Chapter 4 Flashcards
Social engineering
an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information
Unintentional Threats to Information Systems
Human errors
social engineering
Espionage or tresspass
when an unauthorized individual attempts to gain illegal access to organizational information
Information extortion
online crime where hackers hold your personal data until you meet their demands
Sabotage or vandalism
deliberate acts to attempt to damage the organizations image
Compromises to intellectual property
unauthorized use, duplication, distribution of protected IP
Software attacks
computer code and applications that can damage your computer or steal sensitive information
Malware (malicious software)
viruses and worms
spread by downloads and emails
Virus vs worm
viruses require active host program
worms are already infected and active operating system
Alien software
Adware (ads that can be a threat)
Spyware (cookies give access to information about user)
Physical controls (protecting information resources)
Prevent unauthorized individuals from gaining access to a company’s facilities
walls, doors, fences
Access controls
logical controls (implemented by software) help to provide controls such as authentication, authorization
Applications Controls
input, processing, output
Disaster recovery plan
hot site (all components)
warm site (most components)
cold site (secondary location)
Business Continuity Planning (BCP)
provide continuous availability
be able to recover in the event of a hardware or software failure of attack