Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CYSE 600 - Cybersecurity Principles > Chapter 1: Introduction > Flashcards

Chapter 1: Introduction Flashcards

1
Q

The protection of assets on a computer or computer system

A

Computer security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Items of value on a computer or computer system

A

Assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Hardware or software that is commercially available (not custom-made) and can be easily replaced

A

Off-the-shelf

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A weakness in the system that can be exploited to cause harm or loss

A

Vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A set of circumstances that has the potential to cause loss or harm

A

Threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When a vulnerability is exploited to cause harm or loss

A

Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An action, device, procedure, or technique that removes or reduces a vulnerability

A

Control or countermeasure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The ability of a system to ensure that an asset is viewed only by authorized parties

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The ability of a system to ensure that an asset is modified only by authorized parties

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The ability of a system to ensure that an asset can be used by authorized parties

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The ability of a system to confirm the identity of a user

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The ability of a system to confirm that a user cannot convincingly deny having committed a given action

A

Nonrepudiation or Accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The three acts that characterize the kinds of harm that can be committed against an asset

A

Interception, Interruption, and Modification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The term for a person, process, or program accessing a data item

A

Subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A data item being accessed by a person, process, or program

A

Object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The kind of access granted to a person, process, or program to a data item

A

Access mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The authorization permitting a person, process or program to access a data item

A

Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A key model of computer security in which one or more policies are designed to guide the way access is permitted to subjects of a given object

A

Access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Harm caused by natural disasters, loss of electrical power, or failure of a component

A

Nonhuman threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Harm caused by user error

A

Nonmalicious harm

21
Q

An attack in which the attacker is attempting to cause harm to any computer or user without prior knowledge of that computer or user

A

Random attack

22
Q

An attack directed at a specific computer, user, or organization

A

Directed attack

22
Q

A dictionary of publicly known security vulnerabilities and exposures

A

The Common Vulnerabilities and Exposures (CVE) list, available at cve.org

23
Q

A standard measurement system that allows accurate and consistent scoring of the impact of vulnerabilties

A

The Common Vulnerability Scoring System (CVSS), available at nvd.nist.gov/vuln-metrics/cvss

24
Q

A threat against many computers that belong to a network

A

Cyberthreat

25
Q

The online world of computers

A

Cyberspace

26
Q

An illegal attack against computers connected to or reached from their network, as well as their users, data, services, and infrastructure

A

Cybercrime

27
Q

Security as applied to individual computers and devices, as well as to the broader collection of devices in networks with other users and devices

A

Cybersecurity

28
Q

Threats that come from organized, well-financed, patient assailants engaging in long-term campaigns targeted at specific systems or users

A

Advanced persistent threats

29
Q

The members of a cybercrime team that manage their team’s full slate of malicious payloads (viruses, ransomware, denial-of-service attack packets), deciding which tool to use and which moment represents the best opportunity to launch an attack

A

Network administrators

30
Q

The members of a cybercrime team that are charged with making sure that any and all malicious software that is successfully installed on a target’s systems continues running for as long as possible

A

Intrusion specialists

31
Q

The members of a cybercrime team that organize and reformat stolen data in order to make sense of it

A

Data miners

32
Q

The members of a cybercrime team that are tasked with developing new variations of malicious software capable of infecting targeted systems, spreading quickly and widely, and evading detection

A

In-house programmers

33
Q

The members of a cybercrime team that determine how much money the specific stolen information is worth on various black markets

A

Financial specialists

34
Q

The negative consequences of actualized threats

A

Harm

35
Q

The process of choosing which threats to try to mitigate

A

Risk management

36
Q

The amount of risk that remains uncovered by controls or countermeasures

A

Residual risk

37
Q

The amount of damage or potential harm that can be caused by a threat

A

Impact

38
Q

The three elements a malicious attacker must have to be successful

A

Method, opportunity, and motive (also called MOM)

39
Q

The skills, knowledge, tools, and other things with which to perpetrate an attack

A

Method

40
Q

The time and access needed to execute an attack

A

Opportunity

41
Q

The reason to perpetrate an attack

A

Motive

42
Q

An attacker that downloads a complete attack code package and needs only to enter a few details to identify the target and perform an attack

A

Script kiddie

43
Q

A system’s full set of vulnerabilities, both actual and potential

A

Attack surface

44
Q

Controls or countermeasures that use tangible objects or people to stop or block an attack or threat

A

Physical controls

45
Q

Controls or countermeasures that use commands or agreements to require or advise people how to act

A

Procedural controls or administrative controls

46
Q

Controls or countermeasures that use technology to counter threats

A

Technical controls

47
Q

The use of more than one control or countermeasure, or the use of more than one class of control or countermeasure to achieve protection

A

Overlapping controls or defense in depth

CYSE 600 - Cybersecurity Principles (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions