IT Security Flashcards
What was Stuxnet?
a sophistocated worm that disables IRans nuke program for a while and also opened up a new threat for cyberwarfare
What are the Goals of an Information Security Program
CIA Model. Confidentiality(keeping sensitive info out of the wrong hands) Integrity (Protect form intentional or accidental modification) Availability(accessible when needed)
What are the 3 components of the Info Security Model
Information States, Information Security Properties, Security MEasures
What are the 3 info security properties
CIA again
What are the 3 information states
processing storage transmission
what are the 3 types of Security Measures
Policy &Procedures, Technology, Education & Training & Awareness
What are some of the motivations of cyber criminals? (x8).
account transfers, stealing personal and financial data, corporate espionage, cyberwarfare, terrorism, pranks, Hacktivism, revenge. All the same people find data cutting edge cannot take pranks real hard.
Where do most threats come from
insiders and unknown causes
What is Phishing?
cons executed through technology achieved by leveraging the reputation of trusted firm or friend to trick a victim into revealing info or doing something
What do bot-herders do?
install malware onto computers and either execute an attack or sell the “Zero Day” capability on the black market
What is social engineering?
con games trick employees into revealing information or other compromising tasks. Methods include baiting someone to give up info that can help the attacker. uses harassment, guilt or intimidation especially on social media ex: the models buddying up with IT staff
What is shoulder surfing
looking over someone’s shoulder to see their password
what is unique about this part of IT?
It almost never increases profits, thankless job, mess up once and youre screwed
What is Qualitative Risk Analysis
probability X Severity = Exposure. Take care of high exposure first
What are the 4 possible responses to risk?
Accept it, Transfer it, Mitigate it, Avoid It
