ITEC 85 (SIR CAUREL) Flashcards

1
Q

is an important
asset to every individual or
organization

A

Digital information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

it is a field the
process the safeguarding of the
integrity of data use by individuals or
organization

A

Information Assurance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Prevents unwanted access to private
information

A

Information Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Development and implementation of
tools and technique for keeping data
safe.

A

Information Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Designing of defense mechanism
software

A

Information Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Information Security

A

Similarities of Information Assurance and
Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

CNSS SECURITY MODEL

A

John McCumber called McCumber
Cube

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

smartphone that fits a
pocket or large as a super computer

A

Computer Hardware-

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

-peripherical devices, such as
keyboards, externals disk, drives and routes

A

Computer Hardware-

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

let the hardware
knows what to do

A
  1. Computer Software-
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

-it sends signal task

A
  1. Computer Software-
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

– connects the
hardware together to form a network.

A
  1. Telecommunication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

a network is a set of computers that
is connected wired or wireless.

A
  1. Telecommunication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

-LAN & WAN

A
  1. Telecommunication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

-component where the “material”
that the other component work with resides.
-place where data is collected and
from which it can be retrieved by QUERYING

A
  1. Database and Database Warehouse
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  • the final and possibly most
    important component of information system
    is the human element.
  • people that are needed to run the
    system and the procedure
A
  1. Human Resources and ProcedureS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

➢ Should result in a high-quality system
that meets customers expectations,
reaches completion within time and
cost evolutions and works.
(RDITDOM)
* Requirements
* Design
* Implementation
* Testing
* Deployment
* Operation
* MaintenancE

A

SYSTEM DEVELOPMENT LIFE CYCLE (SDLC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

– Systematic approach which
explicitly breaks down the work into phase
that required to implement (PADIM

A

PHASE OD SDLC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

obtain approval of project
initiate, plan schedule

A

Planning:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

understand business needs
and processing needs

A

Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

solution system based on
requirements and analysis decision

A

Design

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

construct, test, train
users, install new system

A

Implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

: keep system healthy
and improve

A

Maintenance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Is defined as the set of procedures
that are executed in a sequence in the
software development cycle (SDLC)

