Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
92 Cards in this Set
- Front
- Back
Active Threats
|
computer fraud and computer sabotage
|
|
Adware
|
a type of spyware that displays advertisements, typically in pop-up windows
|
|
Archive Bit
|
a bit used to determine whether or not a file has been altered
|
|
Attack Vectors
|
methods of attacks by hackers, typical corresponding to particular vulnerabilities
|
|
Backdoor
|
a remote access Trojan that permits the hacker to remotely take control of the victim's computer
|
|
Biometric Hardware Authentication
|
systems that automatically identify individuals based on their fingerprints, hand sizes, retina patterns, and other personal features
|
|
Black Hat Hackers
|
hackers that attack systems for illegitimate reasons
|
|
Botnets
|
collections of tens or hundreds of thousands of zombie computers that are often used to engage in malicious conduct
|
|
Buffer Overflow Exploit
|
a type of exploit that causes the target program to attempt to store more data in a given portion of computer memory than the program was designed to store
|
|
Browser Exploit
|
a type of exploit that takes advantage of a vulnerability in a web browser
|
|
Business Continuity Planning (BCP)
|
the same as disaster recovery planning, though distinctions are sometimes made between the two terms (within some time limit)
|
|
Chief Security Officer
|
individual charged with management of the computer security system
|
|
Code Injection
|
a type of exploit that involves tricking a computer program to accept and run software supplied a user
|
|
Cold Site
|
an alternate computing site that contains the wiring for computers but no equipment
|
|
Cloned Cell Phone
|
a copy of a cell phone. the copy permits the holder to make and receive phone calls, and text messages, just as if the copy were the original phone
|
|
Cloud
|
another name for the Internet
|
|
Cloud Computing
|
the use of Cloud-based services and data storage on the Internet
|
|
Computer Fraud and Abuse Act of 1986
|
makes it a federal crime to knowingly and with intent fraudulently gain unauthorized access to data stored in the computers of financial institutions, the federal government, or computers operating in interstate or foreign commerce
|
|
Consensus-Based Protocols
|
systems that contain an odd number of CPU processors; if one processor disagrees with the others, it is thereafter ignored
|
|
Control Objectives for Information and Related Technology (COBIT)
|
a code of best practices and information-security framework published by the Information Systems Audit Control Association (ISACA) and the IT Governance Institute
|
|
COSO Reports
|
a group of internal control related and risk management related reports published by a consortium of accounting organizations
|
|
Database Shadowing
|
a duplicate of all transactions is automatically recorded
|
|
Denial of Service Attacks
|
involve flooding victim with such enormous amounts of illegitimate network traffic that the victims become so overloaded that they can no longer process legitimate traffic
|
|
Differential Backup
|
an incremental backup in which the file archive bits are not reset to 0 during the backup process
|
|
Disaster Recovery Plan
|
a contingency plan for recovering from disasters
|
|
Disk Mirroring/Disk Shadowing
|
fault tolerant processing control that involves writing all data in parallel to two disks, or from one disk to a remote location
|
|
Distributed Denial Service Attack
|
a denial attack that is distributed over many different nodes on the Internet or other network.
|
|
Dumpster Diving
|
sifting through garbage to find confidential information
|
|
Emergency Operations Center
|
a predesignated site designed to assist in disaster recovery
|
|
Emergency Response Team
|
individuals who direct the execution of a disaster recovery plan
|
|
Escalation Procedures
|
state the conditions under which a disaster should be declared, who should declare it, and who that person should notify when executing the declaration
|
|
Exploit
|
occurs when a hacker takes advantage of a bug, glitch, or other software or hardware vulnerability to access the software or hardware, or related data in an unauthorized manner
|
|
Fault-Tolerant Systems
|
use of redundant components such that if one part of the system fails, a redundant part immediately takes over, and the system continues operating with little or no interruption
|
|
File-Access Control
|
prevent unauthorized access to both data and program files
|
|
Firewalls
|
hardware or software that filters or restricts the incoming flow of data on a network.
|
|
Flagged
|
marking and locking out a disk or DASD sector so that it will not be used again after it has been found to be unreliable
|
|
Flying-Start Site
|
an alternate processing site that contains the necessary wiring and equipment, and also up-to-date backup data and software
|
|
Full Backup
|
all files on a given disk are backed up
|
|
FTP
|
a client-server file transfer protocol; requires a server on one end of file transfers
|
|
Grahm-Leach-Bliley Act
|
makes it a federal crime, with a maximum sentence of 10 years in prison, to pretext any kind of information that relates between a consumer and a financial institution
|
|
Grey-Hat Hackers
|
white hat hackers who skirt along the edges of the law
|
|
Grid
|
a network that functions like the Internet, but is much much faster.
