Threat Environment

Edit Answers
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657
Across
  1. 4. :Process of balancing threats and protection costs for individual assets
  2. 7. :Limiting who may have access to each resource and limiting permissions to what they are able to do with the resource
  3. 8. :Formalized plan to reestablish IT operations within a firm
  4. 11. :Collecting enough data about a victim to impersonate the victim and assume their identity for financial transactions
  5. 12. :Filtering messages that are arriving at a company’s firewall from an outside source destined for hosts inside the trusted company network
  6. 15. :The practice and study of techniques for securing confidential communications
  7. 16. :Method of authentication that uses of a private key :pubic key and a trusted verifier
  8. 18. :Layers of defense such that all must be breached for an attacker to succeed
  9. 19. :Worm that will automatically infect other computers without any user interaction
  10. 21. :Filtering messages that arrive at a company’s firewall from inside the trusted network destined for hosts on the outside
  11. 23. :deep inspection of application messages across multiple packets to identify malicious activity
  12. 25. :Intentionally using a computer resource without authorization or in excess of authorization
  13. 26. :Attackers who use scripts or other applications developed by more experienced attackers
  14. 27. :Process or program that takes advantage of a known vulnerability
  15. 29. :Use of cryptographic systems to provide message-by-message authentication and integrity
  16. 31. :A pair of algorithms used to encrypt and decrypt secure communications
  17. 32. :Procedures to capture and safeguard data as evidence for criminal court proceedings
  18. 36. :Use of two authentication methods such as something you know :something you have :or something you are
  19. 37. :A malicious program that disguises itself as a legitimate system file
  20. 38. :Long passwords that contain a mix of lowercase letters :uppercase letters :numeral characters :and symbols
  21. 43. :Attacking your own systems to discover their weaknesses
  22. 46. :Use of measurements of a person’s attributes for authentication purposes
  23. 49. :A vulnerability-specific attack that occurs before a patch is available
  24. 50. :Scripts that travel with the downloaded webpage from the webserver to the browser where they are executed locally
  25. 52. :DoS attack committed by a distributed number or simultaneous attackers
  26. 53. :Successful attacks
  27. 55. :Mandatory directives that must be followed during implementation
  28. 56. :Formalized plan to reestablish a firm’s ability to continue functioning after a devastating event
  29. 57. :Methods and processes to ensure policies have been implemented properly
Down
  1. 1. :Use of authentic-looking e-mail or websites to entice the user to send his or her personal and /or confidential information
  2. 2. :Cyber-attacks by national governments
  3. 3. :Lying to get victims to persuade them to do something against their financial self-interest
  4. 5. :Tricking the victim into doing something against his or her interests
  5. 6. :A flaw in a program that permits a specific attack or set of attacks against a piece of software or hardware
  6. 9. :Cyber attackers by terrorists
  7. 10. :Trusted system or entity that will verify a supplicant’s identity
  8. 13. :Attempting to guess a password based on dictionary patterns with basic modifications to dictionary words such as capitalization or digit replacement
  9. 14. :Sample actions taken for policy oversight
  10. 17. :Instructions that are merely optional guidelines for implementation
  11. 18. :Making a computer or entire network unavailable to legitimate users by various means
  12. 20. :Part of a piece of malware that performs malicious actions
  13. 22. :Hardware or software that examines packets and determines if they are allowed to pass or not
  14. 24. :A name given to software that collects information about the user and the system without their knowledge and reports this info to another system for tracking
  15. 28. :Attempting to guess a password by using every possible combination of characters
  16. 30. :Attempting to guess a password by trying all the words in a standard or custom dictionary
  17. 33. :Closing off all avenues of attack
  18. 34. :Pieces of executable code that attach themselves to other programs
  19. 35. :The attacks and attackers that companies face
  20. 39. :Entity trying to prove their identity by supplying some form of credentials
  21. 40. :Username and password combination that are relatively static in nature and are used each time authentication occurs; most common authentication method
  22. 41. :The actions that a person given access to a resources is allowed to take
  23. 42. :Method for malware to move to a victim computer
  24. 44. :Full stand-alone malware programs that operates and or replicates by itself
  25. 45. :General purpose exploitation programs that can be remotely controlled after installation
  26. 47. :Broad statements of what should be accomplished :not how to accomplish it
  27. 48. :Some form of proof of identity
  28. 51. :Alternate way back into a system
  29. 54. :General term for any evil software that does harm to your system