Final Exam Flashcards
threat
a person or organization that seeks to obtain or alter data or other IS assets illegally, without the owners permission and often without the owners knowledge
vulnerability
an opportunity for threats to gain access to individual or organizational assets. some exist because there are no safeguards or because the existing safeguards are ineffective
safeguard
any action, device, procedure, technique or other measure that reduces a system’s vulnerability to a threat
target
the asset that is desired by a security threat
pretexting
deceiving someone over the internet by pretending to be another person or organization
phishing
a technique for obtaining unauthorized data that uses pretexting via email. the person doing the deed pretends to be a legitimate company and sends an email requesting confidential data such as account numbers, social security, account passwords etc
phisher
an individual or organization that spoofs legitimate companies in an attempt to illegally capture personal data such as credit card numbers email accounts and driver’s license numbers
spoofing
when someone pretends to be someone else with the intent of obtaining unauthorized data.
IP spoofing
a type of spoofing whereby an intruder uses another site’s IP address as if it were that other site
email spoofing
a synonym for phising. a technique for obtaining unauthorized data that uses pretexting via email. fisheries direct traffic to their sites under the guise of a legitimate business
sniffing
a technique for intercepting computer communications. with wired networks this action requires a physical connection to the network and with wireless networks no such connection is required
wardriver
people who use computers with wireless connections to search for unprotected wireless networks
hacking
a form of computer crime in which a person gains unauthorized access to a computer system. although some people do this for the sheer joy of it, others invade systems for the malicious purpose of stealing or modifying data
usurpation
occurs when unauthorized programs invade a computer system and replace legitimate programs. such unauthorized programs typically shut down the legitimate systems and substitute their own processing to spy, steal and manipulate data or achieve other purposes
denial of service (DoS)
security problem in which users are not able to access an information system; can caused by human errors, natural disaster, or malicious activity
advanced persistent threat (APT)
a sophisticated possibly long running computer hack that is perpetrated by large well funded organizations like governments. as means to engage in cyber warfare
intrusion detection system (IDS)
a computer program that senses when another computer is attempting to scan the disk or otherwise access a computer
brute force attack
a password cracking program that tries every possible combination of characters
cookies
a small file that is stored in the user’s computer by a browser. can be used for authentication, for storing shopping cart contents and user preferences and for other legitimate purposes. can also be used to implement spyware
identification
the process whereby an information system identifies a user by requiring the user to sign on with a username and password
authentification
the process whereby an information system verifies or validates a user
Gramm Leach Bliley (GLB) Act
passed by congress in 1999, this act protects consumer financial data stored by financial institutions which are defined as banks security firms insurance companies and organizations that provide financial advice, prepare tax returns, and provide similar financial services
privacy act of 1974
federal law that provides protections to individuals regarding records maintained by the US government
health insurance portability and accountability act (HIPPA)
the privacy provisions of this 1996 act give individuals the right to access health data created by doctors and other healthcare providers. this also sets rules and limits on who can read and receive a person’s health information