|
|
Grid Cluster
|
a group of computers that function together in a grid environment
|
|
Grid Computing
|
the work done by a grid cluster
|
|
Hackers
|
individuals who attack computer systems for fun, challenge, and gain
|
|
Hot Site
|
an alternate computer processing site that contains the wiring and the equipment as well
|
|
Hypervisor
|
in software environments involving virtualization, the master program that controls the individual instances of operating systems running in the virtual machine
|
|
Incremental Backup
|
all files whose archive bit is set to 1 are back up
|
|
Information Security
|
protecting information and IS from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability
|
|
Information Security Management System (ISMS)
|
the subsystem of organization that controls risks relating to information security
|
|
Intruder
|
anyone who accesses computer equipment, data, or files without proper authorization
|
|
ISO 27000 Family of Standards
|
an internationally recognized series of information security standards promulgated by the ISO
|
|
ISO 27002
|
one of the ISO family of standards; a code of best practices in information security
|
|
Keyboard Loggers
|
secretly record and transmit to the hacker all the victims keystrokes
|
|
Layered Approach to Access Control
|
erecting multiple layers of access control that separate a would-be perpetrator from potential targets
|
|
Locked Files
|
a program can be run but not looked at or altered
|
|
Logic Bomb
|
a dormant piece of malicious code placed in a computer program for later activation by a specific event
|
|
Malware
|
any type of malicious software
|
|
Passive Threats
|
system faults and natural disasters
|
|
PDCA methodology
|
life-cycle methodology for systems development: Planning, Doing, Checking, and Acting
|
|
Phishing
|
a form of social engineering that is aimed at tricking its victims into giving information, money, or other valuable assets to the perpetrator
|
|
Piggybacking
|
in communications, the interception of legitimate information and substitution of fraudulent information in its place
|
|
Port Scanner
|
a hardware or software device that remotely scans networked computers, searching for responses on open ports connected to software that has known vulnerability
|
|
Pretexting
|
a form of social engineering in which the perpetrator impersonates another, typically in a phone call or electronic communication
|
|
Proxy Server
|
hardware or software that filters or restricts the flow of outgoing data on a network.
|
|
Qualitative Approach to Risk Assessment
|
a system's vulnerabilities and threats are listed and subjectively ranked in order of their contribution to the company's total loss exposure
|
|
Quantitative Approach to Risk Assessment
|
each loss exposure is computed as the product of the cost of an individual loss times the likelihood of its occurance
|
|
Read-After-Write-Checks
|
a DASD rereads a sector after writing it to disk, confirming that it was written without error
|
|
Risk Management
|
the process of assessing and controlling computer system risks
|
|
Risk-Seeking Perpetrator
|
one who will take very big risks for a small reward
|
|
Rollback Processing
|
transactions are not written to disk until they are complete so that if power fails or another fault occurs while a transaction is being written, the database program may automatically roll itself back to its prefault state
|
|
Sandbox
|
a logical space confined to the browser environment, with no access to the general computer files and data
|
|
Service Bureau
|
provides data processing services to companies who choose not to process their own data
|
|
Shared Contingency Agreement
|
an agreement between two companies in which each company agrees to help the other with disaster recovery
|
|
Shoulder Surfing
|
the surreptitious direct observation of confidential information
|
|
Site-Access-Controls
|
controls that physically separate unauthorized individuals from computer resources
|
|
Social Engineering
|
involves manipulating victims in order to trick them into divulging privileged information
|
|
Software as a Platform (SaaP)
|
a type of SaaS that provides subscribers the capability of developing their own SaaS accounting applications
|
|
Software as a Service (SaaS)
|
IT related capabilities provided as a service via the Internet
|
|
Software Privacy
|
the copying and distributing of copyrighted software without permission
|
|
Spyware
|
Trojans seek to gain the victims personal information or modify the victim's interaction with his computer in a way that provides some financial or other gain to the perpetrator
|
|
System-Access Controls
|
software-oriented controls designed to keep unauthorized users from using the system by such means as account numbers, passwords, and hardware devices
|
|
System Faults
|
system component failures, such as disk failures or power outages
|
|
Telephone Records and Privacy Protection Act of 2006
|
makes it a federal felony for anyone other than law enforcement or intelligence officers to pretext phone records
|
|
Threat
|
a potential exploitation of a system vulnerability
|
|
Trojan Horse
|
a malicious program masquerading as a legitimate one, or that appears to come from a legitimate source
|
|
Virtualization
|
involves running multiple operating systems, or multiple copies of the same operating system, all on the same machine
|
|
Virus Program
|
a type of malware that affects its host-victim in some negative way
|
|
Vulnerability
|
a weakness in a system
|
|
Watchdog Processor
|
a second CPU processor that takes over processing if something happens to the first CPU processor
|
|
White Hat Hackers
|
legitimately probe systems for weaknesses in order to help with security
|
|
Worm
|
a type of malware program that spreads itself over a computer network
|