CH 19 in class concepts Flashcards
What happend to Equifax?
Largest data breach in summer of 2017; credit card numbers, SSN, etc.)
What happened with Target?
Hackers installed malware in Target’s security system in 2013; credit cards stolen and other personal info that led to largest ever decline in transactions, profits, lawsuits, and CEO’s dismissal.
Paid for software security and ignored warnings. They turned off the function to automatically delete malware.
why is security a top organizational priority?
security breach can lead to financial loss, exposed info, court costs, and damaged reputations. it is important to determine whether firm has technologies, training, policies and procedures to assess risks, lessen damage, and respond in the event.
why do data breaches happen?
data harvesters steal data and sell it. Cash-out fraudsters purchase data from data harvesters and use for financial gain (buy goods with stolen credit cards.
cyberwarfare can become a legit, physical threat despite being software. white hat hackers show this bydemonstrating that they can affect the temperature of an oil refinery and cause an explosion
is the government psying on you?
many US government agencies had data-monitoring efforts for more pervasive than many realized.
is a hacker good or bad?
can be both; could be someone who breaks into a computer or a particularly clever programmer.
white hat hackers uncover computer weaknesses without exploitation. they contribute to improving system security and share their knowledge in hopes that security will be improved. black hat hackers, on the other hand, are criminals.
user and administrator threats
bad apples - dishonest employees who steal secrets, insteall malware, or hold a firm hostage
social engineering - con games to trick employees into revealing info or performing other tasks that compromise a firm (impersonation, charm, harrasment/guilt/intimidation, befriending, etc)
passwords - inefficient and insecure password systems, though sites force regular password changes, users only make minor tweaks; multi-factor authentication and biometrics to measure human body characterestics to identify and authenticate, offer more security
technology threats
malware compromises computing system without permission via viruses worms, and trojans.
viruses - infect other software or files
worms - programs take advantage of security vulnerability to automatically spreas; unlike viruses, do not require an executable
trojans - misleads users by disguising as a standard program
what is the encryption prescription
deploying encryption dramatically lowers potential damage from lost or stolen laptops or from hardware recovered from dumpster diving. encryption scrambles data using a code, hiding it from those who cannot unlock it with a key. brute force attacks tries every possible password combination to break into an account.
What can users do to protect their data?
regularly back up system, dispose of sensitive invormation in a smart way
what can an organization do to protect their systems and data?
follow framworks, stnadards, and compliance
education, audit, and enforcement
technology standpoint: patches that plug existing holes, lock down hardware and lock down networks (firewalls, blacklists, whitelists, honeypots, intrusion detection systems)
