Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

MIS > Information Security: Barbarians at the Gateway – Gallaugher J. > Flashcards

Information Security: Barbarians at the Gateway – Gallaugher J. Flashcards

1
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

What is it about (Introduction)?

A
  • Security must be top organizational priority.
  • Majority of security breaches can be prevented.
  • Firms suffering a security breach can experience direct financial loss, exposed proprietary information, fines, legal payouts, court costs, damaged reputations, plummeting stock prices, and more.
  • Information security isn’t just a technology problem; a host of personnel and procedural factors can create and amplify a firm’s vulnerability.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

Why is this Happening?

A
  • Reasons:
    o Corporation have a lot data
    o Small employees also access to critical data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

What are Data Harvesters ?

A
  • Data Harvesters: steal data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

What are Cash-out fraudsters?

A

buy from harvesters stolen credit cards to buy goods

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

What are botnets?

A
  • Botnets:
    o networks of infiltrated and compromised machines controlled centrally (up to 10 million computer)
    o sending spam
    o launching distributed denial of Services (DDoS):
     overloading websites with requests  shutdown
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

What is Cyberwarfare?

A
  • Cyberwarfare: attack by terrorist or foreign power with devastating disruptions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

What is a White hat hacker?

A

o White hat hacker:  good guys, probe for weaknesses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

What is a Black hat hacker?

A

o Black hat hacker  bad guys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

What is a Hacktivists?

A

o Hacktivists  hacking as protest measure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

User and Administrator Threats: What are Bad Apples?

A
  • Bad Apples:
    o 70% security incidents involve insiders
    o Temporary work contracts and outsourcing increases risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

User and Administrator Threats: What is Social Engineering:?

A
  • Social Engineering:
    o Tricking employees into revealing information or performing tasks
    o With access to personal info (LinkedIn), much easier to trick
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

User and Administrator Threats: What is Phishing?

A
  • Phishing:
    o Leverage the reputation of firm or friend to trick victim in downloading malware
    o Mails masqueraded as security alert or message from employer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

User and Administrator Threats: What is the deal with Passwords?

A
  • Passwords:
    o Typical webuser has 6,5 passwords
    o Security questions (where is your mom born) can be guessed
    o Alternatives
     Biometrics (fingerprints)
     2x authentication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

Technology Threats: What is Malware?

A
  • Malware
    o Malicious software seeks to compromise a computing system without permission
    o Common via phishing, infected USB drives
    o Adobe and Microsoft primary means by which hackers try to infect

o Methods of infection:
 Virus: programs that infect software or files, require executable (running programm)
 Worms: Similar, but don’t need executable (scan and install themselves)
 Trojans: masqueraded, tricking user to download or install something

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

Technology Threats: What are the goals of Malware?

A

o Goals of Malware:
 Botnets / Zombie Networks
 Malicious adware: unwanted advertisement
 Spyware: monitoring screens, actions and files
 Keylogger: type of spyware recoding user keystrokes
 Screen capture: software recording the pixel appearing on a user’s screen
 Blended Threats: Attacks combining multiple malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

Technology Threats: What are Compromising Web Sites?

A
  • Compromising Web Sites
    o Exploits directly target poorly designed and programmed web sites
    o Directing customers to other websites, monitoring personal data, deleting data
    o SQL Injection
     Method used to give commands what the website has to do
     Fastest growing security thread
     Poorly designed websites can be easily injected
17
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

Technology Threats: What are Encryptions?

A
  • Encryption
    o Scrambling data to make it unreadable
    o Key: needed to unscrample
    o When implemented correct  encryption = rock solid vault
    o Sensible data should be encrypted before sending or storing  lowers risk dramatically
    o VPN Software: Used to minimize risk of public wireless connections by making passed through data unreadable
    o Key Management is essential
18
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

How can user take action?

A

Taking Action as a User
* Surf smart: don’t use public machine when accessing sensitive data
* Stay vigilant: Don’t fall for con artists on the phone an social engineering techniques
* Stay updated: update software
* Stay armed: like taking your car for oil change, you should regularly check your safety and security measures
* Be settings smart: Use VPN, don’t turn on risky settings
* Be password savvy: change password on any new device you instal
* Be disposal smart: Shred personal documents and wipe hard drives when disposing

19
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

How can Organisation take action?

A

Taking Action as an Organization
Frameworks, Standards, Compliance
* ISO Framework: used for standards of an information security management system
* Compliance Requirements
o Legal of professionally binding steps must be taken
o Different for certain industries: “HIPAA”  regulating health data
o Compliance does not equal security: just seeing it as necessary evil, but security doesn’t stop there

20
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

How can Organisation take action: Education, Audit and enfoirment?

A

Education, Audit and Enforcement
* Antivirus software does not keep a company safe alone  education needed
* Employees need to be training on firms policies face penalties in case the fail to meet obligations
* Auditing the real time use of IT is essential to keep an overview

21
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

How can Organisation take action: What Needs to Be Protected and How much Is Enough?

A

What Needs to Be Protected and How much Is Enough?
* Most firms don’t know what they need to protect and where valuables are kept
* Inventory style auditing and risk assessment is crucial for information security
* Security must be dealt with as an economic problem

22
Q

(Chapter 13: Information Security: Barbarians at the Gateway – Gallaugher J.)

How can Organisation take action: What is Technology’s Role?

A

Technology’s Role

Patches: Pay attention to patches to plug existing holes in software’s
* Lock down hardware methods:
o Issue standard system throughout a company to ensure safety
o Preventing wifi use or requiring VPN use
o All data is stored in the cloud but not on the hardware
* Firewalls: blocking certain type of access to a network
* Intrusion detection systems: look for unauthorized behaviour
* Honeypots: meant to distract attackers and used to identify attackers
* Blacklists: denying entry of specific IP addresses
* Whitelists: only access to certain sites
* Lock down partners: insists partner firms (e.g. within supply chain) to use same security standard
* Lock down systems: security team muss constantly scan exploits for all firm’s partners
* Audit trails: Recording, monitoring and auditing access allows firms to hunt for patterns of abuse
* Failure and recovery plans: what needs to be done when data got stolen

MIS (32 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions