Certificates
Link a public key to a
particular individual and are
often used as a form of
electronic identification for
that particular person.
,Sever-side Attacks
Give this one a try later!
Lack of input validation
Improper or inadequate permissions
Extraneous files
Something you do
Give this one a try later!
An authentication factor indicating action, such as gestures on a touch
screen.
Federal Information Security Management Act or Federal Information Security
Modernization Act (FISMA)
Give this one a try later!
, Ensures the protection of information, operations, and assets in the federal
government.
Requires each federal agency to develop, document, and implement an
information security program to protect its information and information
systems. Annual reviews of these programs are required to maintain
compliance and keep security risks to an acceptable level.
Cryptographic Machines
Give this one a try later!
1. The Jefferson Disk by Thomas Jefferson
2. The Enigma by Arthur Scherbius
Interception
Give this one a try later!
Interception attacks allow unauthorized users to access our data,
applications, or environments and are primarily an attack against
confidentiality. Interception might take the form of unauthorized file
viewing or copying, eavesdropping on phone conversations, or reading e-
mail, and can be conducted against data at rest or in motion. Properly
executed, interception attacks can be very difficult to detect.
Affects Confidentiality
Payment Card Industry Data Security Standard (PCI DSS)
, Give this one a try later!
Companies that process credit card payments must comply with this set of
standards
Something you have
Give this one a try later!
Authentication factor that relies on possession (FOB, Card, Cell Phone, Key)
Multifactor Authentication
Give this one a try later!
Uses one or more authentication methods for access
Buffer overflows
Give this one a try later!
Using search fields on website to insert code
Occur when we do not properly account for the size of the data input into
our applications
Proper bounds checking can nullify this type of attack entirely
Link a public key to a
particular individual and are
often used as a form of
electronic identification for
that particular person.
,Sever-side Attacks
Give this one a try later!
Lack of input validation
Improper or inadequate permissions
Extraneous files
Something you do
Give this one a try later!
An authentication factor indicating action, such as gestures on a touch
screen.
Federal Information Security Management Act or Federal Information Security
Modernization Act (FISMA)
Give this one a try later!
, Ensures the protection of information, operations, and assets in the federal
government.
Requires each federal agency to develop, document, and implement an
information security program to protect its information and information
systems. Annual reviews of these programs are required to maintain
compliance and keep security risks to an acceptable level.
Cryptographic Machines
Give this one a try later!
1. The Jefferson Disk by Thomas Jefferson
2. The Enigma by Arthur Scherbius
Interception
Give this one a try later!
Interception attacks allow unauthorized users to access our data,
applications, or environments and are primarily an attack against
confidentiality. Interception might take the form of unauthorized file
viewing or copying, eavesdropping on phone conversations, or reading e-
mail, and can be conducted against data at rest or in motion. Properly
executed, interception attacks can be very difficult to detect.
Affects Confidentiality
Payment Card Industry Data Security Standard (PCI DSS)
, Give this one a try later!
Companies that process credit card payments must comply with this set of
standards
Something you have
Give this one a try later!
Authentication factor that relies on possession (FOB, Card, Cell Phone, Key)
Multifactor Authentication
Give this one a try later!
Uses one or more authentication methods for access
Buffer overflows
Give this one a try later!
Using search fields on website to insert code
Occur when we do not properly account for the size of the data input into
our applications
Proper bounds checking can nullify this type of attack entirely
