Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
71 Cards in this Set
- Front
- Back
access controls
|
controls that restrict unauthorized individuals from using information resources and are concerned with user identification
|
|
adware
|
alien software designed to help pop-up ads appear on your screen
|
|
alien software
|
clandestine software that is installed on a computer through duplicitious methods
|
|
anti-malware systems
|
software packages that attempt to identify and eliminate viruses, worms, and other malicious software
|
|
audit
|
an examination of inofmration systems, their imputs, outputs and processing
|
|
authentication
|
a process that determines the identity of the person requiring access
|
|
authorization
|
a process that determines which actions, rights, or privileges the person has, based on verified identity
|
|
back door
|
aka trap door -typically a password, known only to the attacker, that allows the attacker to access the system without having to go through any security procedures
|
|
biometrics
|
the science and technology of authentication by measuring the subjects physiologic or behavioral characteristics
|
|
backlisting
|
a process in which a company identifies certain types of software that are not allowed to run in the company enviornment
|
|
certificate authority
|
a 3rd party that acts as a trusted intermediary between computeres and companies by issuing digital certificates and verifying the worth and integrity of the certificates
|
|
cold site
|
a backup location that provides only rudimentary services and facilities
|
|
communications (network) controls
|
controls that deal with the movement of data across networks
|
|
controls
|
defense mechanism aka countermeasures
|
|
cookies
|
small amoutns of info. that web sties stor on your computer, temporarily or more-or-less permanently
|
|
copyright
|
a grant that provides the creator intellectual property with ownership of it for the life of the creator plus 70 yurs
|
|
cybercrime
|
illegal activities executed on the internet
|
|
cyberterrorism
|
a premeditated, politically motivated attack against info. computer systems computer programs and data that results in violence against noncombatant targets by subnational groups or clandestine agents
|
|
cyberware
|
war in which a coutnrys info. systems could be paralyzed from a massvice attack by destructive software
|
|
demilitarized zone (DMZ)
|
a separate organizational local area network that is located between an organizations internal network and external network usually the internet
|
|
denial-of-service attack
|
a cyberattack in which an attacker sends a flood of data packets to the target computer with the aim of overloading its process
|
|
digital certificate
|
an electronic document attachde to a file certifying that this file is from the organization it claims to be from and has not been modified from its original format or consent
|
|
distributed denial-of-service (DDoS)
|
A denail of service attack that sends a flood of data packets from many comprised computers simultaneously
|
|
employee monitoring systems
|
systems that monitor employees computers, emails, and internet surfing
|
|
encryption
|
the process of converting an original message into a form that cannot be read by anyone except the intended reciever
|
|
exposure
|
the harm, loss, or damage that can result if a threat compromises an info. resource
|
|
firewall
|
a system that prevents a specific type of info. from moving between untrusted networks, such as the internet, and private networkds, such as your companys network
|
|
hot site
|
a fully configured computer facility with all info. resources and services, comm. links, and physical plant operations, that duplicate a companys computing resources and provide near real time recovery of IT operations
|
|
identity theft
|
crime in which someone uses the personal info of others to create a false id and then uses it for some fraud
|
|
information security
|
protecting an organizations info. and info systems from aunauthorized access use or disclosure
|
|
info. systems control
|
the procedures devices or software aimed at preventing a compromise to a system
|
|
intelectual property
|
the intangible property created by individuals or corporations that is protected under trade secret patent and copyright laws
|
|
keystroke loggers (keyloggers)
|
hardware or software that can detect all keystrokes made on a compromised computer
|
|
least privilege
|
a principle that users can be granted the privilege for some activity only if there is a justifiable need to grant this authorization
|
|
logic bomb
|
segments of computer code embedded within an organizations existing computer programs
|
|
malware
|
malicious software sucha as viruses and worms
|
|
password
|
a series of characters that only the user should know
|
|
patent
|
a document that grants the holder exclusive rights on an invention for 20 yrs
|
|
passphrase
|
a series of characteristics that is longer than a password but that can be memorized easily
|
|
phishing attack
|
an attack that uses decetion to fraudulently acquire sensitive personal info by masquerading as an official looking email
|
|
physical controls
|
controls that restrict unauthorized individuals from gaining access to a companys computer facilities
|
|
piracy
|
copying a software program without payemnt to the owner
|
|
privilege
|
a collection of related computer system operations that can be performed by users of the system
|
|
public-key encryption
|
a type of encryption that uses 2 diff. keys a public key and private key
|
|
risk
|
the likely hood that a threat will occur
|
|
risk acceptance
|
a strategy in which the organization accepts the potential risk continues to operate with no controls and absorbs anydamage that will occur
|
|
risk analysis
|
the process by which an organ. assesses the value of each asset being protected estimates the probability that each asset might be compromised and compares the probable costs of each being compromised with the costs of protecting it
|
|
risk limitation
|
a strategy in which the organ. limits its risk by implementing controls that minimize the impact of a threat
|
|
risk management
|
a process that identifies controls and minimizes the impact of threats in an effort to reduce risk to manageable levels
|
|
risk mitigation
|
a process whereby the organ. takes concrete actions against risks such as implementing controls and developing a disaster recovery pain
|
|
risk transference
|
a process in which the organization transfers the risk by using other means to compensate for a loss such as by purchasing insurance
|
|
SCADA (Supervisory Control and Data Acquistion)
|
Largescale, distributed, measurement and control systems used to monitor or to control chemical physical or transport processes
|
|
secure socket layer (SSL)
|
an encryption standard used for secure transactions such as credit card purchases and online banking
|
|
security
|
the degree of protection against criminal activity, danger, damage, and or loss
|
|
signature recognition
|
the user signs his or her name and the system matches this signature with one previously recorded under controlled monitored conditions
|
|
social engineering
|
getting around security systems by tricking computer users inside a company into revealing sensitive information or gaining unauthorized access privileges
|
|
spam
|
unsolicited email
|
|
spamware
|
alien software that uses your computer as a launch platform for spammers
|
|
spyware
|
alien software that can record keystrokes and or capture passwords
|
|
strong passwords
|
passwords that are difficult to guess
|
|
threat
|
any danger to which info. resource may be exposed
|
|
trade secret
|
intellectual work, such as a business plan that is a company secret and is not based on public information
|
|
trojan horse
|
a software program containing a hidden function that presents a security risk
|
|
tunneling
|
a process that encrypts each data packet to be sent and places each encrypted packet inside anothr packet
|
|
virtual private network(VPN)
|
a priovate network that uses a public network to securely connect users by using encrytion
|
|
virus
|
malicious computer code that can attach itself to other computer programs without the owner of the program being aware of the infection
|
|
voice recognition
|
the user speaks a phrase that has been previously recorded under controlled monitored conditions and the voice recognition system matches the 2 voice signals
|
|
vulnerablility
|
the possibility that an information resource will suffer harm by a threat
|
|
warm site
|
a site that provides many of the same services and options of a hot site but does not include the complany applications
|
|
whitelisting
|
a process in which a company identifies acceptable software and permits it to run and either prevents anything else from running or lets new software run in a quarantined enviornment until the company can verify its validity
|
|
worm
|
destructive computer code that replicates iself without requiring another program to provide safe enviornment for replication
|