Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Information Assurance & Security (Cybersecurity Fundamentals) > Information Systems Security > Flashcards

Information Systems Security Flashcards

1
Q

Cybersecurity Professionals and Their Tasks

What is Cybersecurity?

A

Cybersecurity is like a shield that keeps your digital stuff safe from bad guys. These bad guys try to break into your computers, networks, and programs to steal or mess up important information, get money from you, or disrupt your work.

To make this shield strong, you need different layers of protection for your computers, networks, and data. In a company, it’s not just about the technology. People and how they work together also play a big role in keeping everything safe. So, it’s like a team effort to guard against cyber attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Cybersecurity professionals have several important tasks

A
  1. Stay Informed: They keep up with the latest technology and security threats through various sources.
  2. Threat Analysis: They analyze and assess potential threats to understand their significance.
  3. System Checks: They regularly review systems to identify and address any security weaknesses.
  4. Security Measures: They implement security measures and establish protocols to protect systems and data.
  5. Reporting: They create reports for company stakeholders to keep them informed about security status.
  6. Education: They educate others in the company about the importance of security.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Four (4) Cybersecurity Career Paths

Security Architect

A

These experts protect a company’s computer systems by thinking like hackers and anticipating their tactics. They maintain system security, often working irregular hours to stay updated on the latest threats. Some of the best security architects may have a background as former hackers, as they understand how hackers operate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Four (4) Cybersecurity Career Paths

Security Consultant

A

Security consultants act as advisors and supervisors, guiding companies on effective security measures. They assess potential security threats and develop plans for both prevention and response in case of breaches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Four (4) Cybersecurity Career Paths

Ethical Hacker

(White Hat Hacker)

A

Ethical hackers are information security experts who legally and systematically attempt to break into computer systems, networks, or applications to uncover vulnerabilities. They do this with the owner’s permission to identify and fix security weaknesses before malicious hackers can exploit them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Four (4) Cybersecurity Career Paths

Chief Information Security Officer (CISO)

A

The CISO is responsible for overseeing an organization’s information and data security. This role involves managing various aspects such as security operations, data protection, program management, and access control to ensure comprehensive protection of sensitive information.

Examples are security operations, data loss, program management, and access management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Introduction to Risks, Threats, and Vulnerabilities

THE ANATOMY OF CYBERATTACK

Steps 1to 4

A
  1. Reconnaissance: Hackers gather info about the target, like IP addresses and emails. If needed, they trick employees with fake emails to find vulnerabilities.
  2. Attack: Once inside, they steal credentials to gain full access. Then they can steal data, encrypt it for ransom, or tamper with it.
  3. Expansion: They spread across the network, making it harder to detect. They don’t need high-level access anymore.
  4. Obfuscation: Hackers cover their tracks to confuse investigators. They use tricks like fake information, erasing logs, and hidden commands. This is the final step.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Seven (7) cybersecurity risks that may impact organizations

Technology

A

The widespread use of technology introduces vulnerabilities. For instance, if a company relies heavily on online customer data storage, a data breach could expose sensitive customer information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Seven (7) cybersecurity risks that may impact organizations

Supply Chain

A

Organizations increasingly depend on third-party vendors and IoT devices. If a vendor’s systems are compromised, it could affect the organization. For example, a breach at a cloud service provider could impact multiple client companies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Seven (7) cybersecurity risks that may impact organizations

Internet of Things (IoT)

A

IoT devices, like smart thermostats and security cameras, can be hacked if not properly secured. An example is a smart thermostat being hacked to disrupt a company’s HVAC system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Seven (7) cybersecurity risks that may impact organizations

Business Operations

A

Increased connectivity can lead to more vulnerabilities. If a manufacturing plant relies on automated systems connected to the internet, a cyberattack could disrupt production.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Seven (7) cybersecurity risks that may impact organizations

Employees

A

Employees can unwittingly compromise cybersecurity. For instance, clicking on a phishing email link can lead to a malware infection that affects the entire organization’s network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Seven (7) cybersecurity risks that may impact organizations

Regulatory

A

Governments introduce regulations to protect data. For instance, GDPR in Europe mandates strict data protection. Failing to comply can lead to hefty fines and damage an organization’s reputation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Seven (7) cybersecurity risks that may impact organizations

Board of Directors

A

Boards play a crucial role in cybersecurity oversight. If they don’t prioritize cybersecurity, the organization may not be adequately prepared for cyber threats, which could lead to financial and legal consequences.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

12 Cybersecurity Threats and Vulnerabilities

Ransomware

A

This is like digital kidnapping. Criminals use malicious software to lock your computer or files, and they demand money (a ransom) to unlock them. Paying the ransom doesn’t guarantee you’ll get your files back. For example, imagine someone locking your photos and asking for $500 to unlock them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Cybersecurity Threats and Vulnerabilities

Malware

A

It’s short for malicious software. These are programs designed to sneak into your computer and do bad things, like stealing your information or damaging your files. Think of it as a digital spy or thief.

17
Q

Cybersecurity Threats and Vulnerabilities

Social Engineering

A

This is when bad actors trick you into revealing important information. It could be a scammer pretending to be a bank and asking for your account details. They “engineer” a fake scenario to manipulate you.

