Chapter 4 (Security) Flashcards
Types of threats?
- Intentional
- Unintentional
- Outside
- Inside
How to protect from threats?
- Risk Management
2. Information security control
Threat?
Vulnerability?
Exposure?
Information Security?
Any danger the system’s exposed to
Possibility of system harmed by threat
Harm that can be done by threat
The policies and procedures to protect organization information from destruction or unauthorized use.
Outside threats?
Natural disasters (floods, storms)
Man-made disasters (fire, power outages)
Internet (malware, hackers, unauthorized users)
Inside threats?
Employees (data error, laziness, carelessness)
System software (info leaked, unauthorized software)
Consultants & janitors ( theft, copying)
Hardware ( physical theft, located in non-secure envo.)
Factors that increase the vulnerability
Modern interconnected environment Smaller and faster storage devices It's easy to become a hacker Organized crime is taking over cyber crime Lack of support from management
Unintentional?
Human error Social engineering (tailgating, shoulder surfing)
Intentional?
ID theft Vandalism Trespass Information extortion Software attacks
Software attacks?
Virus (segment of com. code that performs malicious action by attachment)
Worm (,, ,, ,, no attachement)
Trojan horse (hides in com. program to reveal the behavior when its activated)
Phishing attacks (deception to have sensitive info)
Distributed denial of service ddos (sends so many requests that computer can’t handle)
Risk Management
Identify, control, and minimize threats
, risk analysis
, risk mitigation (acceptance, limitation, transference)
How to conduct information security control?
. Physical control (gates and guards)
. Acess control (authentication, authorization)
. Communication control (firewall, antivirus, encryption, VPN)
Business continuity plan (disaster recovery plan)
provide guide for employees and how to operate after disasters
Audits?
External
Internal
IS auditing procedures
Auditing——– computer
with
around
through
