Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
21 Cards in this Set
- Front
- Back
|
Adware
|
programs installed on the user’s computer without the user’s knowledge or permission that reside in the background and, unknown to the user, observe the user’s actions and keystrokes, modify computer activity, and report the user’s activities to sponsoring organizations. Most adware is benign in that it does not perform malicious acts or steal data. It does, however, watch user activity and produce pop-up ads.
|
|
|
Authentication
|
the process whereby an information system approves (authenticates) a user by checking the user’s password.
|
|
|
Cold site
|
a remote processing center that provides office space, but no computer equipment, for use by a company that needs to continue operations after a natural disaster.
|
|
|
Email spoofing
|
a synonym for phishing. A technique for obtaining unauthorized data that uses pretexting via email. The phisher pretends to be a legitimate company and sends email requests for confidential data, such as account numbers, Social Security numbers, account passwords, and so forth. Phishers direct traffic to their sites under the guise of a legitimate business.
|
|
|
Hacking
|
occurs when a person gains unauthorized access to a computer system. Although some people hack for the sheer joy of doing it, other hackers invade systems for the malicious purpose of stealing or modifying data.
|
|
|
Hardening
|
the process of taking extraordinary measures to reduce a system’s vulnerability. Hardened sites use special versions of the opening system, and they lockdown or eliminate operating systems features and functions that are not required by the application. Hardening is a technical safeguard.
|
|
|
Hot site
|
a remote processing center, run by a commercial disaster-recovery service, that provides equipment a company would need to continue operations after a natural disaster.
|
|
|
Identification
|
the process whereby an information system identifies a user by requiring the user to sign on with a user name and password.
|
|
|
Malware
|
viruses, worms, Trojan horses, spyware, and adware.
|
|
|
Malware definitions
|
patterns that exist in malware code. Anti-malware vendors update these definitions continuously and incorporate them into their products in order to better fight against malware.
|
|
|
Phishing
|
a technique for obtaining unauthorized data that uses pretexting via email. The PHISHER pretend to be a legitimate company and sends an email requesting confidential data, such as account numbers, Social Security numbers, account passwords, and so forth.
|
|
|
Pretexting
|
a technique for gathering unauthorized information in which someone pretends to be someone else. A common scam involves a telephone caller who pretends to be from a credit card company and claims to be checking the validity of credit card numbers. Phishing is also a form of pretexting.
|
|
|
Social Engineering
|
example: calling a person, pretending to be from IT department and socially getting a person’s information
|
|
|
Spyware
|
programs installed on the user’s computer without the user’s knowledge or permission that reside in the background and, unknown to the user, observe the user’s actions and keystrokes, modify computer activity, and report the user’s activities to sponsoring organizations. Malicious spyware captures keystrokes to obtain user names, passwords, account numbers, and other sensitive information. Other spyware is used for marketing analyses, observing what users do, Web sites visited, products examine and purchased, and so forth.
|
|
|
Usurpation
|
occurs when unauthorized programs invade a computer system and replace legitimate programs. Such unauthorized programs typically shut down the legitimate system and substitute their own processing.
|
|
|
What are the sources and types of security threats?
|
Three sources of security threats are human error and mistakes, malicious human activity, and natural events and disasters.
• Unauthorized data disclousure • Incorrect data modification • Faulty service • Denial of service • Loss of infrastructure |
|
|
How can technical safeguards protect against security threats?
|
• Identification and Authentication
• Encryption and Firewalls • Malware Protection • Design for secure applications |
|
|
How can data safeguards protect against security threats?
|
Data administration refers to an organization-wide function that is in charge of developing data policies and enforcing data standards.
Database administration refers to a function that permits to a particular database. |
|
|
How can human safeguards protect against security threats?
|
• Position definitions: give a person the least amount of power they need!! (one person writes checks, other approves expenses, read-only documents)
• Hiring and screening: employee knowledge! • Dissemination and enforcements: teach employees, give them security training! Management take security seriously so employees do too! • Termination: set rules, security policies that if broken, employees are fired! • Hardening: taking extraordinary measures to make sure there is tight security on a system! • Account management: manage accounts, make sure not too many, or unnecessary ones! • Password Management: standards for suitable passwords! • Help-Desk Policies: employees try to get passwords from help desk, help desk keep security by sending password to e-mail, or requesting personal info before giving out valuable information. • Systems Procedures: have normal operation, backup, and recovery procedures in case of security breach or emergency, and to ensure security! • Security Monit |
|
|
How should organizations respond to security incidents?
|
• Have plan in place
• Centralized reporting • Specific responses o Speed o Preparation plays o Don’t make problem worse • Practice |
|
|
How does the CIA triad relate to information security?
|
Confidentiality – preventing disclosure of information to unauthorized individuals or systems,
Integrity – data cannot be modified without authorization, Availability – the information must be available when it is needed. |