A

SECURITY SYSTEM DEVELOPMENT LIFE CYCLE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
process is started by the officials/directives working at the top-level management
1. System Investigation
26
detailed documentation analysis of the documents form
2. System Analysis
27
development of tools and the following blueprints
3. Logical Design
28
technical teams acquire tool and blueprint
4. Physical Design
29
carried out with the help of various teams aggressively testing
5. Implementation
30
the security program must be kept up to date
6. Maintenance-
31
in layman’s term, is digital assault on computer network.
cyberattack
32
Is malicious act that attempts to damage data, steal data or destroy life in general
cyber threat
33
include computer viruses, data breathes and denial of service
Cyber threats
34
Here are 8 biggest threats of businesses.
1. Financial Issues 2. Laws And Regulation 3. Broad Economic Uncertainly 4. Attracting And Retaining Talent 5. Legal Liability 6. Cyber, Computer, Technology Risk/Data Breaches 7. Increasing Employee Benefits Cost 8. Medical Cost Inflation
35
extortion of money in exchange of files
1. Ransomware
36
unauthorized access
2. Malware
37
– to trick a user in giving sensitive information
3. Social Engineering
38
– sending fraudulent e-mails
4. Phishing
39
encrypting malware
5. Crypting Services
40
- buying and selling malware on the Dark Web
6. Crimeware
41
hackers control over the devicE
7. Remote Administration tools
42
malwares that records keyboard stroke
8. Keyloggers
43
visiting a trusted site but then get redirected to a malicious site
9. Exploit kits
44
stolen data from a user’s machine
10. Leaked data-
45
implanted in bank teller machine and PQS
11. Cards skimmers
46
outdate systems are vulnerable to attack.
12. Unpatched systems-
47
- Security is very essentials because when a company ignores that it exposes itself to risk - Huge amount of data can be stolen at anytime - Few business don’t tale this seriously and end up with financial losses and bruised reputation
Security Software Development
48
- continuous monitoring for vulnerabilities results in better applications quality and mitigation of business risk
1. Higher security
49
early attention to flows significantly reduces the effort required to detect and fix them
2. Cost reduction
50
encourages a conscientious attitude towards security - related laws and regulation. Ignoring them may result in fines and penalties, even if no sensitive data is lost.
3. Regulatory compliance
51
As _________ explains in The Social Contract, or Principles of Political Right, the rules the members of a society create to balance the individual rights to self-determination against the needs of the society as a whole are called laws.
Jean Jacques Rousseau
52
These policies are guidelines that describe acceptable and unacceptable employee behaviors in the workplace, function as organizational laws, complete with penalties, judicial practices, and sanctions to require compliance.
Organizational Liability and the Need for Counsel
53
The organization must be able to demonstrate that the relevant policy has been made readily available for review by the employee.
Dissemination (distribution) –
54
- The organization must be able to demonstrate that it disseminated the document in an intelligible form, including versions for illiterate, non-English reading, and reading-impaired employees.
Review (reading) -
55
The organization must be able to demonstrate that the employee understood the requirements and content of the policy
Comprehension (understanding) -
56
The organization must be able to demonstrate that the employee agreed to comply with the policy through act or affirmation
Compliance (agreement) -
57
The organization must be able to demonstrate that the policy has been uniformly enforced, regardless of employee status or assignment.
Uniform enforcement
58
comprises a wide variety of laws that govern a nation or state.
 Civil law
59
addresses activities and conduct harmful to society, and is actively enforced by the state.
 Criminal law
60
encompasses family law, commercial law, and labor law, and regulates the relationship between individuals and organizations.
 Private law
61
regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments.
 Public law
62
is the cornerstone of many computer-related federal laws and enforcement efforts.
The Computer Fraud and Abuse Act of 1986 (CFA Act)
63
Many organizations are collecting, swapping, and selling personal information as a commodity, and many people are looking to governments for protection of their privacy.
Privacy -
64
- The Privacy of Customer Information Section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services,
Privacy of Customer Information
65
The Federal Trade Commission (FTC) describes identity theft as “occurring when someone uses your personally identifying information, like your name without permission.
Identity Theft
66
 It is important for IT professionals and information security practitioners to realize that when their organizations do business on the Internet, they do business globally.  As a result, these professionals must be sensitive to the laws and ethical values of many different cultures, societies, and countries.
INTERNATIONAL LAWS AND LEGAL BODIES
67
 It created an international task force to oversee a range of security functions associated with Internet activities for standardized technology laws across international borders.  Signed by 43 countries in Budapest, November 2001.
Council of Europe Convention on Cybercrime
68
The Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS), created by the World Trade Organization (WTO)
Agreement on Trade-Related Aspects of Intellectual Property Rights
69
 TRIPS establishes minimum standards for the availability, scope, and use of seven forms of intellectual property:
copyrights, trademarks, geographical indications, industrial designs, patents, layout designs for integrated circuits, and undisclosed information
70
is the American contribution to an international effort by the World Intellectual Properties Organization (WIPO).
The Digital Millennium Copyright Act (DMCA)
71
is a federal law that is designed to protect copyright holders from online theft—that is, from the unlawful reproduction or distribution of their works. The DMCA covers music, movies, text and anything that is copyrighted.
The Digital Millennium Copyright Act (DMCA)
72
 Many Professional groups have explicit rules governing ethical behavior in the workplace.  For example, doctors and lawyers who commit egregious violations of their professions’ canons of conduct can be removed from practice.  The information technology field in general, and the information security field in particular, do not have a binding code of ethics.
ETHICS AND INFORMATION SECURITY
73
_____ can make it difficult to determine what is and is not ethical—especially when it comes to the use of computers
 Cultural differences
74
 The topic of software license infringement, or piracy, is routinely covered by the popular press.  Among study participants, attitudes toward piracy were generally similar; however, participants from the United States and the Netherlands showed statistically significant differences in attitudes from the overall group.
Software License Infringement
75
 The study respondents unilaterally condemned viruses, hacking, and other forms of system abuse.
Illicit Use
76
 The scenarios used to examine the levels of tolerance for misuse of corporate resources each presented a different degree of noncompany use of corporate assets without specifying the company’s policy on personal use of company resources.
Misuse of Corporate Resources
77
There are three general causes of unethical and illegal behavior:
Ignorance, Accident, Intent
78
Ignorance of the law is no excuse
Ignorance
79
Careful planning and control, helps prevent accidental modification to systems and data
Accident:
80
Criminal or unethical intent goes to the state of mind of the person performing the act
Intent
81
Potential offenders must fear the penalty. Threats of informal reprimand may not have the same impact as the threat of imprisonment or forfeiture of pay.
Fear of penalty
82
- Potential offenders must believe there is a strong possibility of being caught. Penalties will not deter illegal or unethical behavior unless there is reasonable fear of being caught.
Probability of being caught
83
- Potential offenders must believe that the penalty will in fact be administered
Probability of penalty being administered
84
A number of professional organizations have established codes of conduct or codes of ethics that members are expected to follow. Codes of ethics can have a positive effect on people’s judgment regarding computer use
CODE OF ETHICS AND PROFESSIONAL ORGANIZATION
85
is a nonprofit organization that focuses on the development and implementation of information security certifications and credentials
International Information Systems Security Certification Consortium, Inc. (ISC) (www.isc2.org)
86
which was founded in 1989, is a professional research and education cooperative organization with a current membership of more than 156,000 security professionals, auditors, system administrators, and network administrators
System Administration, Networking, and Security Institute (SANS) (www.sans.org),
87
is a nonprofit society of information security professionals.
The Information Systems Security Association (ISSA) (www.issa.org)
88
WHEN WAS THE System Administration, Networking, and Security Institute (SANS) (www.sans.org) FOUNDED
1989