IS ASSURANCE W5-6 Flashcards
Compliance and Trust:
Regulatory compliance
Risk management:
Building trust
Helps organizations meet data privacy regulations and industry standards,avoiding hefty fines and legal repercussions.
Regulatory compliance:
Proactive identification and mitigation of security vulnerabilities,minimizing potential damage from cyberattacks.
Risk management:
Demonstrates to stakeholders,customers,and partners a commitment to protecting their data,boosting overall reputation and confidence.
Building trust:
Operational Efficiency and Effectiveness:
Improved decision-making:
Resilient infrastructure:
Cost savings:
Ensures data accuracy and integrity,leading to sound business decisions based on reliable information.
Improved decision-making:
Minimizes downtime and disruptions caused by security incidents,maintaining operational continuity.
Resilient infrastructure:
Prevents financial losses from data breaches,ransomware attacks,and regulatory fines.
Cost savings:
Self-replicating programs that spread through systems,damaging files and disrupting operations.Ex:WannaCry ransomware attack.
Viruses
Similar to viruses but propagate without user interaction.Ex:Morris Worm,which impacted early internet infrastructure.
Worms
Encrypts files,demanding a ransom payment for decryption.Ex:Ryuk ransomware attack on hospitals.
Ransomware
Disguised as legitimate software,granting attackers access once downloaded.Ex:Emotet malware used for data theft.
Trojan horses
Targeted emails impersonating trusted individuals or organizations,tricking users into revealing sensitive information.
Spear phishing
Similar to phishing but uses SMS text messages.
Smishing
Uses phone calls to impersonate legitimate entities and exploit trust.
Vishing
Lures users with attractive offers or fake urgency to click malicious links or download attachments.
Baiting
Data Breaches:
SQL injection
Cross-site scripting (XSS)
Man-in-the-middle attacks:
Zero-day attacks
Exploiting vulnerabilities in database queries to steal data.
SQL injection
Injecting malicious scripts into websites to steal user data.
Cross-site scripting (XSS)
Intercepting communication between users and websites to steal data.
Man-in-the-middle attacks
Exploiting unknown vulnerabilities before software vendors release patches.
Zero-day attacks
Disgruntled employees stealing data or sabotaging systems.
Insider Threats:
Contractors or vendors with unauthorized access exploiting vulnerabilities.
Insider Threats:
Deepfakes used for social engineering attacks.
Artificial Intelligence (AI):