Data Security and Integrity Processes Flashcards

You may prefer our related Brainscape-certified flashcards:
1
Q

Access Levels

A

allowing different users to have access to different data, such as giving some people Read Only access, or allowing some people to access more data than others

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

APT

A

Advanced Persistent Threat

a set of stealthy and continuous computer hacking processes, often orchestrated by humans targeting a specific entity, usually organisations and/or nations for business or political nations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

APT1

A

a professional cyber espionage group in China

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

APT28

A

Fancybear

state sponsored malware attacks for information gathering for foreign governments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

APT29

A

Hamertoss

a malware backdoor using Twitter and GitHub originating in Russia

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Adware

A

not dangerous in its own right, but may contains links to other malware, such as viruses and key loggers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Attack Vectors

A

describes direction of attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Backdoor

A

built into a computer program that allows someone to bypass any security to get to it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Back-Up of Servers

A

this should be done off-site to avoid back-ups being destroyed in situations such as fires or floods that also destroy the originals, and the location should be on a need-to-know basis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Baudot Code

A

a 5-digit binary number used in the Vernam cipher to encrypt data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Behavioural Identifiers

A

consists of the exceptional ways in which individuals act, including identification of typing patterns, gait and other gestures; some of these behavioural identifiers can be utilised for constant validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Bespoke Tools

A

specifically developed tools to target known vulnerabilities or poorly designed software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Biometric Exposures

A

high-tech cameras and other devices support usage of biometrics, but can also be used by attackers; people do not cover or hide their physical and behavioural features, therefore, attacks can happen by simply capturing biometric data from people without their permission or knowledge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Biometric Template

A

is compared to the data storage; data is encrypted for security measures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Blagging

A

the act of convincing someone else to make them directly give away information such as passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Bot Activity

A

software application that runs automated tasks on the Internet, usually with the intent to imitate human activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Anonymisation Proxy

A

a tool that attempts to make activity on the Internet untraceable by acting as an intermediary and privacy shield between a client computer and the rest of the Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

CAPTCHA Solving Zombie

A

bots that can solve CAPTCHA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Click Fraud Zombie

A

the practice of artificially inflating traffic statistics for online advertisements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

DoS Extortion Zombie

A

a bot that carries out DoS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Spam Zombie

A

a bot that sends out spam

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Botnet

A

where an entire network becomes infected with malware and are controlled as a group, eg to perform distributed DNS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Browser Script Attack

A

a type of injection attack in which malicious scripts are injected into otherwise benign and trusted websites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Brute Force Attack

A

where hacker have multiple guesses in quick succession at your password until they eventually guess it correctly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Caesar Cipher

A

a substitution cipher that involves substituting letters in a message for other letters, symbols and characters. It can be broken using brute-force attacks or letter frequency attacks, but it isn’t very secure as patterns in the text are still persevered, the most frequently used letters will appear in the same places as the plaintext’s most frequently used letters, the number of possible keys is too small and the same shift is likely to be used for each message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Cartesian Product

A

where the relationship between elements in two different sets are introduced

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Check Digit

A

an extra digit or character added to the end of a long code. It is computed by applying an algorithm to the other digits. When the long code is entered, the check digit is calculated and compared to the check digit at the end of the code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Checksums

A

a simple error-detection scheme. Each transmitted package is accompanied by a numerical value based on the number of set bits in the message. The receiving station then applies the same formula to the message and checks to make sure the numerical value is the same. If not, the receiver can assume than an error has occurred and it will ask the sending computer to re-send the package

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Commodity Tools

A

freely available tools and scripts on the internet including specialist toos for vulnerability scanning or penetration testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Computer Misuse Act

A

legislation that protects personal data held by organisations from hackers, making unauthorised access to computers, unauthorised access to computer data and unauthorised modification of data illegal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Contingency Planning

A

planning for disaster

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Cyberattack

A

attacks on computers or networks that use various types of malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Survey

