Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
23 Cards in this Set
- Front
- Back
|
Five Factors Contributing to Vulnerability
|
– Today’s interconnected, interdependent, wirelessly networked business environment
– Smaller, faster, cheaper computers & storage devices – Decreasing skills necessary to be a computer hacker – International organized crime taking over cybercrime – Lack of management support |
|
|
unintentional threats to information systems |
Human Errors
Social Engineering |
|
|
deliberate threats to information systems |
Espionage or Trespass •
Information Extortion • Sabotage or Vandalism • Theft of Equipment or Information • Identity Theft • Compromises to Intellectual Property |
|
|
Remote Attacks Requiring User Action
|
Virus
Worm Phishing Attack Spear Phishing Attack |
|
|
virus |
malicious software that can attach itself to other computer programs without the owner of the program being aware of the infection |
|
|
worm |
destructive programs that replicate themselves without requiring another program to provide a safe environment for replication |
|
|
phishing attack |
an attacks that uses deception to fraudulently acquire sensitive personal information by masquerading as an official looking email |
|
|
Attacks by a Programmer Developing a System
|
Trojan Horse
Back Door Logic Bomb |
|
|
logic bomb |
segments of computer code embedded within an organizations existing computer programs |
|
|
Trojan Horse |
a software program containing a hidden function that presents a security risk |
|
|
back door |
typically a password, known only to the attacker that allows the attacker to access the system without having to go through any security procedures |
|
|
Alien Software
|
• Adware • Spyware – Keyloggers • Spamware • Cookies – Tracking cookies
|
|
|
Physical Controls
|
Prevent unauthorized individuals from gaining access to a company’s facilities.
|
|
|
Access Controls
|
controls that restrict unauthorized individuals from using information resources and are concerned with user identification Authentication • Authorization |
|
|
Authentication
|
Something the user is •
Something the user has • Something the user does • Something the user knows – Passwords |
|
|
Communication Controls
|
controls that deal with the movement of data across the network • Firewalls • Anti-malware Systems • Whitelisting and Blacklisting • Encryption • Virtual Private Networking • Secure Socket Layer • Employee Monitoring Systems |
|
|
Business Continuity Planning
|
Disaster Recovery Plan •
Hot Site • Cold Site |
|
|
hot site |
a fully configured computer facility, with all information resources and services, communications links, and physical plant operations, that duplicates your company's computing resources and provides near real time recovery of IT operations |
|
|
cold site |
a backup location that provides only rudimentary services and facilities |
|
|
audit |
an examination of information systems, their inputs, outputs, and processing |
|
|
auditing around the computer |
checking for known outputs using specific inputs |
|
|
auditing through the computer |
auditors check inputs outputs and processing |
|
|
auditing with the computer |
using combination of client data , auditor software, and client and auditor software |
