ITM Chapter 8 Flashcards

2
Q

Security

A

The policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Controls

A

Methods, policies, and organizational procedures that ensure the safety of the organization’s assets; the accuracy and reliability of its records; and operational adherence to management standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

War Driving

A

Technique in which eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Malware

A

Malicious software programs such as computer viruses, worms, and Trojan horses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Computer Virus

A

Rogue software program that attaches itself to other software programs of data files in order to be executed, often causing hardware and software malfunctions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Worms

A

Independent software programs that propagate themselves to disrupt the operation of computer networks or destroy data and other programs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Trojan Horse

A

A software program that appears legitimate but contains a second hidden function that may cause damage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SQL injection attack

A

The largest malware threat that takes advantage of vulnerabilities in poorly coded Web application software to introduce malicious program code into a company’s systems and networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Spyware

A

Technology that aids in gathering information about a person or organization without their knowledge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Keyloggers

A

Spyware that records every keystroke made on a computer to steal personal information or passwords or to launch Internet attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Hacker

A

A person who gain unauthorized access to a computer network for profit, criminal mischief, or personal reasons.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Cybervandalism

A

Intentional disruption, defacement, or destruction of a Web site or corporate information system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Spoofing

A

Attempts by hackers to hide their true identities by using fake e-mail address or masquerading as someone else; might involve redirection a Web line to an address different from the intended one, with the site masquerading as the intended destination.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Sniffer

A

Type of eavesdropping program that monitors information traveling over a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Denial-of-service (DoS) Attack

A

Flooring a network server of Web server with false communications or requests for services in order to crash the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Distributed Denial-of-service (DDoS) Attack

A

Numerous computers inundating and overwhelming a network from numerous launch points.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Botnet

A

A group of computers that have been infected with bot malware without users’ knowledge, enabling a hacker to use the amassed resources of the computers to launch distributed denial of service attacks, phishing campaigns, or spam.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Computer Crime

A

The commission of illegal acts through the use of a computer or against a computer system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Identity Theft

A

Theft of key pieces on personal information, such as credit card or social insurance numbers, in order to obtain merchandise and services in the name of the victim or to obtain false credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Phishing

A

Form of spoofing involving setting up fake Web sites of sending e-mail messages that resemble those of legitimate businesses that ask users for confidential personal data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Evil Twins

A

Wireless networks that pretend to be legitimate to entice participants to log on and reveal passwords or credit card numbers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Pharming

A

Phishing technique that redirects users to a bogus Web page, even when an individual enters the correct Web page address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Click Fraud

A

Fraudulently clicking on an online as in pay-per-click advertising to generate an improper charge per click.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Social Engineering

A

Tricking people into revealing their passwords by pretending to be legitimate users or members of a company in need of information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Bugs

A

Software program code defects.

27
Q

Patches

A

Small pieces of software to repair the software flaws without disturbing the proper operation of the software.

28
Q

Personal Information Protection and Electronic Documents Act (PIPEDA)

A

Act of Parliament that governs the protection of personal information and electronic privacy and the use of electronic documents.

29
Q

Canadian SOX (C-SOX)

A

Act passed by Parliament that imposes responsibility on companies and their managements to safeguard the accuracy and integrity of financial information that is uses internally and released externally.

30
Q

Computer Forensics

A

The scientific collection, examination, authentication, preservation, and analysis of data held on or retrieved from computer storage media in such a way that the information can be used as evidence in a court of law.

31
Q

General Controls

A

Overall control environment governing that design, security, and use of computer programs and the security of data files in general throughout the organization’s information technology infrastructure.

32
Q

Application Controls

A

Specific controls unique to each computerized application that ensure that only authorized data are completely and accurately processed by that application.

33
Q

Risk Assessment

A

Determining the potential frequency of the occurrence of a problem and the potential damage id the problem were to occur.

34
Q

Security Policy

A

Statements ranking information risks, identifying acceptable security goals, and identifying the mechanisms for achieving these goals.

35
Q

Acceptable Use Policy (AUP)

A

Defines acceptable uses of the firm’s information resources and computing equipment, including desktop and laptop computers, wireless devices, telephones, and the Internet, and specifies consequences for noncompliance.

36
Q

Identity Management

A

Businesses processes and software tools for identifying the valid users of a system and controlling their access to system resources.

37
Q

Disaster Recovery Planning

A

Planning for the restoration os computing and communications services after they have been disrupted.

38
Q

Business Continuity Planning

A

Planning that focuses on how the company can restore business operations after a disaster strikes.

39
Q

MIS Audit

A

Identifies all the controls that govern individual information systems and assesses their effectiveness.

40
Q

Authentication

A

The ability for each party in a transaction to ascertain the identity of the other party.

41
Q

Password

A

A group of characters that are used to log on to a computer system and may also be used to access specific systems and files.

42
Q

Token

A

Physical device similar to an identification card that is designed to prove the identity of a single user.

43
Q

Smart Card

A

A credit-card-sized plastic card that stores digital information and that can by used for electronic payments in place of cash.

44
Q

Biometric Authentication

A

Technology for authentication system users that compares a person’s unique characteristics such as fingerprints, face, or retinal image, against a stored set profile of these characteristics.

45
Q

Firewall

A

Hardware and software placed between and organization’s internal network and an external network to prevent outsiders from invading private networks.

46
Q

Intrusion Detection Systems

A

Tools to monitor the most vulnerable points in a network to detect and deter unauthorized intruders.

47
Q

Antivirus Software

A

Software designed to detect and often eliminate computer viruses from an information system.

48
Q

Unified Threat Management (UTM)

A

Comprehensive security management tool that combines multiple security tools, including firewalls, virtual private networks, intrusion detection systems, and Web content filtering and antispam software.

49
Q

Encryption

A

The coding and scrambling of messages to prevent them being read or accesses without authorization.

50
Q

Secure Sockets Layer (SSL)

A

Enables client and server computers to manage encryption and decryption activities as the communicate with each other during a secure Web session.

51
Q

Secure Hypertext Transfer Protocol (S-HTTP)

A

Protocol used for encrypting data flowing over the Internet; limited to individual messages.

52
Q

Public Key Encryption

A

Secure encryption method that uses two keys: one shared (or public) and one private.

53
Q

Digital Certificates

A

An attachment to an electronic message to verify the identity of the sender and to provide the receiver with the means to encode a reply.

54
Q

Public Key Infrastructure (PKI)

A

System for creating public, and private keys using a certificate authority (CA) and digital certificates for authentication.

55
Q

Online Transaction Processing

A

Transaction processing made in with transactions entered online are immediately processed by the computer.

56
Q

Fault-tolerant Computer Systems

A

Systems that contain extra hardware, software, and power supply components that can back a system up and keep it running to prevent system failure.

57
Q

High-availability Computing

A

Tools and technologies, including backup hardware resources, to enable a system to recover quickly from a crash.

58
Q

Downtime

A

Period of time in which and information system is not operational.

59
Q

Recovery-oriented Computing

A

Computer systems designed to recover rapidly when mishaps occur.

60
Q

Deep Packet Inspection (DPI)

A

Technology for managing network traffic by examining data packets, sorting out low-priority data from higher priority business-critical data, and sending packets in order of priority.

61
Q

Managed Security Service Providers (MSSPs)

A

Companies that provide security management services for subscribing clients.