Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
20 Cards in this Set
- Front
- Back
|
what are the SysAdmin responsibilities?
|
-installation, configuration, and maintenance of hardware/software
-understanding of security risks, vulnerabilities, and best practices -assist ISSO in enforcing security policies and best practices |
|
|
what is considered to be a "hacker" today?
|
someone who gains access to a computer, network, or other information system, illegally or without authorization, in order to damage or deny legitimate access to it.
|
|
|
what was the original definition of a "hacker" ?
|
someone, i.e. a sysadmin, engineer, programmer, etc. who was curious about how systems and programs worked.
it was considered a compliment to be a "hacker". |
|
|
what is a "cracker" ?
|
the original hacker's word for the new malicious "hackers".
|
|
|
what is a white hat hacker?
|
an individual who works within the system to legally explore, protect, and defend.
|
|
|
what is a black hat hacker?
|
someone who accesses sytems and networks illegally or without authorization.
their intent may be just to explore or it may be malicious. |
|
|
what is a gray hat hacker?
|
someone who falls in between a white hat and a black hat. at least part of the time they work legitimately within the security community. however, they may occasionally act as a black hat.
|
|
|
what is information warfare?
|
a broader category of attack and defence, ecompassing computer and network security, along with control over all sources of information. (media, misinformation, PSYOP, etc.)
|
|
|
what is cyberwarfare?
|
the attack and defense of computers, networks, and infrastructures connected to or controlled by computers and networks.
|
|
|
What are the popular security myths?
|
Security through obscurity
I have nothing worth protecting Nobody is going to attack me I've never been attacked I'm protected by a firewall My computer is 100% secure Free money |
|
|
What is an information system? (as defined by the Computer Security Act of 1987)
|
Any equipment of interconnected system or subsystems of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information.
|
|
|
What is INFOSEC? (as defined by the CNSS)
|
Protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.
|
|
|
What are the 3 requirements for INFOSEC?
|
Training, research, and time
|
|
|
What are the 3 main pieces to base level protection?
|
Workstation/Server Lockdown
Protocol Lockdown Network Lockdown |
|
|
What training is required for personnel security awareness?
|
IA training
|
|
|
What are levels of sensitivity?
|
They relate to the confidentiality aspect of information security.
|
|
|
What would happen if someone outside of your organization found public information?
|
No damage; public information is considered to be unclassified.
|
|
|
What would happen if someone outside of your organization found sensitive information?
|
Minimal damage; still considered to be unclassified, but higher in value than regular unclassified info. Requires some controls to prevent disclosure.
|
|
|
What was the National Information Systems Security Conference? (NISSC)
|
A leading global forum on computer and information systems security.
|
|
|
What does TCSEC (Trusted Computer System Evaluation Criteria) provide?
|
A basis for establishing security requirements in the acquisition specifications.
A standard that vendors must adhere to depending on the mode of operation being implemented. The ability to measure the "trustworthiness" of an AIS. |
