acronyms

Question 1

pluggin

Answer 1

A component that adds a specific feature to software. Also referred to as an extension. example face ID on iphone

Question 2

feature

Answer 2

A distinctive characteristic of software or hardware.

Question 3

platform

Answer 3

The environment in which a piece of software is executed. It may be the hardware, operating system, a web browser, or other underlying software.
For example, Microsoft Windows is a platform for Microsoft Word.

Question 4

operating system (OS):

Answer 4

Software that manages the computer hardware and software. It’s a system that sits between the applications and hardware.
Microsoft Windows is an example of an operating system.

Question 5

utilities:

Answer 5

Applications designed to help analyze, configure, optimize, or maintain a computer. Unlike application software (which focuses on benefiting the user), utilities are used to support the computer.

Question 6

Applications (apps)

Answer 6

A type of software that allows a user to perform specific tasks and activities.

Question 7

advanced persistent threat:

Answer 7

Also known as APT, is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The bad guy’s goal is to go undetected and steal data, rather than cause damage to the network or organization.

Question 8

Zero-Day

Answer 8

the good guys had no warning; they had “zero-days” to do something about it. Because the bad guys exploited a security vulnerability before the good guys were aware of the security vulnerability.

Question 9

Exploit

Answer 9

Software or code—usually malicious—that takes advantage of a flaw or Security vulnerability. The purpose is to cause unintended or unanticipated behavior to occur with the software or hardware. Such behavior would be unauthorized access or control of a computer, or denial-of-service (DoS).

Question 10

security vulnerability

Answer 10

A weakness on a network, computer, or software which allows a bad guy to gain access. A security vulnerability has three elements:
1).a flaw,
2). access to the flaw,
3). and capability to exploit that flaw.

Question 11

DoS attack

Answer 11

(Denial of Service) Bombarding the system to overload the computer to prevent users from getting on the site. When the attacks come from multiple sources, it’s called DDoS, “distributed denial-of-service.”

Question 12

Data Breach

Answer 12

The intentional or unintentional release of secure information to an untrusted environment. Other terms for events like this are: unintentional information disclosure, data leak, and data spill.

Question 13

botnet

Answer 13

Short for “robot network,” it’s a collection of software robots, or “bots,” that live on infected computers, and are controlled by the bad guys. Botnets do many bad things like spew out spam, attack other computers, or send back confidential data to the botnet controller.

Question 14

Rootkit

Answer 14

Malicious code that loads into the early loading stages of a computer. The code hides itself from the operating system and other applications that load in the later stages, like antivirus and system utilities. This gives the bad guy full access to alter the system.

Question 15

Ransom ware

Answer 15

Vicious malware that locks users out of their devices or blocks access to files until a sum of money or ransom is paid. Attacks cause downtime, data loss, possible intellectual property theft, and data breaches. Ransomware is also referred to as “cryptoware.”
How it works: Once the malware is on the machine, it starts to encrypt all the data files it can find on the computer and on any computers it can access within the network.

Question 16

Malware

Answer 16

Malicious software. Short for the term “malicious software.” It’s an umbrella term used to refer to the various types of viruses, worms and trojans, etc. Most malware is installed without the infected person ever realizing it.

Question 17

Virus

Answer 17

A malicious computer program that infects a file. A true virus can only spread from one computer to another when its host (infected file) is sent to the target computer.
The word “virus” is incorrectly used as an umbrella term for many flavors of viruses, worms and trojans, etc.

Question 18

worm

Answer 18

A self-replicating computer program. It sends copies of itself to other computers, and may do so without any user intervention. Unlike a virus, it doesn’t need to attach itself to an existing file. Worms almost always cause at least some harm to the network.

Question 19

Trojan malware

Answer 19

Malware that is designed to make you think you’re performing a task that you want when your’e really letting a hacker in or downloading malicious software.

Question 20

WPT

Answer 20

Weak Password Test- Checks their active directory for several different types of weak passwords

Question 21

USB

Answer 21

Universal Serial Bus- we also have a test that downloads software onto the users usb and they leave it in the office to see who plugs it in and who allows macros which is a mini program. then they are sent results after 7 days.

Question 22

SMPT

Answer 22

Social media Phishing Test- Similar to a PST PRT see which users are likely to fall for social media related phishing attacks.
User selections either facebook, linked in, twitter, and then a landing page either one that reveals its a simulated phising or a login page for their login information for the social media platform. report will show how many people clicked on the link and how many people actually entered login information.

Question 23

SMS

Answer 23

Short Message Service-a text message. there is also a smishing: which is sms phising

Question 24

SMB

Answer 24

Small and Medium Businesses

Question 25

SKU

Answer 25

Stock Keeping Unit-A unique identification number that defines an item at the identifiable inventory level

Question 26

SEi

Answer 26

Social Engineering Indicators-A feature of KnowBe4's simulated phishing campaigns that shows a user the red flags they missed when clicking on a link in a simulated phishing campaign.

Question 27

Email Spoofing

Answer 27

Spoofing (tricking or deceiving) computer systems or other computer users. Email spoofing involves sending messages from a bogus email address or faking the email address of another user (DD) and CEO fraud.

