Exam 2 Flashcards
an attack made before awareness of repair of vulnerabilities are discovered
Zero Day Attack
taking advantage of vulnerabilities
Exploit
Malware that stops users from access unless certain demands are met
Ransomware
Programming code disguised as something else that corrupts an infected computer
Virus
Harmful program that resides in computers’ active memory and duplicates itself
Worm
Seemingly harmless program that hides malicious code & tricks users to open it
Trojan Horse
Combines features of virus, worm, Trojan horse, and other malicious code
Blended Threat
Unsolicited email sent to large numbers of people
Spam
Attack that takes over computers via the Internet flooding a target site with demands for data, etc.
Distributed Denial of Service(DDOS)
Set of programs enabling its users to gain administrator-level access to a computer without consent or knowledge
Rootkit
Intruder gains access to a network and stays undetected intending to steal data over long period
Advanced Persistent Threat(APT)
Fraudulently using email to try to get the recipient to reveal personal data
Phishing
a targeted version of phishing
Spear Phishing
a version of phishing using voicemail
Vishing
a version of phishing using SMS messaging
Smishing
Deployment of malware that steals data from organizations like govt agencies, military contractors, political organizations, or manufacturing firms
Cyberespionage
Intimidation of a govt or civilian population by using IT to disable critical infrastructure
Cyberterrorism
Federal agency created to provide a “safe, more secure America”. Contains the Office of Cybersecurity and Communications.
Department of Homeland Security
Addresses fraud and related activities in association with computers
Computer Fraud and Abuse Act
Addresses false claims regarding unauthorized use of credit cards
Fraud and Related Activity in Connection with Access Devices Statute(FRACADS)
Unlawful access to stored communication to obtain, alter, or prevent authorized access to a wire or electronic communication while in storage
Stored Wire and Electronic Communications and Transactional Records Access Statutes(SWECTRA)
Defined cyberterrorism and associated penalties. This act expired in 2020.
USA Patriot Act
Part of the CIA Security Triad and ensures only those individuals with proper authority can access sensitive data
Confidentiality
Part of the CIA Security Triad and ensures data can only be changed by authorized users
Integrity
Part of the CIA Security Triad and ensures data can be accessed when and where needed
Availability
Process of assessing security-related risks to computers & networks from internal & external threats. Identifies biggest threats and helps focus efforts on fixing said threats.
Risk assessment
Documented process for recovering an organization’s business IS assets, including hardware, software, data, networks, facilities.
Disaster Recovery
Defines security requirements and controls, sanctions needed to meet them: what needs to be done, not how
Security policy
Provides a comprehensive display of all key performance indicators related to security defenses including threats, exposures, compliance, alerts
Security Dashboard Software
Software and/or hardware that stands guard between an internal network and the Internet
Firewall
Networking device connecting multiple networks transmitting data packets between them. Each of these devices is secure w/passphrase and has a unique media access control(MAC) for each device.
Router
Intermediary between web browser and another server on the Internet
Proxy Server
Enables remote users to remotely yet securely access organization’s resources. Also hides IP address.
Virtual Private Network (VPN)
Gives users authority to only perform assigned responsibilities
User roles & accounts
a method of securing data that protects data from unauthorized access
Data encryption
Monitors, manages, & maintains computer & network security for other organizations. These are typically too costly for many organizations to have in-house
Managed Security Service Provider (MSSP)
Combines elements of law & computer science to collect, examine, & preserve data. Preserves integrity of the data so it may be admissible as evidence in court.
Computer Forensics
A combination of data privacy and communications privacy.
Information Privacy
Ability to communicate with others without those communications being monitored
Communications Privacy
ability to limit access to one’s personal data by others
Data Privacy
Regulates the operations of credit reporting bureaus and is enforced by the Federal Trade Commision.
