Exam 4: Chapter 4- Information Security Flashcards
the degree of protection against criminal activity, danger, damage, or loss.
security
all of the processes and policies designed to protect an organization’s information and information systems (IS) from unauthorized access, use, disclosure, disruption, modification, or destruction.
information security
any danger to which a system may be exposed.
Threat (to an information resource)
the harm, loss, or damage that can result if a threat compromises that resource.
Exposure (of an information resource)
the possibility that a threat will harm that resource.
Vulnerability (of an information resource)
What are the 5 key factors contributing to the increasing vulnerability of organizational information resources?
- Today’s interconnected, interdependent, wirelessly networked business environment.
- Smaller, faster, cheaper computers and storage devices
- Decreasing skills necessary to be a computer hacker
- International organized crime taking over cybercrime
- Lack of management support
any network within your organization
trusted network
any network external to your organization.
untrusted network
________ _________ enable employees to compute, communicate, and access the Internet anywhere and at any time.
wireless technologies
__________ is an inherently unsecure broadcast communications medium.
wireless
users with limited skills can download and use to attack any information system that is connected to the Internet.
scripts
illegal activities conducted over computer networks, particularly the Internet.
cybercrime
T or F: cybercrimes are typically nonviolent; however, they are quite lucrative. Losses from computer crimes can average hundreds of thousands of dollars. Computer crimes can be committed from anywhere in the world at any time, effectively providing an international safe haven for cybercriminals.
True
What are the 2 major categories of threats?
Unintentional and deliberate threats
acts performed without malicious intent that nevertheless represent a serious threat to information security. A major category of this is human error.
unintentional threats
the higher the level of employee, the (smaller/greater) the threat he or she poses to information security
greater
Employees in two areas of the organization pose especially significant threats to information security:
Why are these two significant threats?
- human resources and information systems
- H.R. employees generally have access to sensitive personal information about all employees.
- IS employees not only have access to sensitive organizational data, but they also frequently control the means to create, store, transmit, and modify those data.
What are 3 other relevant employees in regard to information security?
- Contract labor (such as temporary hires)
- Consultants
- Janitors and guards
an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords.
social engineering
What are 2 social engineering techniques?
Tailgating and shoulder surfing
a technique designed to allow the perpetrator to enter restricted areas that are controlled with locks or card entry. The perpetrator follows closely behind a legitimate employee and, when the employee gains entry, the attacker asks him or her to “hold the door.”
tailgating
occurs when a perpetrator watches an employee’s computer screen over the employee’s shoulder. This technique is particularly successful in public areas such as in airports and on commuter trains and airplanes.
shoulder surfing
What are 10 common types of deliberate attacks?
- Espionage or trespass
- Information extortion
- Sabotage or vandalism
- Theft of equipment/information
- Identity theft
- Compromises to intellectual property
- Software attacks
- Alien software
- SCADA attacks
- Cyberterrorism and cyberwarfare
occurs when an unauthorized individual attempts to gain illegal access to organizational information
espionage or trespass