Search Results

A form of user authentication that requires several methods instead of just one in order to grant access to secured property. There are three basic types of authentication: something you know (username/password; PIN) something you have (key; keycard; key fob)...

A document that defines password requirements on company-owned systems. It specifies: Minimum length of a password (usually 8 char.) Character types required in a password (upper/lower; numbers; special characters/punctuation) How many failed attempts before ...

A document that defines restricted areas within company premises, identifies which employees are granted access to those restricted areas and outlines how that access is granted and under which terms access should be revoked. Authentication methods include: A...

The physical channel through which data communications travel; the connecting method between network hosts. Network mediums can be divided into several categories: Bound-Media Unbound-Media Fiber-Optic-Media #III

A hardware device designed to monitor and protect computer networks from suspicious, malicious, and prohibited network activity. IDS' can be configured to adhere to a security policy created by an organization by the network admin. IDS use signature patterns ...

A type of monitor that produces image by moving liquid crystals that block or allow light to pass through them. Features Light is provided to the monitor via a backlight on the flat panel display. A polarizing glass filter is placed both in front of and behin...

A set of procedures defining how evidence is handled after a security breach in an enterprise settings. This is usually listed out in an organizations security policy. #XIV

aliases: PCI DSS The legal standards for financial data storage at enterprise levels. There are 12 requirements under 6 categories that an organization needs to adhere to if they want to be able to process card payments. Legislation Sarbanes-Oxley-Act-of-...

A congressional act that forces public companies to be transparent in regards to creating and maintaining financial records. Often abbreviated as the SOX Act. #XIV

A Congressional act that forces companies that offer loans, investment advice, or loans to adhere to certain rules when storing customer data securely, and how to properly share customer data. The GLBA is enforced by the Federal Trade Commission, so this is ta...

A hardware piece on a computer where an electrical connector can be used to link the device to other devices. A logical communication channel that network nodes use to send and receive data on. A list of the ports and their protocols can be found here. #III

The act of sending malicious messages intended to fool and/or manipulate a victim into giving up sensitive information or to perform actions that will result in a compromised system. #XIV

A specific type of phishing that targets high-value individuals within an organization, such as the CEO. #XIV

A type of phishing where the attacker researches the target extensively to craft a personalized message designed to fool the target and the target specifically. #XIV

A social engineering attack where the attacker gains access to a secured place simply by closely following an authorized person. #XIV

A type of social engineering that allows the attacker to gain critical and/or sensitive information simply by looking over the shoulder of a target and viewing their computer screen. #XIV

A social engineering attack where the attacker attempts to gain access to secured data by pretending to be a verified, authorized person. #XIV

A type of social engineering attack where the attacker configures a rogue access point designed to mimic the legitimate network. The attacker can then kick off targets from the actual network, and when the clients attempt to reconnect, they will instead connec...