CHP. 12 Flashcards
Identity theft
Stealing, misrepresenting, or hijacking the identity of another person or business.
Personal Information Protection and Electronic Documents Act (PIPEDA)
In Canada, PIPEDA gives individuals the right to know why an organization collects, uses, or discloses their personal information.
Security threats
A problem with the security of information or the data therein, caused by:
1. Human errors and mistakes:
- Accidental problems
- Poorly written programs
- Poorly designed procedures
- Physical accidents
2. Malicious human activity
- Intentional destruction of data
- Destroying system components
- Hackers
- Virus and worm writers
- Criminals
- Terrorists
3. Natural events and disasters
- Fires, floods, hurricanes, earthquakes, tsunamis, avalanches, tornados, and other acts of nature
- Initial losses of capability and service
Plus losses from recovery actions
Spam
Unwanted email messages.
Unauthorized data disclosure
Can occur because of human error when someone inadvertently releases data in violation of policy, or when employees unknowingly or carelessly release proprietary data to competitors or the media.
Pretexting
A technique for gathering unauthorized information in which someone pretends to be someone else. A common scam involves a telephone caller who pretends to be from a credit card company and claims to be checking the validity of credit card numbers. Phishing is also a form of pretexting.
Phishing
A technique for obtaining unauthorized data that uses pretexting via email. The phisher pretends to be a legitimate company and sends an email requesting confidential data, such as account numbers, social insurance numbers, account passwords, and so forth.
Spoofing
When someone pretends to be someone else with the intent of obtaining unauthorized data. If you pretend to be your professor, you are spoofing your professor.
IP spoofing
A type of spoofing whereby an intruder uses another site’s IP address as if it were that other site.
Email spoofing
A synonym for phishing. A technique for obtaining unauthorized data that uses pretexting via email. The phisher pretends to be a legitimate company and sends email requests for confidential data, such as account numbers, social insurance numbers, account passwords, and so forth. Phishers direct traffic to their sites under the guise of a legitimate business.
Sniffing
A technique for intercepting computer communications. With wired networks, sniffing requires a physical connection to the network. With wireless networks, no such connection is required.
Drive-by sniffers
People who take computers with wireless connections through an area and search for unprotected wireless networks in an attempt to gain free internet access or to gather unauthorized data.
Hacking
Occurs when a person gains unauthorized access to a computer system. Although some people hack for the sheer joy of doing it, other hackers invade systems for the malicious purpose of stealing or modifying data.
Denial of service (DOS)
Security problem in which users are not able to access an information system; can be caused by human errors, natural disaster, or malicious activity.
Technical safeguards
Safeguards that involve the hardware and software components of an information system.
- Identification and authentication
- Encryption
- Firewalls
- Malware protection
- Application Design
Identification
The process whereby an information system identifies a user by requiring the user to sign on with a user name and password.