Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
10 Cards in this Set
- Front
- Back
- 3rd side (hint)
|
What are three methods of control that IT security professionals use to maintain confidentiality integrity and availability of company data? |
Physical: Implementation of alarm systems, surveillance cameras, computer locks, proximity locks, ID cards, security guards.
Technical: Use of smart cards, access control lists (ACLs), encryption, and network authentication.
Administrative: implementation of pkjyyyyyyyyolicies and company procedures, security awareness training, contingency planning, and disaster recovery plans (DRPs). |
|
|
|
What are the two subsections that the Administrative controls can be broken down into? |
Procedural Controls Legal/Regulatory Controls |
|
|
|
What are 4 basic types of threats you need to be aware of to be an effective security administrator? |
1.Malicious software2.Unauthorized access 3.System failure4.Social engineering |
|
|
|
What is Social engineering? And how may you prevent it from occurring? |
Is the act of manipulating users into revealing confidential information or performing other actions detrimental to the user.
May come in a form of e-mail, over the phone, or in person by impersonation of authority.
To prevent Social Engineering as a Security Administrator can educate the users by explaining what social engineering is, bring awareness by asking users not to provide credentials/ important information over the phone, and providing examples to them of real world examples of social engineering attacks.
Another way is by implementing a Spam filter to prevent emails containing social engineering attacks from reaching the end users.
|
|
|
|
What are 6 ways Security Administrators can prevent and help recover from the security threats? |
User Awareness AuthenticationAnti-malware software Data backupsEncryption Data Removal |
|
|
|
How can a Security Administrator raise User awareness? |
1. Employee training/Education 2. Easily Accessible/ Understandable Policies 3. Security Awareness E-mails 4. Online Security Resources |
|
|
|
What are the 5 methods of Authentication? |
1. Something the user knows: for example, a password or PIN2. Something the user has: for example, a smart card or other security token. 3. Something the user is: for example, the biometric reading of a finger- print or retina scan4. Something a user does: for example, voice recognition or a written signature5. Somewhere a user is: for example, a GPS-tracked individual, or when a system is authenticated through geographic location. |
User Knows User Has What user is User Does User Location |
|
|
What is the AAA of computer security? |
Authentication Authorization Accounting |
|
|
|
How does Authentication occur?
What is a user required to provide in order to establish Authentication?
What is it the purpose of Authentication? |
Authentication: is when a person’s identity is established by providing proof and then confirmed by a system. Typically, this requires a digital identity of some sort, username/password, or other authentication scheme.
|
|
|
|
What is Authorization?
What is a employee required to do before they are Authorized access to data or a call restricted location? |
Authorization: When a user is given access to certain data or areas of a building.
including permissions, access control lists, time-of-day restrictions, and other login and/or physical restrictions.
Accounting: The tracking of data, computer usage, and network resources. Often it means logging, auditing, and monitoring of the data and resources.
Accountability is quickly becoming more important in today’s secure networks. Part of this concept is the burden of proof. You as the security person must provide proof if you believe that someone committed an unauthorized action. When you have indisputable proof of something users have done and they cannot deny it, it is known as non-repudiation. |
|
