Chapter 8: Security Flashcards
To ensure that that the user can only access the information resources that are appropriate. It determines which users can authorized to read, modify, add, and/or delete information.
Access Control
An acceptable usage policy or fair use policy, is a set of rules applied by the owner, creator or administrator of a network, website, or service, that restrict the ways in which the network, website or system may be used and sets guidelines as to how it should be used.
Acceptable Use Policies (AUP)
Which identifies a list of users who have the capability to take specific actions with an information resource such as data files. Specific permissions are assigned to each user such as read, write, delete, or add. Only users with those permissions are allowed to perform those functions.
ACL
Are software that can be installed on a computer or network to detect and remove known malicious programs like viruses, and spyware. While …provide some protection they are a reactive defense in that they must first understand what to look for.
Antivirus Programs
Making sure a person is who they say they are. Three factor identification: Identifying someone: something they know, something they have, or something they are.
Authentication
That information can be accessed and modified by anyone authorized to do so in appropriate timeframe.
Availability
The procedure for making extra copies of data in case the original is lost or damaged.
Backup
A type of system that relies on the unique biological characteristics of individuals to verify identity for secure access to electronic systems. Example, a fingerprint scan.
Biometric Authentication
Protecting information, to be able to restrict access to only those who are allowed to see it.
Confidentiality
(Also referred to as computer crime) is an illegal activity that is committed with the use of a computer, or where a computer is the object of the crime.
Cybercrime
Attack does exactly what the term suggests: it prevents a web server from servicing authorized users.
Denial-of-Service (DoS)
One of the most common ways thieves steal corporate information is the theft of employee laptops while employees are traveling. Employees should be trained to secure their equipment whenever they are away from the office.
Employee Training
The process of encoding data upon its transmission or storage so that only authorized individuals can read it.
Encryption
An organization’s servers and other high value equipment should always be kept in a room that is monitored for temperature, humidity, and airflow. The risk of a server failure rises when these factors exceed acceptable ranges
Environmental Monitoring
A software program or hardware device that is used to increase security on its network by blocking unwanted messages/data.
Firewall
When someone accesses a computer without permission.
Hacking
When a criminal gains access to your personal information and uses it without your knowledge.
Identity Theft
The assurance that the information being accessed has not been altered and truly represents what is intended.
Integrity
Works to provide the functionality to identify if the network is being attacked.
Intrusion Detection System (IDS)
It may seem obvious, but all the security in the world is useless if an intruder can simply walk in and physically remove a computing device. High value information assets should be secured in a location with limited access.
Locked doors
A security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.
Multifactor authentication
Occurs when a user receives an e-mail that looks as if it is from a trusted source, such as their bank or employer. In the e-mail the user is asked to click a link and log in to a website that mimics the genuine website, then enter their ID and password.
Phishing
High value information assets should be monitored through the use of security cameras and other means to detect unauthorized access to the physical locations where they exist.
Physical Intrusion Detection
The protection of the actual hardware and networking components that store and transmit information resources.
Physical Security
which is the illegal copying and distribution or use of software
Piracy
Two keys are used: a public key and a private key. To send an encrypted message, you obtain the public key, encode the message, and send it. The recipient then uses their private key to decode it. The public key can be given to anyone who wishes to send the recipient a message..
Public Key Encryption
Instead of giving specific users access rights to an information resource, users are assigned to roles and then those roles are assigned the access. This allows the administrators to manage users and roles separately, simplifying administration and, by extension, improving security.
RBAC
Devices should be locked down to prevent them from being stolen. One employee’s hard drive could contain all of your customer information, so it is essential that it be secured.
Secured Equipment
A technique where culprits disguise their identities by modifying the address of the computer from which the scheme has been launched. Typically, the point is to make it look as if an incoming message has originated from an authorized source.(
Spoofing
when criminals lure individuals into sending them personal, confidential data that can be used in crime. For example, someone phones you posing as a customer service representative asking for your banking log-on information.
Social Engineering
Where both parties share the encryption key. Encryption makes information secure as the message is sent in code and appears to those without the public key as a random series of letters and numbers.
Symmetric Key Encryption
A device that provides battery backup to critical components of the system, allowing they system to stay online longer and/or allowing the IT Staff to shut them down using proper procedures in order to prevent the data loss that might occur from power failure.
Universal Power Supply (UPS)
A virtual private network allows user who are outside of a corporate network to take a detour around the firewall and access the internal network from the outside.
VPN
