Chapter 3: Cyber-attacks and Cyber-security

Question 1

Advanced persistent threat (APT)

Answer 1

A network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time (weeks or even months).

Question 2

Antivirus software

Answer 2

Software that scans for a specific sequence of bytes, known as a virus signature, that indicates the presence of a specific virus.

Question 3

Blended threat

Answer 3

A sophisticated threat that combines the features of a virus, worm, Trojan horse, and other malicious code into a single payload.

Question 4

Botnet

Answer 4

A large group of computers, which are controlled from one or more remote locations by hackers, without the knowledge or consent of their owners.

Question 6

Bring your own device

Answer 6

A business policy that permits, and in some cases, encourages employees to use their own mobile devices (smartphones, tablets, or laptops) to access company computing resources and applications, including email, corporate databases, the corporate intranet, and the Internet.

Question 7

Business Continuity Plan

Answer 7

A risk-based strategy that includes an occupant emergency evacuation plan, a continuity of operations plan, and an incident management plan with an active governance process to minimize the potential impact of any security incident and to ensure business continuity in the event of a cyberattack or some form of disaster.

Question 8

CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart)

Answer 8

Software that generates and grades tests that humans can pass and all but the most sophisticated computer programs cannot.

Question 9

CIA security triad

Answer 9

Refers to confidentiality, integrity, and availability.

Question 10

Computer Forensics

Answer 10

A discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a manner that preserves the integrity of the data gathered so that it is admissible as evidence in a court of law.

Question 11

Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act

Answer 11

A law that specifies that it is legal to spam, provided the messages meet a few basic requirements—spammers cannot disguise their identity by using a false return address, the email must include a label specifying that it is an ad or a solicitation, and the email must include a way for recipients to indicate that they do not want future mass mailings.

Question 12

cyberespionage

Answer 12

The deployment of malware that secretly steals data in the computer systems of organizations, such as government agencies, military contractors, political organizations, and manufacturing firms.

Question 13

cyberterrorism

Answer 13

The intimidation of government or civilian population by using information technology to disable critical national infrastructure (e.g., energy, transportation, financial, law enforcement, and emergency response) to achieve political, religious, or ideological goals.

Question 14

Department of Homeland Security (DHS)

Answer 14

A large federal agency with more than 240,000 employees and a budget of almost $65 billion whose goal is to provide for a “safer, more secure America, which is resilient against terrorism and other potential threats.”

Question 15

disaster recovery plan

Answer 15

A documented process for recovering an organization’s business information system assets—including hardware, software, data, networks, and facilities—in the event of a disaster.disaster recovery plan

Question 16

distributed denial-of-service (DDoS) attack

Answer 16

An attack in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks.

Question 17

encryption

Answer 17

The process of scrambling messages or data in such a way that only authorized parties can read it.

Question 18

encryption key

Answer 18

A value that is applied (using an algorithm) to a set of unencrypted text (plaintext) to produce encrypted text that appears as a series of seemingly random characters (ciphertext) that is unreadable by those without the encryption key needed to decipher it.

Question 19

exploit

Answer 19

An attack on an information system that takes advantage of a particular system vulnerability.

Question 20

intrusion detection system (IDS)

Answer 20

Software and/or hardware that monitors system and network resources and activities and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment.

Question 21

logic bomb

Answer 21

A type of Trojan horse malware that executes when it is triggered by a specific event or at a predetermined time.

Question 22

managed security service provider (MSSP)

Answer 22

A company that monitors, manages, and maintains computer and network security for other organizations.

Question 23

mission-critical process

Answer 23

Business processes that are more pivotal to continued operations and goal attainment than others.

Question 24

next-generation firewall (NGFW)

Answer 24

A hardware- or software-based network security system that is able to detect and block sophisticated attacks by filtering network traffic dependent on the packet contents.

Question 25

Phishing

Answer 25

The act of fraudulently using email to try to get the recipient to reveal personal data.

Question 26

ransomware

Answer 26

Malware that stops you from using your computer or accessing your data until you meet certain demands, such as paying a ransom or sending photos to the attacker.

Question 27

reasonable assurance

Answer 27

A concept in computer security that recognizes that managers must use their judgment to ensure that the cost of control does not exceed the system’s benefits or the risks involved.

Question 28

risk assessment

Answer 28

The process of assessing security-related risks to an organization’s computers and networks from both internal and external threats.

Question 29

rootkit

Answer 29

A set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge.

Question 30

security audit

Answer 30

An evaluation of whether an organization has a well-considered security policy in place and if it is being followed.

Question 31

security policy

Answer 31

An organization’s security requirements, as well as the controls and sanctions needed to meet those requirements.

Question 32

smishing

Answer 32

Another variation of phishing that involves the use of texting.

Question 33

spam

Answer 33

The use of email systems to send unsolicited email to large numbers of people.

Question 34

spear phishing

Answer 34

A variation of phishing in which the phisher sends fraudulent emails to a certain organization’s employees.

Question 35

Transport Layer Security (TLS)

Answer 35

A communications protocol or system of rules that ensures privacy between communicating applications and their users on the Internet.

Question 36

Trojan horse

Answer 36

A seemingly harmless program in which malicious code is hidden.

Question 37

U.S. Computer Emergency Readiness Team (US-CERT)

Answer 37

Established in 2003 to protect the nation’s Internet infrastructure against cyberattacks, it serves as a clearinghouse for information on new viruses, worms, and other computer security topics.

Question 38

Virus

Answer 38

A piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner.

Question 39

virus signature

Answer 39

A specific sequence of bytes that indicates to antivirus software that a specific virus is present.

Question 40

vishing

Answer 40

Similar to smishing except that the victims receive a voice-mail message telling them to call a phone number or access a website.

Question 41

Worm

Answer 41

A harmful program that resides in the active memory of the computer and duplicates itself.

Question 42

zero-day exploit

Answer 42

A cyberattack that takes place before the security community and/or software developers become aware of and fix a security vulnerability.

Question 43

zombie

Answer 43

A computer that is part of a botnet and that is controlled by a hacker without the knowledge or consent of the owner.