ITEC 85 (SIR CAUREL) Flashcards
1
Q
is an important
asset to every individual or
organization
A
Digital information
2
Q
it is a field the
process the safeguarding of the
integrity of data use by individuals or
organization
A
Information Assurance
3
Q
Prevents unwanted access to private
information
A
Information Security
4
Q
Development and implementation of
tools and technique for keeping data
safe.
A
Information Security
5
Q
Designing of defense mechanism
software
A
Information Security
6
Q
Information Security
A
Similarities of Information Assurance and
Security
7
Q
CNSS SECURITY MODEL
A
John McCumber called McCumber
Cube
8
Q
smartphone that fits a
pocket or large as a super computer
A
Computer Hardware-
9
Q
-peripherical devices, such as
keyboards, externals disk, drives and routes
A
Computer Hardware-
10
Q
let the hardware
knows what to do
A
- Computer Software-
11
Q
-it sends signal task
A
- Computer Software-
12
Q
– connects the
hardware together to form a network.
A
- Telecommunication
13
Q
a network is a set of computers that
is connected wired or wireless.
A
- Telecommunication
14
Q
-LAN & WAN
A
- Telecommunication
15
Q
-component where the “material”
that the other component work with resides.
-place where data is collected and
from which it can be retrieved by QUERYING
A
- Database and Database Warehouse
16
Q
- the final and possibly most
important component of information system
is the human element. - people that are needed to run the
system and the procedure
A
- Human Resources and ProcedureS
17
Q
➢ Should result in a high-quality system
that meets customers expectations,
reaches completion within time and
cost evolutions and works.
(RDITDOM)
* Requirements
* Design
* Implementation
* Testing
* Deployment
* Operation
* MaintenancE
A
SYSTEM DEVELOPMENT LIFE CYCLE (SDLC)
18
Q
– Systematic approach which
explicitly breaks down the work into phase
that required to implement (PADIM
A
PHASE OD SDLC
19
Q
obtain approval of project
initiate, plan schedule
A
Planning:
20
Q
understand business needs
and processing needs
A
Analysis
21
Q
solution system based on
requirements and analysis decision
A
Design
22
Q
construct, test, train
users, install new system
A
Implementation
23
Q
: keep system healthy
and improve
A
Maintenance
24
Q
Is defined as the set of procedures
that are executed in a sequence in the
software development cycle (SDLC)
A
SECURITY SYSTEM DEVELOPMENT LIFE CYCLE
25
process is
started by the officials/directives
working at the top-level management
1. System Investigation
26
detailed
documentation analysis of the
documents form
2. System Analysis
27
development of tools
and the following blueprints
3. Logical Design
28
technical teams
acquire tool and blueprint
4. Physical Design
29
carried out with the
help of various teams aggressively
testing
5. Implementation
30
the security program
must be kept up to date
6. Maintenance-
31
in layman’s term, is
digital assault on computer network.
cyberattack
32
Is malicious
act that attempts to damage data,
steal data or destroy life in general
cyber threat
33
include computer
viruses, data breathes and denial of
service
Cyber threats
34
Here are 8 biggest threats of businesses.
1. Financial Issues
2. Laws And Regulation
3. Broad Economic Uncertainly
4. Attracting And Retaining Talent
5. Legal Liability
6. Cyber, Computer, Technology
Risk/Data Breaches
7. Increasing Employee Benefits Cost
8. Medical Cost Inflation
35
extortion of money in
exchange of files
1. Ransomware
36
unauthorized access
2. Malware
37
– to trick a user in
giving sensitive information
3. Social Engineering
38
– sending fraudulent e-mails
4. Phishing
39
encrypting
malware
5. Crypting Services
40
- buying and selling
malware on the Dark Web
6. Crimeware
41
hackers control over the devicE
7. Remote Administration tools
42
malwares that records
keyboard stroke
8. Keyloggers
43
visiting a trusted site but
then get redirected to a malicious site
9. Exploit kits
44
stolen data from a
user’s machine
10. Leaked data-
45
implanted in bank
teller machine and PQS
11. Cards skimmers
46
outdate systems
are vulnerable to attack.
12. Unpatched systems-
47
- Security is very essentials because
when a company ignores that it
exposes itself to risk
- Huge amount of data can be stolen at
anytime
- Few business don’t tale this seriously
and end up with financial losses and
bruised reputation
Security Software Development
48
- continuous
monitoring for vulnerabilities results
in better applications quality and
mitigation of business risk
1. Higher security
49
early attention to
flows significantly reduces the effort
required to detect and fix them
2. Cost reduction
50
encourages a
conscientious attitude towards security
- related laws and regulation.
Ignoring them may result in fines and
penalties, even if no sensitive data is
lost.
3. Regulatory compliance
51
As _________ explains in
The Social Contract, or Principles of
Political Right, the rules the members
of a society create to balance the
individual rights to self-determination
against the needs of the society as a
whole are called laws.
Jean Jacques Rousseau
52
These policies are guidelines that
describe acceptable and unacceptable
employee behaviors in the workplace,
function as organizational laws,
complete with penalties, judicial practices, and sanctions to require
compliance.
Organizational Liability and the Need for
Counsel
53
The
organization must be able to demonstrate
that the relevant policy has been made readily
available for review by the employee.
Dissemination (distribution) –
54
- The organization must be
able to demonstrate that it disseminated the
document in an intelligible form, including
versions for illiterate, non-English reading,
and reading-impaired employees.
