Chapter 4: Information Security and Controls Flashcards
Define Information security
Information security: refers to all of the processes and policies designed to protect an organization’s information and information systems (IS) from unauthorized access, use, disclosure, disruption, modification, or destruction
What’s the difference between a threat, an exposure, vulnerability
Threat: to an information resource is any danger to which a system may be exposed.
Vulnerability: is the possibility that a threat will harm that information resource.
Exposure: is the harm, loss, or damage that can result if a threat compromises an information resource
What are the five key factors contributing to the increasing vulnerability of organizational information resources?
- Today’s interconnected, interdependent, wirelessly networked business environment
- Smaller, faster, inexpensive computers and storage devices
- Decreasing skills necessary to be a computer hacker
- Internet contains information and computer programs called scripts that users with limited skills can download and use to attack any information system that is connected to the Internet
- International organized crime taking over cybercrime
- Cybercrime: refers to illegal activities conducted over computer networks, particularly the Internet.
- Lack of management support
What are the two major categories of threats?
unintentional threats and deliberate threats
Define Unintentional threats and what are the two categories of it?
Unintentional threats: are acts performed without malicious intent that nevertheless represent a serious threat to information security.
Catergories: Human Error and Social Engineering
Unintentional threats: Explain two points to be made about employees? What about contract labour, consultants, and janitors and guards?
1.The higher the level of employee, the greater the threat they pose to information security
- Have greater access to corporate data, and they enjoy greater privileges on organizational information systems
2.Employees in human resources and information system pose especially significant threats to information security:
- Human resources employees generally have access to sensitive personal information about all employees
- IS employees have access to sensitive organizational data, and also have control to create, store, transmit, and modify those data
Other relevant but overlooked employees include contract labour, consultants, and janitors and guards (have access to the sensitive places in office)
- These people have access to company’s network, information systems, and information assets.
Unintentional Threats: Social Engineering as well as tailgating and shoulder surfing
Social engineering: is an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords
- Ex. occurs when the attacker impersonates someone else on the telephone, such as a company manager or an IS employee
Tailgating: is a technique designed to allow the perpetrator to enter restricted areas that are controlled with locks or card entry
Shoulder surfing: occurs when a perpetrator watches an employee’s computer screen over the employee’s shoulder
Deliberate Threats: define Identity Theft and how could a criminal do it?
Identity theft: is the deliberate assumption of another person’s identity, usually to gain access to their financial information or to frame them for a crime.
Techniques for illegally obtaining personal information include the following:
* Stealing mail or dumpster diving
* Stealing personal information in computer database
* Impersonating a trusted organization in an electronic communication (phishing)
Deliberate Threats, Software Attacks: define Malware and Ransomware
Malware: malicious software
- Modern cybercriminals use sophisticated, blended malware attacks, typically through the Web, to make money
Ransomware: or digital extortion, blocks access to a computer system or encrypts an organization’s data until the organization pays a sum of money
- Types of ransomware include Locky, Cryptolocker, Cryptowall, TeslaCrypt, CTB Locker, WannaCry, Petya, and many more variants.
Explain the common method for ransomware attacks
Starts with S and another one is D
Employees receive hundreds of emails every day, and many of their roles require them to download and open attachments
- Spear phishing: emails are carefully tailored to look as convincing as possible, so they appear no different from any other email the victim might receive.
Cybercriminals are beginning to threaten to release data to the public, a strategy known as doxing
- For organizations that deal with private and sensitive customer data, such as financial services, hospitals, and law firms, such attacks can have severe consequences.
What is Alien Software?
Alien software: or pestware, is software that is installed secretly onto your computer through duplicitous methods. Can also enable other parties to track your Web surfing habits and other personal behaviours
Alien Software: define Adware, Spyware (Keystroke loggers, Screen scrapers) Tracking Cookies
Adware: software that causes pop-up advertisements to appear on your screen.
Spyware: is software that collects personal information about users without their consent.
Types are keystroke loggers and screen scrapers:
-
Keystroke loggers: records both your individual keystrokes and your Internet Web browsing history.
- Can keep track of passwords and sensitive personal information such as credit card numbers
- Screen scrapers: records a continuous “movie” of a screen’s contents rather than simply recording keystrokes.
Cookies: are small amounts of information that websites store on your computer, temporarily or more or less permanently
Tracking cookies— an be used to track your path through a website, the time you spend there, what links you click on, and other details that the company wants to record, usually for marketing purposes.
What is Supervisory Control and Data Acquisition (SCADA)?
SCADA refers to a large-scale distributed measurement and control system.
- SCADA systems are used to monitor or to control chemical, physical, and transport processes such as those used in oil refineries, water and sewage treatment plants, electrical generators, and nuclear power plants
Define Cyberterrorism/cyberwarfare
Cyberterrorism and cyberwarfare: refer to malicious acts in which attackers use a target’s computer systems, particularly through the Internet, to cause physical, real-world harm or severe disruption, often to carry out a political agenda
- Ex. attack on Saudi Arabia’s chemical plant - could’ve caused an exposition - agenda was to discourage investors to associate with Saudi Arabia (was an act of war from another country)
What are some reasons why is it difficult to protect information reasources?
- Hundreds of potential threats exist
- Many individuals control or have access to information assets.
- Computer networks can be located outside the organization, making them difficult to protect.
- Rapid technological changes make some controls obsolete as soon as they are installed.
- Many computer crimes are undetected for a long period of time, so it is difficult to learn from experience.
- People tend to violate security procedures because the procedures are inconvenient.