Cybersecurity 2

12345678910111213141516171819202122232425262728
Across
  1. 2. Business Email Compromise, a type of fraud targeting organizations for financial gain.
  2. 4. IT Unauthorized use of IT systems or software within an organization.
  3. 6. National Institute of Standards and Technology, a U.S. organization providing cybersecurity frameworks.
  4. 9. Modeling A process to identify, understand, and mitigate potential threats to systems.
  5. 10. Dashboard A visual interface displaying security events and analytics.
  6. 12. Software or hardware that records keystrokes to steal information.
  7. 14. Hijacking Taking control of an active session between a user and a system.
  8. 16. Self-replicating malware that spreads without user intervention.
  9. 18. Kit A toolkit used to automate exploitation of vulnerabilities in systems.
  10. 21. Threat A malicious threat originating from within the organization.
  11. 23. Engineering Psychological manipulation of individuals to divulge confidential information.
  12. 25. Actor An individual or group engaged in malicious cyber activities.
  13. 28. A layered approach to cybersecurity with multiple defensive mechanisms.
Down
  1. 1. ATT&CK A framework describing adversary tactics and techniques used in cyberattacks.
  2. 2. Force Attack A trial-and-error method used to gain access to accounts or systems.
  3. 3. Common Vulnerabilities and Exposures, a database of publicly disclosed vulnerabilities.
  4. 4. Protocols that encrypt data in transit to secure communications.
  5. 5. The process of moving laterally within a network to access other systems.
  6. 7. Trust Architecture A security model where no entity is trusted by default, even within the network.
  7. 8. Positive A benign event flagged as malicious by a detection tool.
  8. 11. A network of compromised devices controlled by an attacker.
  9. 13. Malicious software designed to gain unauthorized root-level access to a system.
  10. 15. Injection An attack method to exploit vulnerabilities in databases through SQL queries.
  11. 17. Address A unique identifier assigned to a network interface for communication.
  12. 19. Escalation Exploiting a vulnerability to gain higher access permissions.
  13. 20. Privilege A principle ensuring users have only the permissions necessary to perform their roles.
  14. 22. Proof of Concept, a demonstration of a security vulnerability.
  15. 24. Table A precomputed table used to crack password hashes.
  16. 26. Positive A legitimate security event correctly identified by a detection tool.
  17. 27. Spoofing A cyberattack that redirects a domain to a malicious IP address.