Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
38 Cards in this Set
- Front
- Back
Information Security can be compared to |
Risk Assessment (Though there is more to it than that) |
|
What are the layers of an organizations' Security?
|
> Physical > Personnel > Operations > Communications > Network > Data or Information |
|
Management, Netowork, and Data all must work together with a common . . .
|
Policy
|
|
When was Arpanet active?
|
1960's
|
|
The ________ worm was active in ________ ?
|
Morris / 1988
|
|
What did the Morris Worm exploit?
|
Sendmail RSH Finger (Worked as a DoS) |
|
What are three concepts for information security? (CIA)
|
Confidentiality Integrity Availability |
|
"Our focus is ______ _________ have the ______ _____ level to the data ______ they are authorized to have it.
|
right people / correct access / when
|
|
A better name for Info Security is...
|
Information Assurance
|
|
When _______ meet up with _________________ we have a provblem
|
attacks / vulnerabilities
|
|
How is Bottom-up Security Training done?
|
Sys admin goes to training
|
|
How is Top-Down Security training done?
|
CEO goes to a retreat and learns that a competitor has been hacked...cost the company millions.
|
|
What is the cheaper Security Certification?
|
CompTIA Security+ > 100 questions, some 'simulation' > $300 |
|
What is the more expensive Security Certifications? |
CISSP Experience Requirement > 6 hrs > $600 |
|
Info Assurance should be ___________ into the business.
|
Integrated
|
|
What are the top 3 categories of threat?
|
Compromises to intellectual property Software attacks Deviations in quality of service |
|
What are some network attacks?
|
Spoofing Man-in-the-middle Spam DDoS Sniffers Phishing |
|
What are some software dev. problems?
|
Buffer overruns Command injection Cross-site scripting Failure to handle errors Failure to protect network traffic Failure to store and protect data securely Failure to use cryptographically strong random numbers |
|
What are some sources of physical loss?
|
Extreme Temperature Gases Liquids Living Organisms Projectiles Movement Energy Anomalies |
|
What must be kept out of surveillance videos?
|
Sound / Audio
|
|
What are Laws?
|
Rules that mandate or prohibit certain societal behavior. Carry sanctions of governing authority.
|
|
What do ethics define?
|
Socially acceptable behavior. No sanctions of governing authority.
|
|
What are Civil laws?
|
Governs nation or state; manages relationships/conflicts between organizational entities and people.
|
|
What are Criminal laws?
|
Addresses violations harmful to society; actively enforced by the state.
|
|
What are Private laws?
|
Regulates relationships between individuals and organizations (family law)
|
|
What are Public laws?
|
Regulates structure/administration of government agencies and relationships with citizens, employees, and other governments (structure of government)
|
|
What and when was the Patriot Act?
|
2001 / Provides law enforcement agencies with broader latitude in order to combat terrorism-related activities.
|
|
What is the USA PATRIOT Improvement and Reauthorization Act
|
Made permanent fourteen of the sixteen expanded powers of the Dept. of Homeland Security and the FBI in investigating terrorist activity.
|
|
Computer Security Act of 1987
|
One of the first attempts to protect federal computer systems by establishing minimum acceptable security practices.
|
|
What are ethics?
|
Moral principles that govern a person's or group's behavior.
|
|
What is Moral Principle
|
The principles of right and wrong that are accepted by an individual or a social group
|
|
Cultural differences can affect ethics. Scenarios are grouped into:
|
Software License Infringement Illicit Use Misuse of Corporate Resources |
|
What are some ethical areas?
|
Anonymity on the Internet Intellectual Property Professional Responsibility Global nature of computing |
|
What is the first step of the Risk Lifecycle?
|
Risk Identification > Identify, inventory, classify, prioritize the assets and threats |
|
What is the second step of the Risk Lifecycle?
|
Risk Assessment > Identify vulnerabilities between assets and threats & Identify and quantify asset exposure. |
|
What is the third step of the Risk Lifecycle
|
Risk Control > Select strategy, Justify Controls, Implement and monitor controls. |
|
What are some components of risk identification?
|
People Procedures Data Software Hardware |
|
What are some questions to ask in Threat Assessment?
|
Which threats present danger to assets? Which threats represent the most danger to information? How much would it cost to recover from attack? Which threat requires greatest expenditure to prevent? |