Social Engineering and Other Foes (Ch. 10) Flashcards
(36 cards)
A control implemented through administrative policies or procedures.
administrative control
A physical security deterrent used to protect a computer.
cable lock
Server room aisles that blow cold air from the floor or aisles in which the fronts of the devices face the AC ouput
cold aisles
Gap controls that fill in the coverage between other types of vulnerability mitigation techniques.
compensating controls
Processes or actions used to respond to situations or events.
control
Technical, physical, or administrative measures in place to assist with resource management.
control types
Getting rid of/destroying media no longer needed.
data disposal
Controls that are intended to identify and characterize an incident in progress (for example, sounding the alarm and alerting the administrator).
detective control
Looking through trash for clues often in the form of paper scraps to find users passwords and other pertinent information.
dumpster diving
An electrically conductive wire mesh or other conductor woven into a cage that surrounds a room and prevents electromagnetic signals from entering or leaving the room through the walls.
Faraday cage
The act of stopping a fire and preventing it from spreading.
fire suppression
Typically, an email message warning of something that isn’t true, such as an outbreak of a new virus. A hoax can send users into a panic and cause more harm than the virus.
hoax
A server room aisle in which the hot air exhaust of devices face the warm air return of an AC
hot aisles
Pretending to be another person to gain information.
impersonation
The process of determining what information is accessible, to what parties, and for what purposes.
information classification
A device, such as a small room, that limits access to one or a few individuals.
mantrap
The correct method of extinguishing a fire with an extinguisher: Pull, Aim, Squeeze, and Sweep.
PASS method
Security set up on the outside of the network or server to protect it.
perimeter security
ard required of federal employees and contractors to gain access (physical and logical) to government resources.
Personal Identity Verification (PIV) C
Information that can be uniquely used to identify, contact, or locate a single person. Examples include Social Security number, driver’s license number, fingerprints, and handwriting.
personally identifiable information (PII)
A form of social engineering in which you simply ask someone for a piece of information that you are missing by making it look as if it is a legitimate request.
phishing
ontrols and countermeasures of a tangible nature intended to minimize intrusions.
physical controls C
Controls intended to prevent attacks or intrusions.
preventive controls
A state of security in which information isn’t seen by unauthorized parties without the express permission of the party involved.
privacy