Fair Credit Reporting Act, 1970
Protects records of financial institution customers from unauthorized scrutiny by the federal government. This act requires the government to provide written notice of intent to secure financial records, explanation, and which records. To access financial records permission, a judicial subpoena, or a search warrant is needed.
Right to Financial Privacy Act, 1978
Bank deregulation that created one stop supermarkets
Gramm-Leach-Bliley Act, 1999
Amended the Fair Credit Reporting Act allowing customers to obtain a free credit report annually.
Fair and Accurate Transaction Act, 2003
mandatory guidelines for collection and disclosure of personal financial data. This includes the right to opt out of personal data being shared with third-parties
Financial Privacy Rule
a set of rules that require documented plan for protecting data.
Safeguard Rules
a set of rules that encourages organizations to implement safeguards against people accessing data without proper authority
Pretexting Rules
Requires Healthcare organizations to standardize electronic transactions, codes, etc. Enabling them to fully digitalize medical records.
Health insurance Portability and Accountability Act(HIPAA)
Bans the sale of electronic health records. Promotes use of audit trails and encryption. Provides rights of access for patients. Requires notification of data breaches.
American Recovery and Reinvestment Act
Assigns rights to parents(or students at 18) to children’s educational records.
Family Educational Rights and Privacy Act(FERPA)
Gives parents control over collection, use, & disclosure of their children’s personal info online
Children’s Online Privacy Protection Act(COPPA)
Sets out requirements to protect minors from online harms. Covered platforms must act in the best interest of minors
Kid’s Online Safety Act(KOSA)
Allows Law Enforcement to use wiretapping & electronic eavesdropping with a warrant
Wiretap Act(title 3 of omnibus crime control and safe streets act)
Fair information practices that sets rules for collection, maintenance, use, and dissemination of personal data kept by federal agencies.
Privacy Act
Procedures for surveillance and collection of foreign agencies on domestic soil. Allows surveillance without a court order within the US for up to a year unless surveillance will acquire the contents of any communication to which a US person is a party.
Foreign Intelligence Surveillance Act
Requires telecommunications providers to hold data and respond to National Security Agency.
USA Freedom Act
Identifies US intelligence-gathering agencies. Defines what info can be collected, retained, and disseminated.
Executive Order 12333
Grants citizens the right to access certain information of the government upon request. Redactions are allowed for private, proprietary, or security information.
Freedom of Information Act
Collection prep, review, and production of electronically stored info for use in criminal and civil actions
Electronic Discovery
cookies and tracking software to gather data about customers.
Consumer Profiling
A type of speech that is grossly improper or offensive
Indecency
A form of speech that is disgusting to the senses, abhorent to morality or virtue, Designed to incite to lust of depravity.
Obscenity
-An average person applying contemporary community standards would find the work, taken as a whole, appeals to prurient interest.
-Work must depict sexual conduct in a patently offensive manner specifically defined by law
-The work taken as a whole lacks SLAPP value(Serious, Literary, Artistic, Political, Scientific)
Three-part Test
Weaponizes the judicial system as a backdoor method of stifling political expression. Typically this is used with some kind of defamation claim.
Strategic Lawsuit Against Public Participation(SLAPP)
Procedural motion to throw out a case. In this act the plaintiff must prove they could win on legitimate merits of the case. Whoever loses typically has to pay fees.
Anti-SLAPP or SLAPP-back Act (Strategic Lawsuit Against Public Participation)
This act covers the transmission of indecent material via the internet. Fines go up to as high as 250,000 with a punishment of prison up to 2 years.
Communications Decency Act
This act covers harmful communications for commercial purposes available to any minor. Fines can go as high as 50,000 with a punishment of up to 6 months in jail.
Child Online Protection Act
This act states that federally financed schools and libraries must use technology to block minors access to obscene, child pornography, or other harmful material.
Children’s Internet Protection Act
Making a statement of alleged fact. This statement would be false, harmful, and might cause damage to their reputation.
Defamation
An oral form of defamation
Slander
A written form of defamation
Libel