A

researching the target and reviewing available information to identify potential vulnerabilities and possible lines of attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Delivery

A

crafting an attack to exploit a vulnerability and delivering it to the target

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Breach

A

exploiting a vulnerability to gain access to information in order to create some negative impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Attack

A

developing the attack to achieve the intention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Data Protection Act 2018

A

laws about personal data held by an organisation, stating that personal data must be kept up-to-date and accurate, not held for any longer than is necessary, that individuals relating to that information can access it and correct it and that they can receive compensation if the law is not followed regarding their data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

First Data Protection Principle

A

processing of personal data for any of the law enforcement purposes must be lawful and fair

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Second Data Protection Principle

A

the law enforcement purpose for which personal data is collected on any occasion must be specified, explicit and legitimate, and personal data so collected must not be processed in a manner that is incompatible with the purpose for which it was collected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Third Data Protection Principle

A

personal data processed for any of the law enforcement purposes must be adequate, relevant and not excessive in relation to the purpose for which it is processed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Fourth Data Protection Principle

A

personal data processed for any of the law enforcement purposes must be adequate, relevant and, where necessary, kept up to date, and every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the las enforcement purpose for which it is processed, is erased and rectified without delay

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Fifth Data Protection Principle

A

personal data processed for any law enforcement purposes must be kept for no longer than is necessary for the purposes for which it is processed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Sixth Data Protection Principle

A

personal data processed for any of the law enforcement purposes must be so processed in a manner that ensures appropriate security of the personal data, using appropriate technical and organisational measures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Decision Process

A

makes use of matching outputs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Decryption

A

the process of recovering original data, known as plaintext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

DoS Attack

A

Denial of Service Attack

attempt to make your website and servers unavailable to legitimate users by swamping a system with fake requests, usually in an attempt to exhaust server resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Dictionary Attack

A

where the hacker use a file containing every word in the dictionary to guess your password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Disaster Recovery

A

plans to recovery after disaster

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Disposal of Files

A

allows better file integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Distributed DoS

A

DoS involving may networks, possibly because several networks are all attacking at once, or because several networks are all being attacked at once

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Driving Table

A

the most important table in SQL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Eavesdropping

A

where hackers attempt to intercept keys in order to decode encrypted messages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Email Attacks

A

cyber attacks done through e-mail

  • Access to Corporate Email
  • Harvesting Associating Accounts
  • Harvesting Email Contacts
  • Stranded Abroad Advance Scams
  • Webmail Scam
54
Q

Encryption

A

the process that transforms data into something that appears random or otherwise obscures the meaning of the data

55
Q

Enrollment

A

the process by which a reader or scanning device is used to record the biometric factor being authenticated

56
Q

Equation Group

A

one of the most sophisticated cyber-attack groups in the world

57
Q

External Code Blue

A

a cyber-attack feature that attacks SMB

58
Q

Fallback Process

A

if biometric identification fails

59
Q

Firewall

A

monitoring packets against attempts to exploit weaknesses in the TCP/IP protocol suite which worms and trojans can exploit

60
Q

GDPR

A

General Data Protection Regulation

EU framework for data protection laws, came into force on 25th May 2018,

61
Q

Guess Attack

A

where the hacker uses a file containing every word in the dictionary to guess your password

62
Q

Hacktivists

A

people who believe they are hacking for the greater good

63
Q

Hostage Attack

A

involves holding a company or person hostage

  • Fake Antivirus
  • Ransomware
  • Email Account Ransom
  • Webcam Image Extraction
64
Q

Hallucination

A

where AI presents lies as fact

65
Q

ICO

A

Information Commissioner’s Office

responsible for enforcing GDPR and Data Protection Act

66
Q

Injection Attack

A

an attacker tries to get the program to execute their malicious code by including it as a regular output, which can be avoided by using input validation

