Social engineering is the art of gaining access to facilities, information systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques. Social engineering is successful because most people innately want to trust other people and are naturally helpful.
Elicitation is the strategic use of conversation to extract information from people without them feeling interrogated.
Security Infractions is any incident of noncompliance that does not involve the loss, compromise, or suspected compromise of classified information.
Security Violations is any Loss, Compromise, or Suspected Compromise of Classified Information.
Spear phishing is an attack focused on a user, organization, or group. It is designed to look like a message from a friend or trusted source. This type of attack uses a link which, when opened, deploys spyware which steals information.
Malware is software designed to break into or damage a computer system.
Phishing is an attempt to trick people into giving up sensitive information. A phishing attack can be an e-mail, a Web site, a phone call, or contact via a social network.
APT is the Advanced Persistent Threat.
SCI is Sensitive Compartmented Information.
NISP is the National Industrial Security Program.
NISPOM is the National Industrial Security Program Operating Manual.
SAP is Special Access Program (SAP).
DD Form 254 is a contract security classification specification.