Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
16 Cards in this Set
- Front
- Back
|
Insiders
|
-legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident
|
|
|
Social Engineering
|
-using one's social skills to trick people into revealing access credentials or other valuable information
|
|
|
Steps for Creating an Information Security Plan
|
1. Develop policies
2.Communicate the policies 3. Identify critical information assets and risks 4.Test and reevaluate 5. Obtain stake holder support |
|
|
First Line of Defense
|
-people
|
|
|
Second Line of Defense
|
-technology
|
|
|
Authentication
|
-second line of defense
-method for confirming users' identities |
|
|
Authorization
|
-second line of defense
-process of giving someone permission to do or have something |
|
|
Identity Theft
|
-forging of someone's identity for the purpose of fraud
|
|
|
Phishing
|
-technique to gain personal information for the purpose of identity theft, usually by means of fraudulent email
|
|
|
Tokens
|
-small electronic devices that change user passwords automatically
|
|
|
Smart Card
|
-card that can store information or software
-can be used for identification, cash or data storage |
|
|
Biometrics
|
-identification of a user based on a physical characteristic
|
|
|
Content Filtering
|
-when organizations use software that filters content to prevent the transmission of unauthorized information
|
|
|
Public Key Encryption
|
-an encryption system that used to keys: a public key that everyone can have and private key for only the recipient
|
|
|
Firewall
|
-a hardware and or software that guards a private network by analyzing the information leaving and entering the network
|
|
|
Security Threats to Ebusiness
|
1.elevation of privilege- hacker gets into a system through guest account then gains administrative privileges
2. hoaxes- masking the attack in a seemingly legitimate message 3. malicious code- viruses, worms and Trojan horses 4. spoofing- forging of return address on an email so that the message appears to come from someone other than the actual sender 5.spyware 6.sniffer- program that can montier data traveling over a network |
