Chapter 12 - Security

Question 0

Vulnerability

Answer 0

An opportunity for threats to gain access to individual or organizational assets.

Question 1

Threat

Answer 1

Person or organization that seeks to obtain or alter data or other assets illegally, without the owner’s permission and often without the owner’s knowledge.

Question 2

Safeguard

Answer 2

Some measure that individuals or organizations take to block the threat from obtaining the asset.

Question 3

Target

Answer 3

The asset that is desired by the threat.

Question 4

Three Sources of Threats

Answer 4

• Human Error
• Computer Crime
• Natural Disasters

Question 5

Five Types of Security Loss

Answer 5

• Unauthorized Data Disclosure
• Incorrect Data Modification
• Faulty Service
• Denial of Service
• Loss of Infrastructure

Question 6

Usurpation

Answer 6

Computer criminals invade a computer and replace legitimate programs with their own, unauthorized ones.

Question 7

Advanced Persistent Threat (APT)

Answer 7

Sophisticated, possibly long-running, computer hack that is perpetrated by large, well-funded organizations such as governments. A means to engage in cyber warfare. Examples are Stuxnet and Flame.

Question 8

Intrusion Detection System (IDS)

Answer 8

A computer program that senses when another computer is attempting to scan the disk or otherwise access a computer.

Question 9

Gramm-Leach-Bliley Act

Answer 9

Protects consumer financial data stored by financial institutions.

Question 10

Privacy Act of 1974

Answer 10

Protects records of individuals held by the U.S. Government.

Question 11

HIPAA

Answer 11

Health Insurance Portability and Accountability Act. Gives individuals the right to access health data and sets rules and limits on who can read and receive your health information.

Question 12

Identification

Answer 12

User name

Question 13

Authentication

Answer 13

Password, smart card with pin, biometric authentication.

Question 14

Biometric Authentication

Answer 14

Uses personal physical characteristics such as fingerprints, facial features, and retinal scans to authenticate users.

Question 15

Encryption

Answer 15

The process of transforming clear text into coded, unintelligible text for secure storage and communication.

Question 16

Symmetric Encryption

Answer 16

The same key is used to encode and decode.

Question 17

Asymmetric Encryption

Answer 17

Two keys are used; one key encodes and the other key decodes. This is used in the public key/private key method used on the internet.

Question 18

Firewall

Answer 18

Device or program that prevents unauthorized network access. A perimeter firewall sits outside the organizational network. An internal firewall is inside the internal network.

Question 19

Malware

Answer 19

Viruses, worms, Trojan horses, spyware and adware.

Question 20

Virus

Answer 20

A computer program that replicates itself.

Question 21

Payload

Answer 21

The program code that causes unwanted or harmful activity.

Question 22

Trojan Horses

Answer 22

Viruses that masquerade as useful programs.

Question 23

Worm

Answer 23

A virus that propagates using the Internet or other computer network.

Question 24

Spyware and Adware

Answer 24

Programs installed on the user’s computer without the users knowledge or permission. Adware watches user activity and produces pop-up ads.

Question 25

Malware Definitions

Answer 25

Patterns that exist in the malware code.

Question 26

SQL Injection Attack

Answer 26

In a poorly designed app an attacker might write SQL code in a text entry box that then gets executed by the database. This can cause improper data disclosure or data damage.

Question 27

Key Escrow

Answer 27

A trusted party holds a copy of an encryption key, in case the original is lost or damaged.

Question 28

Hardening

Answer 28

Hardened sites use special version of the operating system, and they lock down or eliminate operating system features and functions that are not required by the application.