Question 28

Phising prone percentage

Answer 28

The amount of people who click on the simulated phising link done by knowbe4 before the training.

Question 29

Phising attack surface

Answer 29

The amount of email exposed on the internet.

Question 30

Spear phising

Answer 30

Is an email attack that is specific to target one person with information used in the email aquirred through research on the target before they send the email

Question 31

Phising

Answer 31

criminally fraudulent social engineering through email to access users sensitive information like login passwords, credit card information etc. by pretending to be something that its not.

Question 32

7 reasons company would outsource SAT

Answer 32

Reduce costs- its cheaper Access to talent- we have trained professionals Geographic reach and scalability- its a SaaS which can be run anywhere Compliance- Help with efficiently becoming compliant in industry. Mitigate risk- Less risky to go with established system that is proven to work Business Focus- focus on what your business does and not on security. Leverage the cost of technology- Cheaper to use a system already in place than to hire and train someone within the company.

Question 33

SAT

Answer 33

Security Awareness Training- Any training that raises the awareness of a user to potential threats, and how to avoid them. The Six Steps to Successful Security Awareness Training (SAT) Step 1: Have a security policy, and have each employee read and sign it. Step 2: Have all employees take mandatory SAT (online), with a clear deadline and reasons why they're taking the training. Step 3: Make SAT part of the onboarding process (the process of integrating new hires in a company). Step 4: Regularly test employees to reinforce the SAT's application. Step 5: Have employees who fail phishing tests meet privately with a supervisor or HR; reward employees with low failure rates. Step 6: Send regular security hints and tips via email to all employees.

Question 34

SaaS

Answer 34

(Softwareasaservice)a method of software delivery and licensing in which software is accessed online via a subscription, rather than bought and installed on individual computers.example Knowbefore, google apps. etc

Question 35

RIO

Answer 35

Return on Investment- The amount of money that is gained or lost with a purchase of for example knowbe4 Kmsat. A software as a service

Question 36

Ran-sim

Answer 36

Ransomware Simulator-Uses 13 ransomware Infection scenarios to determine where they may be vulnerable to a ransomware attack. They also check if their antivirus is blocking Files that should be let through.

Question 37

PST

Answer 37

Phishing Security Test- A simulated phising test in which the user enters which emails they want to be tested on. They pick a specific template they wish to use and the clicker is sent to a landing page. They take the amount of people who clicked on the link compared to the ones that didnt to get a Phish Prone percentage.

Question 38

PRT

Answer 38

Phishing Reply Test- Phishing Test to see who replies to an email that is usually a doplgainer. It does not contain links it is only to see who will reply to the email.

Question 39

PII

Answer 39

Personally Identifiable Information-Any information that can be used on its own or with other information to identify, contact, or locate a single person.

Question 40

PHi

Answer 40

Protected Health Information-All recorded information about an individual's health status, including their health care coverage.

Question 41

PCI-DSS

Answer 41

Payment Card Industry Data Security Standard-A document published by Payment Card Industry. The publication lists all requirements for securely handling credit cards and credit card information. Organizations who accept credit cards must be PCI compliant. One of the requirements includes security awareness training.

Question 42

PCI

Answer 42

Payment Card Industry

Question 43

PET

Answer 43

Password Exposure Test-users have exposed emails and.....passwords......publicly available on the web and checks the organization's Active Directory to see if they are using weak or compromised passwords that are part of a known data breach.

Question 44

PAB

Answer 44

Phishing Alert Button- goes to IT to see if its actually a phising scam and deletes the email from the users inbox. if its determined to be a scam the IT can delete it from everyones email.

Question 45

MSA

Answer 45

Mailserver Security Assessment- Checks to see how their mailserver filters emails. IF it allows our test emails through or if it blocks them.

Question 46

MASA

Answer 46

Multi-factor Authentication Security Assessment- Checks to see if their multi-factor authentication is working properly or if it has any flaws that can be exploited.two...factor..authentication..

Question 47

(SCORM):

Answer 47

(SCORM):Sharable Content Object Reference Model A technical standard that governs how online learning content and Learning Management Systems communicate with each other

Question 48

LMS

Answer 48

Learning Management System-A system for the administration, documentation, tracking, reporting, and delivery of e-learning education courses or training programs. KMSAT (Kevin Mitnick Security Awareness Training) uses an LMS. Note: You are using an LMS right now while doing this course! It's called Bridge.

Question 49

KCM

Answer 49

KnowBe4 Compliance Manager- KCM GRC is a project management and organization tool, specifically designed for risk and compliance related projects. It enables organizations to stay organized, stay prepared, and be able to demonstrate their processes and proof around these types of projects. Also a SaaS Most organizations track compliance using spreadsheets, word processors or self-maintained software such as Sharepoint (a platform designed by Microsoft, used for document management and storage). This is inefficient, error prone, costly, and risky. KCM GRC simplifies this process.

Question 50

HIPAA

Answer 50

Health Insurance Portability and Accountability Act- requires healthcare organizations to protect personal health information (PHI).