67
Q

Input Sanitisation

A

a cybersecurity measure of checking, cleaning, and filtering data inputs from users, APIs, and web services of any unwanted characters and strings to prevent the injection of harmful codes into the system

68
Q

Insider Threat Exploitation

A

coercion, bribery, political persuasion

69
Q

Internet of Things

A

things that wouldn’t traditionally connect to the internet such as Smart thermometers in fish tanks and Ring doorbells

70
Q

IP Address Spoofing

A

involves an attacker changing the IP address of a legitimate host so that a visitor who types in the URL of a legitimate site is taken to a fraudulent or spoofed web page, meaning the attacker can use this page to steal sensitive data or install malware

71
Q

Key Logger

A

a type of software that can be used to track keystrokes and capture passwords, account numbers, fraudulent use or people’s online activity

72
Q

Key Stream

A

the message created by the Vernam cipher

73
Q

Letter Frequency Attack

A

where the cipher is decrypted looking at how frequently different letters appear

74
Q

LOIC

A

Low Orbit Ion Cannon

software used in Denial of Service attacks

75
Q

Malware

A

any malicious software

76
Q

Miner

A

a form of malware that uses the resources of an infected device to generate units of cryptocurrency

77
Q

MitM Attack

A

Man in the Middle Attack

occurs when someone sits between two computers and intercepts traffic

78
Q

Name Generator Attack

A

attacks in which the victim is asked to put in personal data, often to produce a name, allowing attackers to find information for security questions

79
Q

Neural Network

A

a computer system modelled on the human brain and nervous system

80
Q

One-Time Pad

A

invented by Claude Shannon in 1949, where plaintext of a message is mixed with random text taken from a one-time pad resulting in a ciphertext which is truly random. The same one-time pad is used to unmix the random text from the cipher text, which results in the original plaintext. Pads can only be used once, hence the name. The red phone used in the 1980s for secure communication between the USA and the USSR was based on this

81
Q

Open Source Intelligence

A

the collection and analysis of data gathered from open sources to produce actionable intelligence

82
Q

Oracle Database

A

an object relational database management system

83
Q

Outerjoin

A

a SQL command that joins columns from one or more tables into one table

84
Q

Parity Checking

A

either a 0 or a 1 will be added to the end of a string of binary code to indicate whether it is odd or even. The receiving host will know whether the parity bit is 1 or 0 so will know that the correct amount of bytes has been transmitted

85
Q

Even Parity

A

where the parity bit is set to 1 if the number of bits is odd so the extra parity bit will make the number of 1s even

86
Q

Odd Parity

A

where the parity bit is set to 1 if the number of bits is even so the extra parity bit will make the number of 1s odd

87
Q

Password Attacks

A

any attacks that involve guessing passwords, such as guess attacks and brute force attacks

88
Q

Password Policies

A

the rules that state you must have a certain amount of capital letters, numbers and special characters in your passwords

89
Q

Port Scanner

A

an application designed to probe a server or host for open ports

90
Q

Pharming

A

where users are unknowingly redirected to a fake website with the intention of identity or information theft

91
Q

Phishing

A

emails sent to large numbers of people asking for sensitive information or encouraging them to visit a fake website

92
Q

Physiological Identifiers

A

associated with the structure of the user is confirmed and include facial recognition, fingerprints, finger geometry, iris recognition, vein recognition, retina scanning, voice recognition and DNA matching

93
Q

Plaintext

A

original data that gets encrypted

94
Q

Polyalphabetic Cipher

A

a cipher involving multiple alphabets, eg Vigenère cipher

95
Q

Port Scanner

A

an application designed to probe a server or host for open ports

96
Q

Pretexting

A

attack in which the perpetrator invents a scenario to convince the victim to give them data or money, often requiring the attacker to maintain conversation with the victim until they are persuaded to give money or information

97
Q

Pseudorandom

A

the idea that computer algorithms can never be truly random because they are generated deterministically

