Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
118 Cards in this Set
- Front
- Back
Data |
Valuable asset |
|
Without data |
organization losses its record of transactions and its ability to deliver value to its customers |
|
threat |
is an object, person, or other entity that is a constant danger to an asset |
|
Employees |
closest to organization's data; greatest threats to information security |
|
spike |
momentary increase |
|
surge |
prolonged increase |
|
sag |
momentary low voltage |
|
brownout |
prolonged drop |
|
fault |
momentary loss of power |
|
blackout |
prolonged loss |
|
Espionage/Trespass |
Broad category of activities that breach confidentiality |
|
Shoulder Surfing |
espionage; watching other people's phone screen |
|
Traditional Hacker Profile |
aged 13 to 18, limited parental supervision, free time with computer |
|
Modern Hacker Profile |
Aged 12 to 60, technological skill levels, may be internal or external to the organization |
|
Expert Hacker |
develops software scripts and codes exploits, master of many skills, create attack software |
|
Script Kiddies |
hackers of limited skill, use expert written software to exploit a system, do not fully understand the system they hack |
|
Cracker |
cracks or removes protectopn designed to prevent unauthorized duplication |
|
Phreaker |
hacks the public telephone network |
|
Information Extortion |
attacker or formerly trusted insider stealing information from a computer system and demanding compensation for its return or non use |
|
Sabotage or Vandalism |
Individual or group who want to deliberately sabotage the operarions |
|
True |
Electronic theft is a more complex problem to manage and control, organizations may not even know it has occurred. T/F |
|
Malware |
designed to damage, destroy or deny service to the target systems |
|
Virus |
attaches itself to an executable file or application, it cannot stand on its own |
|
Worm |
replicates and propagates itself without having to attach itself to a host |
|
Code Red and Nimda |
Most infamous worms |
|
Trojan horses |
disguises themselves as useful computer programs or applications and can install a backdoor or rootkit on a computer |
|
Backdoors/Rootkits |
give attackers a means of regaining access to the attacked computer |
|
TCP 80 or UDP 53 |
trojan programs that use common ports |
|
TRUE |
Many trojan pograms use standard ports to conduct their exploits |
|
Spyware |
sends info from the infected computer to the person who initiated the spyware program |
|
Adware |
determine a users purchasing habits so that web browsers can display ads tailored to that users |
|
Intellectual Property |
ownership of ideas and control over the tangible or virtual representation of those ideas |
|
attack |
deliberate act that exploits vulnerability |
|
exploit |
technique to compromise a system |
|
vulnerability |
identified weakness of a controlled system |
|
Malicious Code |
includes execution of viruses, worms, trojan horses |
|
IP scan and attack |
compromised system scans random or local range of IP addresses |
|
Web Browsing |
it makes all web content files infectious |
|
Virus |
can write with virus code that can cause infection |
|
Unprotected Shares |
using file shares to copy viral component to all reachable locations |
|
Mass Mail |
sending email infections to addresses found in address book |
|
Simple Network Management Protocol |
used to compromise and infect |
|
Hoaxes |
a more devious approach to attacking computer systems is the transmission of a virus hoax, with a real virus attached |
|
Back doors |
using a known or previously known or unknown and newly discovered access mechanism to gain access to a system |
|
Password Crack |
attempting to reverse calculate a password |
|
Brute Force |
application of computing and network resources to try every possible combination of options of a password |
|
Dictionary |
narrows the field by selecting specific accts to attack and uses a list of commonly used password |
|
Denial-of-service DOS |
attacker sends a large number of connection or information requests to a target |
|
Distributed Denial of service DDoS |
coordinated stream of requests is launched against a target from manu locations at the same time |
|
Spoofing |
intruder sends messages to a computer with an IP address indicating the message is coming from a trusted host |
|
Man in the middle |
attacker sniffs packets from the network, modifies them and inserts them back into the network |
|
Spam |
unsolicited commercial email |
|
Mail bombing |
attacker routes large quantities of email to the target |
|
Sniffers |
can monitor data traveling over a network |
|
Social Engineering |
process of using social skills to convince people to reveal access credentials |
|
brick attack |
best configured firewall in the world |
|
Buffer Overflow |
application error occurs when more data is sent to a buffer than it can handle |
|
Ping of death attacks |
type of DoS attack |
|
Timing Attack |
Relatively new, exploring web browsers cache |
|
Acts of Human error or failure |
includes acts done without malicious intent |
|
Polymorphism |
a threat that changes its apparent shape overtime |
|
Boot Virus |
infects the key operating system |
|
macro virus |
embedded in the automatically executing macro code |
|
rootkit |
created after an attack and usually hides itself within the os tools |
|
shares |
using vulnerabilities in the system |
|
Larry Roberts |
Founder of internet |
|
Larry Roberts |
founder of the internet |
|
Robert Melcalfe |
indicate problems of arpanet |
|
Rand Report R-609 |
start of the study of computer security |
|
Security |
quality of being secure |
|
Physical Security |
protect the physical items |
|
Personal Security |
protect individual or group of individual |
|
Operations Security |
protect the details of a particular operation |
|
Communications Security |
protect organization's communications |
|
Network Security |
protect networking components |
|
Information Security |
protection of information and its critical elements, including the systems and hardware that use, store and transmit that information |
|
C.I.A |
industry standard for computer security |
|
availability |
access information without interference or obstruction |
|
accuracy |
free from mistake or error |
|
authenticity |
being genuine or original |
|
confidentiality |
preventing disclosure or exposure |
|
integrity |
whole, complete and uncorrupted |
|
utility |
having value |
|
possession |
having ownership or control |
|
information system |
entire set of software, hardware, data, people and procedure |
|
subject of an attack |
conduct the attack |
|
object of an attack |
being attacked |
|
TRUE |
Balancing security and access - security must be balance between protection and availability |
|
Bottom Up Approach |
grass-roots effort |
|
Top down approach |
initiated by upper management |
|
methodology |
formal approach to solving a problem |
|
event driven |
response to some occurence |
|
plan driven |
result of carefully developed implementation strategy |
|
SecSDLC |
coherent program |
|
data owner |
responsibile for the security and use of a particular set of information |
|
data custodian |
storage, maintenance, and protection of information |
|
data users |
end system users |
|
security as art |
interaction between users, policy, and technology controls |
|
security as science |
dealing with technology designed to perform at high levels of performance |
|
security as social science |
behavior of individuals interacting with systems |
|
risk identification |
process of examining and documenting involves identifying, classifying |
|
Risk Management |
identifying and justifying risk controls |
|
Risk assessment |
evaluates the relative risk |
|
likelihood |
probability that a specific vulnerability |
|
residual risk |
risk that remains |
|
Defebd |
prevent exploitation of the vulnerability |
|
transfer |
shift the risk to other assets |
|
Mitigation |
reduce the impact |
|
Accept |
doing nothing |
|
terminate |
avoid |
|
qualitative risk |
non numerical measures |
|
Policies |
direct how issues should be addresses |
|
Policy |
written to support the mission, vision and strategic plan |
|
framework |
basic skeletal structure |
|
firewall |
selectively discriminates |
|
Proxy server |
behalf of another system |
|
crisis management |
actions taking during and after a disaster |
|
hot sites |
fully configured physical plant operations |