Unit 2 Vocabulary: The Human Factor

Edit Answers
1234567891011121314151617181920
Across
  1. 1. Deceptive schemes or rumors created with the intent to mislead or trick people. They are typically spread through various channels, including social media, email, or other forms of communication.
  2. 4. A formal set of rules, guidelines, or principles established by an organization to govern its operations and decision-making. Often outline security procedures and best practices.
  3. 10. A form of cyberattack where attackers impersonate legitimate organizations or individuals to trick recipients into revealing sensitive information like login credentials, personal details, or financial data. It's often done through deceptive emails, websites, or messages.
  4. 14. A type of phishing that occurs through text messages or SMS. Attackers send fraudulent messages that may contain malicious links or ask for sensitive information.
  5. 16. A tactic where an attacker manipulates individuals into approaching them for information or assistance. The attacker, in this case, positions themselves as a helpful resource to extract information or gain access.
  6. 17. The unauthorized access, exploration, or manipulation of computer systems, networks, or data. It can have both positive and negative connotations.
  7. 19. Occurs when an unauthorized person gains physical access to a restricted area or building by following an authorized person without their knowledge or consent.
  8. 20. To reduce or lessen the severity or impact of a problem or risk. It involves taking steps to minimize the potential harm from security threats or vulnerabilities.
Down
  1. 2. A method used by individuals to manipulate, deceive, or trick people into revealing confidential information or taking actions that compromise security. It relies on psychological manipulation and often involves impersonating a trusted entity to gain unauthorized access to sensitive data or systems.
  2. 3. A form of social engineering where the attacker creates a fabricated scenario to obtain information or gain trust. This often involves impersonating someone else, such as a co-worker, to trick individuals into divulging sensitive data.
  3. 5. A social engineering technique that involves offering something enticing (e.g., a free download, software, or a physical device) to lure individuals into taking actions that compromise their security, such as downloading malicious software or revealing sensitive information.
  4. 6. A detailed step-by-step process or set of actions that need to be followed to accomplish a specific task or objective. Often provide instructions on how to implement security measures or respond to security incidents.
  5. 7. The act of spying on someone's computer screen or keypad from a close distance to obtain sensitive information, such as login credentials, PINs, or personal data, without their knowledge or consent.
  6. 8. Refers to the practice of collecting and analyzing information from publicly available sources, such as social media, websites, and news articles, to gather intelligence about individuals, organizations, or events.
  7. 9. Involves rummaging through trash or discarded materials, such as documents, hard drives, or electronic devices, in search of information that can be used for malicious purposes, like identity theft or data breaches.
  8. 11. A social engineering technique that uses phone calls to deceive individuals into revealing personal or financial information. Attackers often impersonate trusted entities to gain the victim's trust.
  9. 12. A specialized form of spear-phishing that specifically targets high-profile individuals, such as executives or senior management within an organization. The goal is to steal sensitive information or gain access to their accounts.
  10. 13. A highly targeted form of phishing that focuses on a specific individual, organization, or department. Attackers conduct detailed research to personalize their phishing attempts, making them more convincing.
  11. 15. A type of social engineering that relies on phone calls to deceive individuals into revealing personal or financial information.
  12. 18. Malicious software or deceptive advertisements that exploit fear or intimidation to trick users into purchasing fake security software or taking actions that compromise their computer's security. Often displays false alerts about non-existent threats to scare users into paying for a solution.