Review (reading) -
55
The
organization must be able to demonstrate
that the employee understood the
requirements and content of the policy
Comprehension (understanding) -
56
The organization
must be able to demonstrate that the
employee agreed to comply with the policy
through act or affirmation
Compliance (agreement) -
57
The organization must
be able to demonstrate that the policy has
been uniformly enforced, regardless of
employee status or assignment.
Uniform enforcement
58
comprises a wide variety of
laws that govern a nation or state.
Civil law
59
addresses activities and
conduct harmful to society, and is
actively enforced by the state.
Criminal law
60
encompasses family law,
commercial law, and labor law, and
regulates the relationship between
individuals and organizations.
Private law
61
regulates the structure and
administration of government
agencies and their relationships with
citizens, employees, and other
governments.
Public law
62
is the cornerstone of
many computer-related federal laws
and enforcement efforts.
The Computer Fraud and Abuse Act of
1986 (CFA Act)
63
Many organizations are collecting,
swapping, and selling personal information as
a commodity, and many people are looking to
governments for protection of their privacy.
Privacy -
64
- The
Privacy of Customer Information Section of
the common carrier regulation states that any
proprietary information shall be used
explicitly for providing services,
Privacy of Customer Information
65
The Federal Trade
Commission (FTC) describes identity theft as
“occurring when someone uses your
personally identifying information, like your
name without permission.
Identity Theft
66
It is important for IT professionals and
information security practitioners to
realize that when their organizations
do business on the Internet, they do
business globally.
As a result, these professionals must
be sensitive to the laws and ethical
values of many different cultures,
societies, and countries.
INTERNATIONAL LAWS AND LEGAL BODIES
67
It created an international task force
to oversee a range of security
functions associated with Internet
activities for standardized technology
laws across international borders.
Signed by 43 countries in Budapest,
November 2001.
Council of Europe Convention on Cybercrime
68
The Agreement on Trade-Related
Aspects of Intellectual Property Rights
(TRIPS), created by the World Trade
Organization (WTO)
Agreement on Trade-Related Aspects of
Intellectual Property Rights
69
TRIPS establishes minimum standards
for the availability, scope, and use of
seven forms of intellectual property:
copyrights, trademarks, geographical
indications, industrial designs,
patents, layout designs for integrated
circuits, and undisclosed information
70
is the American contribution
to an international effort by the
World Intellectual Properties
Organization (WIPO).
The Digital Millennium Copyright Act
(DMCA)
71
is a federal law that is
designed to protect copyright holders
from online theft—that is, from the
unlawful reproduction or distribution
of their works. The DMCA covers
music, movies, text and anything that
is copyrighted.
The Digital Millennium Copyright Act
(DMCA)
72
Many Professional groups have
explicit rules governing ethical
behavior in the workplace.
For example, doctors and lawyers
who commit egregious violations of
their professions’ canons of conduct
can be removed from practice.
The information technology field in
general, and the information security
field in particular, do not have a
binding code of ethics.
ETHICS AND INFORMATION SECURITY
73
_____ can make it
difficult to determine what is and is
not ethical—especially when it comes
to the use of computers
Cultural differences
74
The topic of software license
infringement, or piracy, is routinely
covered by the popular press.
Among study participants, attitudes
toward piracy were generally similar;
however, participants from the
United States and the Netherlands
showed statistically significant
differences in attitudes from the
overall group.
Software License Infringement
75
The study respondents unilaterally
condemned viruses, hacking, and
other forms of system abuse.
Illicit Use
76
The scenarios used to examine the
levels of tolerance for misuse of
corporate resources each presented a
different degree of noncompany use
of corporate assets without specifying
the company’s policy on personal use
of company resources.
Misuse of Corporate Resources
77
There are three general causes of unethical
and illegal behavior:
Ignorance, Accident, Intent
78
Ignorance of the law is no
excuse
Ignorance
79
Careful planning and
control, helps prevent accidental
modification to systems and data
Accident:
80
Criminal or unethical intent
goes to the state of mind of the
person performing the act
Intent
81
Potential offenders
must fear the penalty. Threats of
informal reprimand may not have the
same impact as the threat of
imprisonment or forfeiture of pay.
Fear of penalty
82
- Potential
offenders must believe there is a
strong possibility of being caught.
Penalties will not deter illegal or
unethical behavior unless there is
reasonable fear of being caught.
Probability of being caught
83
- Potential offenders
must believe that the penalty will in
fact be administered
Probability of penalty being
administered
84
A number of professional
organizations have established codes
of conduct or codes of ethics that
members are expected to follow.
Codes of ethics can have a positive
effect on people’s judgment regarding
computer use
CODE OF ETHICS AND PROFESSIONAL
ORGANIZATION
85
is a nonprofit organization that
focuses on the development and
implementation of information
security certifications and credentials
International Information
Systems Security Certification
Consortium, Inc. (ISC) (www.isc2.org)
86
which was
founded in 1989, is a professional
research and education cooperative
organization with a current
membership of more than 156,000
security professionals, auditors,
system administrators, and network
administrators
System Administration,
Networking, and Security Institute
(SANS) (www.sans.org),
87
is a
nonprofit society of information
security professionals.
The Information Systems Security
Association (ISSA) (www.issa.org)
88
WHEN WAS THE System Administration,
Networking, and Security Institute
(SANS) (www.sans.org) FOUNDED
1989
