Ethics in Tech Flashcards
a cyperattack that takes place before the security community and/or software developers become aware of and fix security vulnerability
Zero-day exploits
malware that keeps you from accessing your accessing data until you meet certain demands
Ransomware
umbrella term for a piece of programming code that causes a computer to behave in an unexpected and desirable manner
Viruses
a harmful program that resides in the active memory of the computer and duplicates itself
Worm
a seemingly harmless program with malicious code.. infected software seems harmless
Trojan Horse
an attack in which a malicious hacker takes over a computer via internet to flood the target site and make it so legitimate users cannot access the site
Distributed denial-of-service attack (DDoS)
allows a user to gain access administrator-level access to a computer without permission
Rootkit
a network attack that allows a hacker to gain access to a network undetected in order to steal data over a period of time
Advanced persistent threat
fraudulently using email to try to get a recipient to reveal personal data
Phishing
a type of phishing that sends fraudulent emails to employees
Spear Phishing
a variation of phishing that involves texting
Smishing
a variation of phishing that involves voicemail
Vishing
the deployment of malware that secretly steals data in the computer system of organizations
Cyberespionage
intimidation of a government or civilian population by using information technology to disable national infrastructure to achieve political, religious, or ideological goals
Cyberterrorism
oversees U.S. cyber and communication infrastructure
The Department of Homeland Security’s Office of Cybersecurity and Communications
addresses several fraud related activities such as illegal access, transmitting harmful codes and commands, trafficking passwords, and threatening to damage a computer program
Computer fraud and abuse act
only people with authority should be able to access data
Confidentiality
only authorized individuals can make changes to data
Integrity
data can be accessed when and where it is needed
Availability
the process of assessing security-related risks to an organization’s computers and networks from both internal and external threats
Risk-Assessment
part of cost-benefit analysis, management must use judgement to assure the cost of protecting a system does not exceed the benefits
Reasonable Assurance
a documented process for recovering an organization’s assets in the event of a disaster
Disaster recovery plan
a risk-based plan that allows an organization to carry out its operations in case of a cyberattack or some form of disaster
Business continuity plan
determining what business processes are most pivotal to an organization
Mission-critical process
