Data Security Puzzle

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859
Across
  1. 2. A weakness in system security procedures, software, hardware, design, implementation, internal controls, technical controls, physical controls, or other controls that could be accidentally triggered or intentionally exploited and result in a violation of the system's security policy
  2. 6. attack created by a flood of requests from a coordinated large number of distributed nodes to overwhelm a server.
  3. 13. a piece of code or a technique that takes advantage of a vulnerability or flaw in software or hardware to gain unauthorized access, cause unintended behavior, or disrupt a system
  4. 14. an adversary sponsored by a country's government that are often well organized and funded
  5. 16. using a carefully crafted software code that violates the operating systems access control policy and allows the attacker to gain full control of the system
  6. 17. any method by which an adversary interferes with the traffic on a physical level.
  7. 19. an attack enabled by leakage of information from a physical cryptosystem including timing, power consumption, and electromagnetic emissions.
  8. 22. one principle of persuasion that says that people will tend to avoid mistakes by acting according to what others have done
  9. 24. one principle of persuasion that says they are more likely to respond to messages from people they share similarities with or have a good feeling about
  10. 25. one principle of persuasion that workers tend to respond to people above them such as their boss or higher ups
  11. 26. a carefully crafted script in the user input to redirect a user and retrieve their login information (in the form of a cookie) from a legitimate website database.
  12. 30. an attack where the adversary uses carefully crafted code that sends the users cookie to their computer so they now control the current session
  13. 35. a document signed in organizations to ensure that technology is used for their intended purposes only.
  14. 37. a set of changes or updates to a software program or operating system, designed to fix bugs, address security vulnerabilities, or improve functionality or performance
  15. 41. the idea that users complete tasks with the least amount of cognitive effort
  16. 42. systems that closely connect hardware, software and networks that often run autonomously
  17. 43. hiding in a network and collecting all the bits that are being transferred between hosts
  18. 44. turning long numbers or passwords into smaller pieces of data to help user memory
  19. 47. type of data that includes social security number, usernames, passwords, etc..
  20. 48. a law that protects the personal private data for citizens in the European Union.
  21. 51. an event where confidential, private, protected, or sensitive information is exposed to unauthorized individuals, either through an accidental occurrence or an intentional act to steal information
  22. 52. one principle of persuasion that says perceived value is greater if they believe it is limited and they must hurry to get it
  23. 53. the type of data that is stored, transferred, inputted/outputted, or processed
  24. 54. this is the state we refer to data that is traveling across a network
  25. 55. this attack uses the amount of time it takes for each part of a cryptographic function to infer information.
  26. 58. one principle of persuasion that says people tend to repay someone that has provided them something
  27. 59. measuring the surrounding EM of the hardware to infer cryptographic keys
Down
  1. 1. type of attack that uses the fact that some data is not fully deleted
  2. 3. this is the state we refer to data that is currently being stored either on a device, server, cloud, or backup medium
  3. 4. sending fake information to a network devices, servers, or applications with malicious intent
  4. 5. one principle of persuasion that says that you can pressure someone by crafting messages to a cause they believe in
  5. 7. A type of DDoS attack that uses a large number of spoofed IP addresses to send UDP packets to overwhelm a server
  6. 8. attack intent to deny legitimate network users access to a resource such as a network, server, or website
  7. 9. carefully crafted command in the user input to execute a malicious command on the website's hosting server.
  8. 10. Individuals or groups operating domestically or internationally who use violence or threat of violence inflicted through cyber means with the intention of coercing or intimidating governments or societies into succumbing to their demands
  9. 11. a requiring that hardware respond to tampering by failing in a safe way
  10. 12. a security requirement for any hardware handling data protection
  11. 15. a string that says: this user is authenticated already
  12. 18. federal law that sets the consequences for accessing data or computers that you are not authorized to access in the federal government
  13. 19. type of data that contains roles and authorized resources to be used for reading, writing, and processing
  14. 20. type of data that sets rules for how to protect data on all other levels
  15. 21. carefully crafted SQL syntax in the user input to retrieve information stored in a database
  16. 23. erasing critical parts of memory in response to tampering
  17. 27. changing the identifyable information on a computer to be that of another computer. This can be done with MAC addresses or IP addresses
  18. 28. federal law that protects a person's health records and sets rules for how it can be used or disclosed.
  19. 29. individual that uses cyberspace to break the law
  20. 31. a mathematical algorithm that converts an input of any length into a fixed-size output, called a hash or message digest, ensuring data integrity and authenticity
  21. 32. a type of man-in-the-middle attack that allows an adversary to set up an unsecure connection to the user and establishes a secure connection with the target website gaining complete unencrypted access to user requests.
  22. 33. an electrical grid that includes central control and monitoring connecting to smart meters, smart appliances, etc..
  23. 34. a type of DDoS attack that exploits the TCP three way handshake.
  24. 36. techniques for luring a user to yield their credentials using persuasion, technological manipulation, and carefully crafted messages
  25. 38. a type of attack that measures the level of electricity needed for each bit of data. 1s use more energy than 0s.
  26. 39. this is the state we refer to data that is currently being processed by an application
  27. 40. 3D model used to represent design aspects for securing data at every level
  28. 45. an accidental or non malicious individual that makes a mistake with sharing or triggering malicious software by not following standard cyber safety protocols
  29. 46. a temporary place to put data to help predict possible next processes. This is often used to do side channel attacks as it takes a different amount of time to process compared to RAM.
  30. 49. any method by which authorized or unauthorized users are able to get around a security policy in systems.
  31. 50. a vulnerability discovered and exploited by adversaries but never reported to the software vendor, NVD, or CERT
  32. 56. federal law that affords parents the right to have access to their children's records, the right to change records, and the right to have some control over disclosure.
  33. 57. a law passed in California that protects the personal data for citizens of California.