Drill #5 Flashcards
firewall
Hardware or software designed to block unauthorized network access while permitting authorized communications.
cloud computing:
The practice of using remote servers on the Internet to store, manage, and process data, rather than a local server or a personal computer.
security awareness training (SAT):
Any training that raises the awareness of a user to potential threats, and how to avoid them.
learning management system (LMS):
A system for the administration, documentation, tracking, reporting, and delivery of e-learning education courses or training programs. KMSAT (Kevin Mitnick Security Awareness Training) uses an LMS. Note: You are using an LMS right now while doing this course! It’s called Bridge.
return on investment (ROI):
Measures the amount of return on an investment relative to the investor’s cost.
Shareable Content Object Reference Model (SCORM):
A technical standard that governs how online learning content and Learning Management Systems communicate with each other. Note: Our customers access our security awareness training modules through an LMS. Those modules all follow the SCORM standard.
social engineering indicators (SEI)
A feature of KnowBe4’s simulated phishing campaigns that shows a user the red flags they missed when clicking on a link in a simulated phishing campaign.
Artificial Intelligence Driven Agent (AIDA)
A tool that uses artificial intelligence (AI) to automatically create integrated campaigns that send emails, text, and voicemail to an employee, simulating a multi-vector social engineering attack.
Defense in depth, in order
Policies, Procedures, and Awareness: Published policies, implemented security procedures, and trained employees.
Perimeter: A firewall to prevent unauthorized access to the network.
Internal Network: Software or hardware tools that scan the network for attackers and traffic that shouldn’t be there.
Host: The individual computers on the network, running antivirus.
Application: Correct configurations, securely written code, and access privileges.
Data: Encrypting confidential data, or password protecting databases.
Why Organizations Outsource Security Awareness Training
Reduce costs Access to talent Geographic reach and scalability Compliance Mitigate risk Business Focus Leverage the cost of technology
Defense in Depth
Defense in depth is a security discipline that refers to having layers of protection in an IT infrastructure. It is designed this way so that security is not dependent on any single layer, especially in the event of an attack.