Question 51

EEC-Pro

Answer 51

Email Exposure Check pro- A super deep search even into word documents to see if emails have been exposed. Gives a Phishing attack surface which shows how many emails are out on the internet. Customers that buy the GOLD package get sent an EEC every month. The EEC has been upgraded to EEC Pro spring 2018 and delivers more information.

Question 52

DST

Answer 52

Domain Spoof Test- To see if your company domain has been spoofed

Question 53

CSO

Answer 53

Chief Security Officer

Question 54

CSM

Answer 54

Customer Success Manager

Question 55

CiSO

Answer 55

Chief Information Security Officer

Question 56

CiO

Answer 56

Chief Information Officer

Question 57

CARA

Answer 57

Compliance Audit Readiness Assessment-is a KCM-oriented complimentary web-based tool that helps the user gauge their organization’s readiness in meeting compliance requirements for the Cybersecurity Maturity Model Certification (CMMC) framework. CARA is a 5-minute self-assessment tool that will help the user define what technical controls are required for a given scope within the regulatory compliance framework. How it works: Users will receive a custom link to take their assessment. They then rate their organization's readiness for each requirement as Met, Partially Met, or Not Met. Next, they get an instant analysis and summary of potential gaps in your cybersecurity preparedness. Finally, they receive a custom report with control guidance suggestions to help them meet compliance. Results in a few minutes!

Question 58

BPi

Answer 58

Browser Password Inspector-checks the user passwords saved in the web browser against your Active Directory for threats related to weak, reused, and old passwords in use. Checks passwords saved in chrome or other browsers and then sees if they are part of a data breach and if they are still active and being used in the company.

Question 59

ASAP

Answer 59

Automated Security Awareness Program-starts with answering seven questions about your goals and organization (on a questionnaire). ASAP will then create a program and a schedule of tasks for you automatically. The tasks will be based on best-practices in an easy calendar view on how to achieve your security awareness goals and deploy your program.

Question 60

Directory

Answer 60

Like physical folders, a directory organizes files or data on a hard drive or in a program. Directories can contain other directories, which are then called sub-directories. Software that stores all resources on a network. Example resources are: users, groups, permissions, devices, and management policies. A directory is also referred to as a directory service. Example: When a directory is given a username, it will return the profile of the user, which may include permissions for data access, as well as employee information.

Question 61

Server

Answer 61

A computer or program that manages access to centralized resources. For example, a file server would store and manage all the user files for a group of computers and users.

Question 62

console

Answer 62

A user interface that manages and controls software and/or hardware. KnowBe4 customers access our products through a console

Question 63

API

Answer 63

Application Program Interface-A set of clearly defined methods of communication between software.

Question 64

ADI

Answer 64

Active Directory Integration-the process of incorporating directory services — a suite of tools for managing users, groups, and resources — into a network of computers.

Question 65

compliance

Answer 65

The action of meeting requirements of accepted practices, specific standards, laws, prescribed rules and regulations or That state of having met required regulations for the industry one is in.

Question 66

whitelist:

Answer 66

A list of trusted email addresses, domains and/or internet addresses that are permitted to pass through a system or filter.

Question 67

White paper

Answer 67

A report that describes how a technology or product solves a problem. It's a marketing and technical document that doesn't go too far in either direction.

Question 68

HTTP and HTTPS

Answer 68

Hypertext Transfer Protocol One of the protocols (specific code language) used to transfer information (like a webpage) over the Internet. HTTPS is Secure which has encrypted code to make is safer to transfer the information from one source to another.

Question 69

Scim

Answer 69

(System for Cross-domain Identity Management): This is an integration service for user provisioning. SCIM integration allows one to import their users and groups from their identity provider into their KnowBe4 Console.

Question 70

AD

Answer 70

Active Directory-A directory service developed by Microsoft for use on Windows operating systems. If you were in charge of all the users and computers on a network that are using a Windows server, you would use Active Directory to set up the users, their passwords and what devices they could access. It is MicroSoft’s name for their directory.

Question 71

Cloud Computing

Answer 71

cloud computing: The practice of using remote servers on the Internet to store, manage, and process data, rather than a local server or a personal computer. Cloud servers get all the latest software and security updates, making them less vulnerable to attack. Example: The use of Google Apps (Gmail, docs, calendar, etc.)

Question 72

Defense In Depth

Answer 72

A security discipline that refers to having layers of protection in an IT infrastructure. It is designed this way so that security is not dependent on any single layer, especially in the event of an attack. Policies, Procedures, and Awareness: Published policies, implemented security procedures, and trained employees. Perimeter: A firewall to prevent unauthorized access to the network. Internal Network: Software or hardware tools that scan the network for attackers and traffic that shouldn't be there. Host: The individual computers on the network, running antivirus. Application: Correct configurations, securely written code, and access privileges. Data: Encrypting confidential data, or password protecting databases.

Question 73

AIDA

Answer 73

Artificial Intelligence Driven Agent-A tool that uses artificial intelligence (AI) to automatically create integrated campaigns that send emails, text, and voicemail to an employee, simulating a multi-vector social engineering attack.