Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
26 Cards in this Set
- Front
- Back
Phishing |
the activity of defrauding an online account holder of financial information by posing as a legitimate company. |
|
Pretexting |
phoning someone who has the information under a false pretext, usually by pretending to be someone authorised to be told it. |
|
Social engineering |
the application of sociological principles to specific social problems. |
|
Pretexting is mostly used for |
attacks on companies, but it's starting to be used more against individuals. |
|
behavioral economics |
a method of economic analysis that applies psychological insights into human behavior to explain economic decision-making. |
|
decision science |
is a collaborative approach involving mathematical formulae, business tactics, technological applications and behavioral sciences to help senior management make data drivendecisions. |
|
prospect theory |
is a behavioral economictheory that describes the way people choose between probabilistic alternatives that involve risk, where the probabilities of outcomes are known. |
|
Context-aware security |
is the use of situational information (such as identity,geolocation, time of day or type of endpoint device) to improve information securitydecisions. |
|
Trusted Path |
is a mechanism that provides confidence that the user is communicating with what the user intended to communicate with, ensuring that attackers can't intercept or modify whatever information is being communicated. |
|
Password Manglers |
Something that reconfigures your password (ex. a typical mechanism is to hash it using a secret key and the domain name of the web site into which it's being entered. |
|
Customer education |
is inadequate as the more you train people what to do and what not to do the attackers seem to find ways to work around these new features. |
|
Trusted Computing |
is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field oftrusted systems and has a specialized meaning. |
|
Fortified Password Protocols |
a series of protocols for encrypted key exchange, whereby a key exchange is combined with a shared password in such a way that a man-in-the-middle could not guess the password. |
|
Two-channel authentication |
This involves sending an access code to the user via a separhoneate channel, such as their mobile p |
|
Targeted Attack on One Account |
An intruder tries to guess a particular user's password. |
|
Attempt to Penetrate Any Account on a System |
the system.the intruder tries to get a logon as any user of |
|
Attempt to Penetrate Any Account On Any System |
the intruder merely wants an account at any system in a given domain but doesn't care which one. |
|
Service Denial Attack |
the attacker may wish to prevent the legitimate user from usine the system. |
|
One-way Encryption |
Uses a one-way algorithm |
|
Salt |
is random data that is used as an additional input to a one-way function that "hashes" a password or passphrase.[1] The primary function of salts is to defend againstdictionary attacks versus a list of password hashes and against pre-computed rainbow table attacks. |
|
winzip |
is a shareware file archiver and compressor for Windows, OS X, iOS and Android developed by WinZip Computing (formerly Nico Mak Computing). It can create archives in Zip file format, and unpack some other archive file formats. |
|
Password Cracking |
is the process of recovering passwords from data that have been stored in or transmitted by a computer system. |
|
crypto-key |
is a variable value that is applied using an algorithm to a string or block of unencrypted text to produce encrypted text, or to decrypt encrypted text. |
|
Total exhaust time |
time that it takes to crack a password. |
|
Shadow Password |
is a system file in which encryption user password are stored so that they aren't available to people who try to break into the system |
|
CAPTCHA |
a program or system intended to distinguish human from machine input, typically as a way of thwarting spam and automated extraction of data from websites. |