CYBER 160 Module 1~ Introduction to Security Flashcards
tasks of securing digital information, whether manipulated by micro processor (personal computer) or a storage device or transmitted over a network
Information Security
3 protections over information (CIA)
Confidentiality, Integrity, Availability
individual or entity responsible for cyber incidents against the technology equipment of enterprises and users
threat actor or malicious actor
attacker who violates computer security for personal gain
Ex: steal credit card numbers or inflicts mailicous damage (corrupts a hard drive)
black hat hacker
type of hacker
attackers that study’s a system with the organization permission for weakness and privately provides that information to the organization
white hat hackers
type of hacker
attacker who attempts to break into a computer system without an organizations permission to publically disclose the attack and shame the organization into taking action
gray hat hackers
type of hacker
individual who wants to perform attacks, yet lack the technical knowledge to carry them out
script kiddes
type of threat actor
attacker strongly motivated by beliefs or principles
Hactivist
government sponsored attackers who launch cyber attacks against the foes of the states
state actors
class of attacks that uses innovative attack tools to affect and silently extract data over an extended period of time
Advanced persistent threat (APT)
most commonly associated with state actors
attacker that manipultaes data from a position of a trusted employee
Insider threat
Ex: healthcare worker passed on for a promotion might sell celebrity health care records to the media
threat actor who moved from traditional criminal activiries to more rewarding and less risky online attacks
cryminal sindicates
a system that consists of the hardware device and operating system that runs software such as application programs or processes
platform
platform thats no longer in widespread use because its been replaced by an updated version of the eearlier technology
legacy platform
software and technology located with in the physical confines of an enterprise which is usually stronger in the company’s data center
on-premises platform
pay per use computing model in which customer pay for the resources they need
cloud platform
configuration settings that aren’t properly implemented, resulting, invulnerabilities
weak configurations
default settings set by vendor for usability and ease and not for security
default settings
unprotected account that gives unrestricted access to all resources
unsecure root accounts
user access over files that should have been restricted
open permissions
using protocols for telecommunicatioin that don’t provide adequate protection
insecure or unsecure protocols
external entities outside of the organization
third parties
Ex: marketing agencies,landscapers, attorneys
contracting with the third parties to assist organizations in developtment and writing of software programs
outsourced code development
third party facilities used for storing important data
data storage
