Chapter 3 Flashcards

1
Q

What is Cloud Computing

A

Software and Data services provided via the Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Exploit

A

Attack on an information system that takes advantage of a system vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Organizations that capture and report information about software vulnerabilities

A

Open Source Vulnerability Database (OSVDB), Computer Emergency Response Team (CERT), Common Vulnerabilities and Exposures (CVE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Types of Exploits

A

Virus, Worm, Trojan horse, distributed denial-of-service, rootkit, spam, phishing, spear-phishing, smishing, and vishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Virus

A

Piece of programming code, disguised as something else, that cause a computer to behave in an unexpected and usually undesirable manner.
Does not spread on it own.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Macro Virus

A

Insert unwanted words, numbers, or phrases into documents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Worms

A

Program that resides in the active memory of the computer and duplicates itself.. Spread without Human intervention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Trojan Horse

A

Program which harmful code is hidden inside a seemingly harmless program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Logic bomb

A

Type of Trojan Horse

Triggered by a specific event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Distributed denial-of-service attack (DDoS)

A

Hacker takes over computers(uknowingly to owners of those computers) via the Internet and causes them to flood a target site with demands for data and small tasks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Rootkits

A

set of programs that enables it user to gain administrator level access to a computer without the end user’s consent or knowledge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

CAPTCHA

A

Completely Automated Public Turing Test to tell Computers And Humans Apart

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Phising

A

using email to try to get the recipient to reveal personal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Spear-phishing

A

Variation of phishing that target certain organization’s employee
Looks like the employee’s higher up

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Smishing

A

SMS texting variation of phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Vishing

A

Voice mail version of phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Hacker

A

Test limits of system and/or gain publicly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Cracker

A

Cause problems, steal data, and corrupt systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Malicious Insider

A

Financial gain and/or disrupt company’s information systems and business operations.

20
Q

Cybercriminal

A

Gain financially

21
Q

Hacktivist

A

Promote political ideology

22
Q

Cyberterroritst

A

Destroy infrastructure components of financial institutions, utilities, and emergency response units

23
Q

lamers/Script kiddies

A

Technically inept hackers

24
Q

Steps to reduce potential for attack

A

Perform a thorough background check as well as psychological and drug testing of candidates for sensitive position
Establish an expectation of regular and ongoing psychological and drug testing as a normal routine for people in sensitive positions
Limit The number of people who can perform sensitive operation and grant only the minimum rights and privileges necessary to perform essential duties
Define job roles and procedures so that same person cannot initiate and approve an action.
Periodically rotate people in sensitive positions
Immediately revoke all rights and privileges necessary to perform essential duties when someone leaves a sensitive position
Implement an ongoing audit process

25
Defense Advanced Research Projects Agency (DARPA)
exploring new ways to detect malicious insiders
26
Negligent insiders
Poorly trained and inadequately managed employees who mean well but cause damage
27
Competitive Intelligence
legally obtained information gathered using sources available
28
USA Patriot Act
Defines cyber terrorism and penalties
29
Identity Theft and Assumption Deterrence Act
Makes identity theft a Federal crime with 15 years imprisonment and a maximum fine of $250,000
30
Fraud and Related Activity in Connection with Access Devices Statute
False claims regarding unauthorized use of credit cards
31
Computer Fraud and Abuse Act
Accessing a computer without authorization or exceeding authorized access Transmitting a program, code, or command that causes harm to a computer Trafficking of Computer passwords Threatening to cause damage to a protected computer
32
Stored Wire and Electronic Communications And Transactional Records Access Statutes
Unlawful access to stored communication to obtain, alter, or prevent authorized access to a wire or electronic communication while it is in electronic storage
33
Trustworthy computing
method of computing that delivers secure, private and reliable computing experiences based on sound business practices
34
Risk assessment
Assessing security related risks to an organization's computers and networks from both internal and external threats. ``` Identify assets Specify loss events Frequency of events Impact of events Options to mitigate Feasibility of options Cost/benefit analysis ```
35
Security policy
identifies an organization's security requirements
36
Virtual private network (VPN)
works by using the Internet to relay communications.
37
Firewall
Any Internet traffic that is not explicitly permitted into the internal network is denied entry
38
Intrusion prevention system (IPS)
block what you explicitly state
39
Virus signature
presence of a specific virus
40
Antivirus software
scan a computer's memory and disk drives regularly for viruses
41
Critical infrastructures
Include telecommunications, energy, banking and finance, water, government operations, and emergency services
42
Intrusion detection system (IDS)
software/hardware that monitors system and network resources and activities.
43
Response
``` Incident Notification Protection of Evidence and Activity Logs Incident Containment Eradication Incident Follow-up ```
44
Computer Forensics
discipline that combines elements of laws and identify, collect, examine, and preserve data from computer systems, networks and storage devices in a manner that preserves the integrity of data gathered so that it is admissible as evidence in a court of law.
45
Laws governing the collection of evidence
Fourth Amendment Fifth Amendment Wiretap Act