Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
61 Cards in this Set
- Front
- Back
security
|
policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems
|
|
controls
|
methods, policies, and procedures that ensure asset safety, accuracy and reliability of records, and operational adherence to management standards
|
|
war driving
|
driving by or parking outside buildings to intercept wireless network traffic
|
|
malware
|
malicious software programs (i.e., viruses, worms, Trojan horses)
|
|
computer virus
|
rogue software programs that attach to other software programs; rely on executable action to spread to other computers
|
|
worms
|
independent computer programs that copy themselves from one computer to another over a network; do not need human action to spread; spreads more rapidly than viruses
|
|
Trojan horse
|
software program that appears to be benign but does something unexpected
|
|
SQL injection attacks
|
introduce malicious program code via poorly coded Web application software
|
|
spyware
|
small program that install themselves on computer to monitor user Web surfing activity and serve up advertising
|
|
Keylogggers
|
records every keystroke made on a computer to steal information, launch attacks, gain access to protected computer systems
|
|
hacker
|
individual who intends to gain unauthorized access to a computer system
|
|
cracker
|
a hacker with criminal intent
|
|
cybervandalism
|
intentional disruption, defacement or destruction of a Web site or information system
|
|
spoofing
|
hackers masquerading as someone else usually with a fake e-mail address
|
|
sniffer
|
a type of eavesdropping program that monitors information traveling over a network
|
|
denial-of-service (DoS) attack
|
overloading a network Web server with false communications/ requests to crash it
|
|
distributed denial-of-service (DDoS) attack
|
using numerous computers to overwhelm a network from various launch points
|
|
botnet
|
thousands of “zombie” PCs infected with malicious software
|
|
identity theft
|
a crime in which an imposter obtains key personal information to impersonate someone
|
|
phishing
|
using a fake Web site or sending legitimate-looking email to obtain confidential data
|
|
Evil twins
|
wireless networks that pretend to offer trustworthy Wi-Fi connections
|
|
Pharming
|
redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser
|
|
click fraud
|
an individual or computer program fraudulently clicks on an ad without intention to buy
|
|
cyberwarfare
|
a state-sponsored computer/network hacking activity designed to cripple/defeat another state or nation
|
|
social engineering
|
tricking employees into revealing passwords by pretending to be legitimate company members
|
|
bugs
|
program code defects
|
|
patches
|
small pieces of software that repair flaws without disturbing proper operation
|
|
Health Insurance Portability and Accountability Act (HIPAA)
|
outlines medical security and privacy rules and procedures
|
|
Gramm-Leach-Bliley Act
|
requires financial institutions to ensure the security and confidentiality of customer data
|
|
Sarbanes-Oxley Act
|
imposes responsibility on companies and management to safeguard the accuracy of financial information
|
|
computer forensics
|
scientific collection, examination, authentication, preservation, and analysis of data so that it may be used as evidence in a court of law
|
|
general controls
|
govern the design, security, and use of computer programs and the security of data files
|
|
application controls
|
procedures that ensure that only authorized data are completely and accurately process by that application; can be classified as input controls, processing controls, and output controls
|
|
risk assessment
|
determines the level of risk if an activity or process is not properly controlled
|
|
security policy
|
consists of statements ranking information risks, identifying acceptable security goals, and identifying the mechanisms for achieving goals
|
|
acceptable use policy (AUP)
|
defines acceptable uses of a firm’s information resources
|
|
identity management
|
business process and software tools for identifying valid system users and controlling their access to system resources
|
|
disaster recovery planning
|
devises plans for restoring services after a disruption
|
|
business continuity planning
|
identifies critical business process and determines action plan for handing mission-critical functions if system go down
|
|
MIS audit
|
an examination of a firm’s overall security environment and governing controls
|
|
authentication
|
ability to know that a person is who he or she claims to be
|
|
token
|
a physical device designed to prove a use’s identify
|
|
smart card
|
credit card-sized device containing a chip with access permission and other data
|
|
biometric authentication
|
measures unique physical or behavioral traits to identify user and grant access
|
|
firewall
|
a combination of hardware/software that controls the flow of incoming/outgoing network traffic
|
|
intrusion detection system
|
monitors vulnerable points or “hot spots” full-time to detect and deter intruders
|
|
antivirus software
|
prevents, detects, and removes malware, spyware, and adware
|
|
unified threat management
|
comprehensive security management products that combine firewalls, VPN, intrusion detection systems, Web content filtering, and antispam software
|
|
encryption
|
the process of transforming plain text into cipher text
|
|
Secure Sockets Layer (SSL)
|
an encryption method that enables client and server computers to manage encryption and decryption activities between computers; Transport Layer Security (TLS) is the SSL successor
|
|
Secure Hypertext Transfer Protocol (S-HTTP)
|
encryption protocol for data flowing over Internet
|
|
public key encryption
|
secure form of encryption that uses one shared 128 bit key and one private 128 bit key
|
|
digital certificates
|
data files used to establish user identity and electronic assets for protection of online transactions; uses 3rd party (certificate authority) to validate user identity
|
|
public key infrastructure (PKI)
|
the use of public key cryptography working with a certification authority
|
|
fault-tolerant computer systems
|
contain redundant hardware, software, and power supply components to provide continuous, uninterrupted service
|
|
high-availability computing
|
enables quick recovery from a system crash, but does not completely eliminate downtime
|
|
downtime
|
periods of time in which system is not operational
|
|
recovery-oriented computing
|
the development and use of methods to make computer systems resume their activities more quickly after mishaps
|
|
deep packet inspection (DPI)
|
examines data files and sorts out low-priority online material and assigns higher priority to business-critical files
|
|
managed security service providers (MSSP)
|
outsourced service providers that monitor network activity and perform vulnerability testing and intrusion detection
|
|
Service Set identifiers (SSIDs)
|
identifies the access points in a Wi-Fi network
|