Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
29 Cards in this Set
- Front
- Back
- 3rd side (hint)
|
Attacker from anywhere in the world can send attacks. |
Universally connected devices |
|
|
|
Attackers can launch attacks against millions of computers within mins |
Increased speed of attacks |
|
|
|
Attack tools vary their behavior so the same attack appears differently each time. |
Greater sophistication of attacks |
|
|
|
Attacks are no longer limited to highly skilled attackers |
Availability and simplicity of attack tools |
|
|
|
Attackers can discover security holes in software or hardware more quickly |
Faster detection of vulnerabilities |
|
|
|
Vendors are overwhelmed trying to keep pace updating their products against the latest attacks. |
Delayed security updating |
|
|
|
Many software products lack a means to distribute security update in a timely fashion |
Weak security update distribution |
|
|
|
Attackers use thousands of computers in an attack against a single computer or network. |
Distributed attacks |
|
|
|
Organizations are having difficulty providing security for a wide array of personal devices. |
Intro of BYOD |
|
|
|
Users are required to make difficult security decisions with little or no instruction. |
User confusion |
|
|
|
Healthcare enterprises must guard protected health care info and implement policies and procedures to safeguard it, paper or electronic. |
HIPPA1996 |
|
|
|
It's an attempt to fight corporate corruption. This act covers corporate officers, auditors, and attorneys of publicly traded companies. $5million and 20 years. |
Sarbox2002 |
|
|
|
This act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information. |
GLBA1999 |
|
|
|
This is a set of security standards that all companies that process, store, or transmit credit card info must follow. |
PCI DSS |
|
|
|
Its an eletronic privacy law that covers any state agency, person, or company that does business in California. Business must inform Cali residents within 48 hours if a breach of personal information has or believed to have occured. |
Califorina Database Security Breach Notification Act 2003 |
|
|
|
Premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against noncombatant targets by subnational groups or clandestine agents. |
Cyberterrorism |
It's intent is to cause panic and provoke violence among citizen's. |
|
|
A network of attackers, identity thieves, spammers, and financial fraudsters. |
Cybercriminal |
They want to generate income. |
|
|
What are 7 types of attackers? |
Cybercriminals, Script kiddies, Brokers, Insiders, Cyberterrorist, Hactivist, and State-Spponsored attackers. |
|
|
|
Multiyear intrusion campaign targeting highly sensitive economics, proprietary, or national security info. This used advance tools and techniques. |
Advance Persistent Threat |
|
|
|
People who want to attack computers yet lack the knowledge of computers and networking to do so. |
Script Kiddies |
They get what they need from other attacker/hackers |
|
|
What do most Script Kiddies use now a days for attackes? |
Exploit Kits |
|
|
|
An attacker that sells their knowledge of a vulnerability to other attackers or even governments. |
Broker |
|
|
|
Their motivation is ideological, attacking for the sake of their principles or beliefs. They can be inactive for years and then suddenly attack in a new different way. |
Cyberterrorist |
Small group of computers or networks that can affect the largest number of users. |
|
|
Attacker who attacks for ideological reasons that are generally not as well defined as a Cyberterrorist motivation |
Hactivist |
|
|
|
Government launches computer attacks against their foes using this group. |
State-sponsored attacker |
|
|
|
It's an attacker who attempts to break into a web server or computer network . |
Cyber kill chain |
|
|
|
What are the steps for killer chain? |
1. Reconnaissance 2. Weaponzation 3. Deliver 4. Exploitation 5. Installation 6. Command and Control 7. Actions on Objectives |
|
|
|
What are the five fundamental security principles? |
Layering, limiting, diversity, obscurity, and simplicity. |
|
|
|
Automated attack package that can be used without an advance knowledge of computer. |
Exploit Kit |
|