98
Q

Read/Write Permissions

A

limit the amount of people who can access or edit a file

99
Q

Reader

A

a device used to record a biometric factor

100
Q

Redundant Servers

A

active them if the original servers fail; these should be kept off-site and offline to ensure they are not compromised

101
Q

Relocating Key Personnel

A

in a disaster, key personnel should go to a new site and maintain it

102
Q

Root Kit

A

a type of malware that enables cyber criminals to gain access to and infiltrate data without being detected

103
Q

Sandbox

A

an isolated environment for testing code on an isolated network that mimics end-user environments

104
Q

Scanning

A

attacking wide swathes of the internet at random

105
Q

Scanning Device

A

a device used to record biometric data

106
Q

Sensor

A

grabs data and translates it into a usable digital format via software

107
Q

Shadow Brokers

A

branch of the FSB that do cyber attacks

108
Q

Shouldering

A

involves watching a user input passwords, for example, over their shoulder at PIN machines, but also by binoculars or CCTV

109
Q

Social Engineering

A

research on a person or organisation to gain information for an attack

110
Q

Spear Phishing

A

sending e-mails to targeted individuals

111
Q

Spyware

A

installed by opening attachments or downloading infected software, used to collect stored data without the user’s knowledge

112
Q

SQL Injection

A

a technique where users can inject SQL commands into statements via webpage input, which can alter SQL statements and compromise the security of information held in a database

113
Q

Subverting the Supply Chain

A

attack information, equipment or software used to support the organisaiton

114
Q

Theft

A

taking laptops, tablets or smartphones

115
Q

Traffic Analysis and Interception

A
116
Q

Trojan Horse

A

where malware is hidden with a program that appears to be useful

117
Q

Backdoor Trojans

A

enables remote control over the infected computer by a cyber criminal or hacker to do anything they wish on the infected computer

118
Q

Dropper

A

a form of trojan that facilitates delivery and installation of malware

119
Q

Trojan-Banker

A

programs designed to steal account data for online banking systems, e-payment systems and credit or debit cards from infected computers

120
Q

Trojan-DDoS

A

conducts designated Denial of Service attacks against a targeted web address

121
Q

Trojan-Downloaders

A

can download and install new versions of malicious programs onto your computer, including Trojans and adware

122
Q

Trojan-Mailfinders

A

can harvest e-mail addresses from a computer

123
Q

Trojan-Ransom

A

can modify data on your computer so that your computer doesn’t run correctly or you can no longer use specific

124
Q

Turing Test

A

tests how intelligent a computer is based on whether you could interact with it and not know you were talking to a machine

125
Q

Vernam Cipher

A

invented in 1917 by Gilbert Sandford Vernam, it mixes each letter in a message with a letter from a completely randomly chosen string called a key stream. Letters are translated into 5-digit binary numbers known as Baudot Code then a random string that is longer than or equal in length to the message created known as a key stream. Each binary digit can be combined with a binary digit from the key stream using an XOR operation, and to decrypt it, the ciphertext is XORed with the key stream again, then the Baudot code is decoded

126
Q

Vigenère Cipher

A

for the cipher, the plaintext and cipher must be the same length; using a Vigenère square, the plaintext is encrypted

127
Q

Virus

A

programs that spread from one system to another by attaching themselves to host files, used to modify or corrupt information on a targeted computer system

128
Q

Web Server Attacks

A

can either target the application itself in order to get access to sensitive data, or they can use the application as a staging area for attacks against the program’s users

  • Child Pornography Server
  • Malware Download Site
  • Phishing Site
  • Piracy Server
  • Spam Site
  • Warez Server
129
Q

Whale Phishing

A

a form of spear phishing targeting the boss

130
Q

Worm

A

self-replicating programs that identify vulnerabilities in operating systems and enable remote control of infected computers

131
Q

Zombie

A

a computer that has been taken over and is being used by a hacker

132
Q

Zombie Cookie

A

a form of cookie that recreates itself after being deleted from the computer