18
Q

Cybersecurity Threats and Vulnerabilities

Phishing

A

Picture receiving an email that looks like it’s from your bank, but it’s actually from a hacker. They want you to click a link and enter your login info. It’s like a fisherman using bait (the email) to catch your sensitive information.

19
Q

Cybersecurity Threats and Vulnerabilities

Crypting Services

A

Criminals use these to hide their malware. It’s like putting a secret code on a message so only certain people can read it. They use it to avoid detection.

20
Q

Cybersecurity Threats and Vulnerabilities

Crimeware

A

This is the underground market for cybercriminals. They buy and sell malware tools and services. It’s like a black market for digital criminals.

21
Q

Cybersecurity Threats and Vulnerabilities

Remote Administration Tools

A

Imagine a hacker gaining control of your computer from afar. They can steal your data, mess up your computer, or even access your webcam without you knowing. It’s like a digital spy in your house.

22
Q

Cybersecurity Threats and Vulnerabilities

Keyloggers

A

These sneakily record every keystroke you make. Imagine someone secretly listening to your conversations and writing down everything you say, including your passwords.

23
Q

Cybersecurity Threats and Vulnerabilities

Exploit Kits

A

Hackers trick you into visiting a trusted website, but it secretly redirects you to a malicious one. It’s like thinking you’re entering a safe store, but you end up in a hidden trap.

24
Q

Cybersecurity Threats and Vulnerabilities

Leaked Data

A

Criminals steal data from your computer and sell it on the Dark Web. This could be your credit card info, social security number, or even your work login. It’s like someone stealing your wallet and selling your cards.

25
Q

Cybersecurity Threats and Vulnerabilities

Card Skimmers

A

Criminals put hidden devices on things like ATM machines or gas pumps. When you use them, your card info gets stolen. It’s like a thief tampering with a bank machine to steal your card details.

26
Q

Cybersecurity Threats and Vulnerabilities

Unpatched Systems

A

Many vulnerabilities can be fixed with software updates. But some people don’t update their systems. Imagine having a lock on your door, but not using it because it’s old and rusty. Criminals can easily break in.

27
Q

The CIA Triad

A

is a fundamental concept in cybersecurity that focuses on three key principles: Confidentiality, Integrity, and Availability.

In summary, the CIA Triad helps organizations protect their data and systems by focusing on confidentiality (keeping data secret), integrity (keeping data accurate), and availability (ensuring data is accessible). These principles guide the implementation of various security measures to safeguard information from unauthorized access, tampering, and disruptions.

28
Q

Confidentiality

A

This principle ensures that sensitive information is only accessible to authorized individuals and is protected from unauthorized access. It’s like having a secret that only trusted people can know.

Example: When you log into your email account, you need to enter a username and password. Only with the correct credentials can you access your emails. This ensures the confidentiality of your email messages.

29
Q

Integrity

A

Integrity ensures that data remains accurate, unaltered, and true to its original form. It’s about making sure that no one can tamper with or modify data without authorization.

Example: Imagine you’re sending money through a banking app. The app uses encryption to protect the transaction data while it’s being sent. This ensures that the amount you send remains unchanged and reaches the recipient intact.

30
Q

Availability

A

Availability ensures that information and resources are accessible when needed. It’s about making sure that systems are reliable and operational, even in the face of potential disruptions.

Example: A popular online shopping website needs to stay available 24/7 so that customers can make purchases at any time. They use redundancy and backup servers to ensure that the website remains accessible, even if one server fails or during a sudden surge in traffic.

31
Q

Data Classification Standards

A

Data Classification Standards are rules that help categorize data based on how sensitive, valuable, or critical it is. This classification helps determine the level of security needed to protect the data.

Remember, these stages can vary in complexity depending on the organization and the type of data involved. The goal is to follow these steps systematically to ensure data is handled appropriately throughout its lifecycle.

32
Q

Here’s a breakdown of the key stages in managing data according to these standards, with examples:

A
  1. Understanding: This stage involves knowing what the data is, how it’s classified, and where it’s stored. For instance, a hospital might classify patient medical records as highly sensitive data, and they need to understand this to ensure proper protection.
  2. Creating: This step includes collecting data and conducting experiments. For instance, a marketing team gathers customer feedback through surveys to create a database of customer preferences.
  3. Storing: Involves designing storage systems and capturing metadata (data about the data). For example, a bank stores transaction records securely in a database and keeps track of when each record was created.
  4. Using: Data is entered, processed, and analyzed in this phase. An e-commerce website uses data about user behavior to recommend products or personalize the shopping experience.
  5. Sharing: This stage deals with distributing data while controlling access. An academic institution may share research findings with limited access to ensure data integrity.
  6. Archiving: Data is preserved for the long term. A museum archives historical documents by digitizing them and storing them in a climate-controlled facility.
  7. Destroying: When data is no longer needed, it must be securely disposed of. For example, a law firm shreds old legal documents to protect client confidentiality.

Information Assurance & Security (Cybersecurity Fundamentals) (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions