Glossary Terms From Module 2

What is adversarial artificial intelligence (AI)?

A technique that manipulates AI and machine learning technology to conduct attacks more efficiently.

What does BEC stand for and what does it refer to?

Business Email Compromise; a type of phishing attack where a threat actor impersonates a known source to obtain financial advantage.

What is CISSP?

Certified Information Systems Security Professional; a globally recognized information security certification awarded by the International Information Systems Security Certification Consortium.

What is the definition of a computer virus?

Malicious code written to interfere with computer operations and cause damage to data and software.

What is a cryptographic attack?

An attack that affects secure forms of communication between a sender and intended recipient.

Who is considered a hacker?

Any person who uses computers to gain access to computer systems, networks, or data.

What is malware?

Software designed to harm devices or networks.

What is a password attack?

An attempt to access password secured devices, systems, networks, or data.

Define phishing.

The use of digital communications to trick people into revealing sensitive data or deploying malicious software.

What is a physical attack?

A security incident that affects both digital and physical environments where the incident is deployed.

What is physical social engineering?

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.

What does social engineering refer to?

A manipulation technique that exploits human error to gain private information, access, or valuables.

What is social media phishing?

A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack.

What is spear phishing?

A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source.

Define a supply-chain attack.

An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed.

What is USB baiting?

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network.

What does vishing involve?

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.

Define a watering hole attack.

A type of attack when a threat actor compromises a website frequently visited by a specific group of users.