Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
46 Cards in this Set
- Front
- Back
threat
|
a person or organization that seeks to obtain or alter data or other assets illegally without the owner's permission and often without the owner's knowledgeÂ
|
|
Vulnerability
|
Opportunity for threats to gain access to individual or organizational assetsÂ
|
|
Safe Guard
|
some measure that individuals or organization take to block the threat from obtaining the assetÂ
|
|
TargetÂ
|
the asset that is desired by the threat
|
|
sources of threat
|
human error, computer crime, natural events and disasters
|
|
Human Error Threat
|
accidental problems caused by both employees and non employeesÂ
|
|
Computer Crime Threat
|
Employes and former employees who unintentionally destroy data or other system components
|
|
Natural Events and Disasters ThreatsÂ
|
fires, floods, hurricanes, earthquake, tsunamis, avalanches and other acts of natureÂ
|
|
Types of Security Loss
|
Unauthorized data disclosure Incorrect data modification faulty service denial of service loss of infrastructure
|
|
Unauthorized Data Disclosure
|
when a threat obtains data that is supposed to be protectedÂ
|
|
PretextingÂ
|
when someone deceives by pretending to be someone else over the phone or textingÂ
|
|
SpoofingÂ
|
pretending to be someone else from a real IP addressÂ
|
|
IP spoofing
|
pretending to be someone else from a real IP addressÂ
|
|
Email Spoofing
|
obtaining information while pretending to be someone else via email
|
|
SniffingÂ
|
intercepting computer communications, requires physical connection to network Â
|
|
Faulty Service
|
incorrect system operationÂ
|
|
UsurpationÂ
|
when computer criminals invade a computer system and replace legitimate programs with their own unauthorized ones that shut down legitimate applications and substitute their own processing to spy, steal, and manipulate dataÂ
|
|
Denial of ServiceÂ
|
human error following procedures or the lack of proceduresÂ
|
|
denial-of-service attacks
|
maliicious ahaver floods server, unintentially shut down,
|
|
Advance persistent ThreatÂ
|
sophisticated, possibly long running, computer hack that is perpetrated by large, well funded organization like governmentsÂ
|
|
Goal of IS SecurityÂ
|
to find an appropriate trade off between the risk of loss and the cost of implementing safe guards.Â
|
|
Intrusion detecting system IDS
|
a computer program that senses when another computer is attempting to scan the disk or otherwise access a computerÂ
|
|
Responding to Security ThreatsÂ
|
1. take security seriously, create strong passwords, use multiple passwords
4. send no valuable date via email or IM 5. use http at trusted reputable venders 6. clear growing history, temp files, and cookies 7. update anti-virus software 8. demonstrate security concern to your fellow workers 9. consider security for all business initiatives |
|
CookiesÂ
|
small files that your browser store on your computer when you visit websitesÂ
|
|
Manage Risk
|
Proactively balance the trade off between risk and cost
|
|
Technical Safeguards include
|
identification and authentication, encryption, firewalls, malware protection, design for secure applications
|
|
Technical Safeguards
|
involve the hardware and software components of an information systemÂ
|
|
Examples of identification and authenticationÂ
|
smart cards, biometric authroization
|
|
EncryptionÂ
|
the process of transforming clear text into coded, intelligible text of secure storage or communicationÂ
|
|
Key
|
a number used to encrypt the data
|
|
symmetric encryption
|
same key is used to encode and decode, fast and preferredÂ
|
|
asymmetric encryptionÂ
|
two keys are used, one to encode and one to decodeÂ
|
|
public key/private key
|
a special version of asymmetric encryption used on the Internet, where each site has a public key for encoding messages and a private key for decoding
|
|
HTTPS
|
secure communication over the internetÂ
|
|
Secure Socket Layer (SSL) or Transport Layer Security (TSL)
|
protocol used to encrypt data with https; uses a combination of public key/private key and symmetric encryption
|
|
FirewallsÂ
|
computer device that prevents unauthorized network accessÂ
|
|
Perimeter FirewallÂ
|
the first device that Internet traffic encounters; sits outside the organizational networkÂ
|
|
Internal Firewall
|
inside organizational network
|
|
worm
|
a virus that propagates using the internet or computer network
|
|
tojan horse
|
viruses that masquerade as useful programs or files
|
|
SpywareÂ
|
installed on user's computer without their knowledge or permissionÂ
|
|
payload
|
program code caused unwanted or harmful activityÂ
|
|
Account AdministrationÂ
|
concerns the creation of new user accounts the modification of existing account permission and the removal of unneeded accountsÂ
|
|
Stunex (APT)
|
APT reputed to have been used to set back the Iranian nuclear program by causing Iranian centrifuges to malfunction
|
|
Flame (ATP)
|
(ATP) a large and complex computer program that is reputed to have hacked into computers and to operate as a cyber spy, capturing screen images, email and text messages, and even searching nearby smartphones using Bluetooth communication/
|
|
beacons
|
tiny files that gather demographic information, use a single code to identify users by age, gender, location, likely income, and online activity. A beacon code can contain your favorite movies, whether you read online news, your shopping habits, your online dating habits, and what type of research you conduct on computer.
|