Ch 13 Flashcards
Why should general managers be concerned with information security?
Security, privacy, and ethics are critical to a firm’s success, and delegating them solely to IT professionals can lead to vulnerabilities.
What are the key components of IT risk management?
Risk Assessment: Identifying and measuring security risks.
Risk Mitigation: Developing strategies to counter risks.
What are the principal cybersecurity threats?
Internal Threats: Intentional malicious behavior and careless employee actions.
External Threats: Hacking, phishing, malware, and social engineering.
What are the three key components of information security?
Confidentiality: Ensuring that only authorized individuals can access information.
Integrity: Maintaining information accuracy and reliability.
Availability: Ensuring data is accessible when needed.
How is confidentiality ensured?
Cryptography: Encrypts data to protect it.
Access Control: Ensures only authorized users access data.
What are the key elements of access control?
Authentication: Verifying identity.
Authorization: Granting appropriate access.
Accounting: Keeping records of user activity.
What is the simplest method of authentication?
Passwords, but they become insecure when shared or easily guessed.
What is multi-factor authentication?
A security system that requires multiple verification factors:
- Something you know (password)
- Something you have (phone, token)
- Something you are (fingerprint, facial recognition)
What are internal cybersecurity threats?
Intentional Malicious Behavior: Disgruntled employees leaking or modifying data.
Careless Behavior: Employees neglecting cybersecurity best practices.
What are external cybersecurity threats?
- Intrusions: Hackers gaining unauthorized access to systems.
- Social Engineering: Manipulating people into sharing sensitive data.
- Phishing: Fraudulent emails tricking users into giving personal information.
- Malware: Malicious software like viruses, worms, ransomware, and spyware.
What is social engineering?
A manipulation technique used to trick people into revealing confidential information.
What is malware?
Malicious software designed to disrupt, damage, or steal information.
What are the different types of malware?
Virus: Attaches to files and spreads.
Worm: Spreads across networks without human intervention.
Trojan Horse: Disguises as legitimate software.
Ransomware: Locks files and demands payment.
Spyware: Secretly collects user information.
What is phishing?
A scam where attackers send deceptive emails or fake websites to steal user credentials.
What is spear-phishing?
A targeted phishing attack on a specific person or organization, often more sophisticated.
What is online fake news?
The deliberate spread of false information to manipulate public opinion.
Why are mobile and IoT devices vulnerable to cybersecurity threats?
They are full-fledged computers but often lack strong security measures.
What is privacy in information security?
The right to control personal data and protect it from unauthorized access.
What is a negative deliverable in cybersecurity?
Cybersecurity investments do not generate revenue but prevent potential losses.
What are the three IT risk mitigation strategies?
- Risk Acceptance: Not investing in countermeasures, accepting potential failure costs.
- Risk Reduction: Investing in security measures to minimize threats.
- Risk Transference: Shifting risk to third parties (outsourcing, insurance).
What are internal cybersecurity response strategies?
Security Policies: Guidelines to minimize risks.
Monitoring: Tracking and restricting risky activities.
Testing: Conducting security drills like fake phishing attacks.
What are external cybersecurity response strategies?
Passwords: Balancing complexity and usability.
Firewalls: Filtering network traffic.
Encryption: Protecting data from unauthorized access.
Antivirus Software: Detecting and preventing malware attacks.
