IS4550 CHAPTER 9 Flashcards
A leading technique, methodology, or technology that through experience has proved to be very reliable and tends to produce consistent and quality results is called ___.
BEST PRACTICE
Temporary workers who can be assigned to any role is called ___.
CONTRACTORS
Assets that are essential for the society and economy to function is called ___.
CRITICAL INFRASTRUCTURE
In the context of information security, this refers to a process by which senior leaders through a chain of command are apprised of a risk. This continues one level of organizational structure at a time until the issue is addressed or has reached the highest level of the organization is called ___.
ESCALATION
Granting elevated rights temporarily to enable a person to resolve a problem quickly and provides emergency access to unprivileged users is called ___.
FIRECALL-ID PROCESS
To eliminate as many security risks as possible by reducing access rights to the minimum needed to perform any task, ensuring access is authenticated to unique individuals, removing all nonessential software, and other configuration steps that eliminate opportunities for unauthorized access is called ___.
HARDEN
An employee, consultant, contractor, or vendor; the ___ may even be the IT technical people who designed the system, application, or security that is being hacked. The ___ know the organization and the applications.
INSIDER
An ___ is when two or more audit disciplines are combined to conduct a single audit
INTEGRATED AUDIT
Captures the keystrokes of a user is called ___.
KEYLOGGER SOFTWARE
___ is a separate platform used to collect logs from platforms throughout the network.
LOG SERVER
When a hacker outlines a story in which the employee is asked to reveal information that weakens the security is called ___.
PRETEXTING
Designed to heighten the awareness and accountability of those users with administrator rights is called ___.
PRIVILEGED-LEVEL ACCESS AGREEMENT (PAA)
Individuals responsible for designing and implementing a security program within an organization is called ___.
SECURITY PERSONNEL
.Manipulating or tricking a person into weakening the security of an organization is called ___.
SOCIAL ENGINEERING
A type of attack in which the hacker adds this code to a Web or application input box to gain access to or alter data in the database is called ___.
STRUCTURE QUERY LANGUAGE (SQL) INJECTION