

How it works: An email is sent containing a link, which if clicked on opens a landing page, then a pop-up window opens that requests a Java update. (Java is a browser plugin that allows websites to run mini programs.)

If the user clicks the OK button to update Java, EZXploit collects up to 12 data points about that user and the users’s computer. Some of those data points include: network info, system info, device info, user data, and a screenshot of the user’s desktop.

Question 19

Vulnerable Plugin Option:

Answer 19

A tool that gathers information about the plugins users have installed on their browsers, and if any of them are vulnerable. This info is gathered automatically during a simulated phishing campaign.

How it works: When a user clicks a link in a phishing email it takes them to a landing page, which gathers information about the plugins installed on their browser. The results are then compared to a database of known vulnerable plugins. Any browser plugins found to be vulnerable are provided in the results of the company’s phishing test.

Question 20

SEI

Answer 20

social engineering indicators.

A feature of KnowBe4’s simulated phishing campaigns that shows a user the red flags they missed when clicking on a link in a simulated phishing campaign.

How it works: When a user clicks on a link in a phishing email, they’re taken to a landing page. The landing page then shows the user the red flags they missed.

Question 21

AIDA

Answer 21

Artificial Intelligence Driven Agent.

A tool that uses artificial intelligence (AI) to automatically create integrated campaigns that send emails, text, and voicemail to an employee, simulating a multi-vector social engineering attack.

How it works: All the phishing campaign decisions of how to phish the users are handled by the AI component. The only information that needs to be specified is when the campaign is to start and to whom the campaign will be sent.