IAS chap 2 Flashcards
Items of fact collected by an organization.
raw numbers, facts, and words
Data
practice of protecting digital information from unauthorized access, corruption, or theft throughout its entire lifecycle.
Data security
an intentional or unintentional act that can damage or otherwise compromise information and the systems that support it.
Attack
an object, person, or other entity that represents a constant danger to an asset
Threat
the ownership of ideas and control over the tangible or virtual representation of those ideas
Intellectual property (IP)
most common IP breach
It is an unauthorized duplication, installation, or distribution of computer software
Software Piracy
uses unethical means to collection and analyze the information about an organization’s business competitors
Industrial espionage
– protect equipment against spikes, surges and blackouts for a limited period
Uninterruptible power supply (UPS)
A document that specifies the expected level of service from a service provider
Service Level Agreement (SLA)
an electronic and human activities that can breach the confidentiality of information
Espionage or Trespass
analysis of information of other company thru a legal techniques
Competitive intelligence
one of the greatest threat in an organization asset
Employee
is a broad range of malicious activities accomplished through psychological manipulation of people
Social engineering
relies on the curiosity or greed of the victim
Baiting
looking over someone’s shoulder to get information
Shoulder Surfing / Pretexting
click on links to malicious websites
mainly conducted through emails and phone calls
Phishing
more targeted version of phishing, send a customize message to their target (high officials)
Spear Fishing
mainly conducted through emails and phone calls
Whaling
victim is deceived to think their system is infected to installing fake antivirus
Scareware
involve injecting malware that encrypts a victim’s critical data
Ransomware
help attacker to gain unauthorized access into an organization physical facilities
Tailgating
attacker retrieved discarded information thrown in trash
Dumpster Diving
an attack that denies access and offer fee to the victim to return their access
Ransomware
computer software specifically designed to perform malicious or unwanted actions.
Malware
A type of malware that is capable of activation and replication without being attached to
an existing program.
Worms
is a computer program that attaches itself to an executable file or application.
Virus
A malware program that hides its true nature and reveals its designed behavior only
when activated.
Trojan Horses
changing its size and other external file characteristics to elude detection by antivirus software
programs.
Polymorphic Threats
time and money are spent resolving virus hoaxes.
Virus and Worm Hoaxes -
A malware payload that provides access to a system by bypassing normal access
controls.
Back Doors
an attack that attempts to overwhelm a computer target’s ability to handle incoming communications, prohibiting legitimate users from accessing those systems.
DoS (Denial of Service)
Spam is unsolicited commercial e-mail
Email Attacks
attack designed to overwhelm the receiver with excessive quantities of e-mail
Mail bomb
technique for gaining unauthorized access to computers using a forged or modified source IP address to give the perception that messages are coming from a trusted host.
Spoofing
The redirection of legitimate user Web traffic to illegitimate Web sites with the intent to collect personal information.
Pharming
A group of attacks whereby a person intercepts a communications stream and insert himself in the conversation to convince each of the legitimate parties that he is the other communications partner.
Man-in-the-Middle -
