ITSAC - Module 2 Flashcards
4 FUNCTIONS OF INFO SECURITY IN ORG
- Protecting the ability to function
- Enabling safe operation
- Protecting data
- Safeguarding technology assets
- object, person, or either entity that represents a consant danger to an asset
threat
includes acts done without malicious content
caused by inexperience, improper training, and incorrect assumptions
other circumtances - Employees are the greatest threats — closest to org’s data
acts of human error or failure
- broad category
- unauthorized accessing of info
- competitive advantage vs espionage
- shoulder surfing can occur any place a person is accessing confidential info
- Controls implemented to mark the boundaries of an organization’s virtual territory giving notice to trespassers that they are encroaching on the organization’s cyberspace
- Hackers uses skill, guile, or fraud to steal the property of someone else
espionage/trespass
Espionage vs. Tresspass
Espionage - getting other’s recipe (illegal)
Tresspass - buying other’s product and determining what ingredients are needed (legal)
- an attacker or formerly trusted insider stealing information from a computer system and demands compensation for its return or non-use
- extortion found in credit card number theft
Information Extortion
- indiv or group wo want to sabotage/destroy the operation
- petty vandalism to organized sabotage
- orgs rely on image so web defacing can lead to droppiung consumer
- higher threat of hactivist or cyberactivist operations
- most extreme of cyber-terrorism
sabotage or vandalism
illegal taking another’s property — physical, electronic, intellectual
Deliberate acts of Theft
Physical, electronic & intellectual theft
-
Physical Theft: Stealing tangible objects (e.g., money, jewelry, or cars).
locked doors/alarm system -
Electronic Theft: Unauthorized access or hacking to steal digital assets (e.g., credit card info, passwords).
more complex problem, org may not know it has occured - Intellectual Theft: Stealing ideas, inventions, or creative works (e.g., plagiarism, patent infringement).
- these are unexpected and can occuer with very little warning
- can disrupt not only lives of indiv, but also the storage, transmission and use of info
- management —- prepare contigency plans and limit damage
Forces of Nature
- occur when a manifacturer distributes to user’s equipment containing flaws
- can cause the system to perform outside of expected parameters (unreliable, lack of available)
*
Technical Hardware Failures or Errors
Terminal vs Intermittent Error
A terminal error is a critical issue that stops a system or process completely. unrecoverable loss of equipment
An intermittent error occurs occasionally and does not permanently disrupt the system. faults not easily repeated
attack system, creates malware
Software Attacks
- harmful software designed to damage, disrupt, or steal data from computers or networks.
malicious code/software - designed to damage, destroy, or denyservice to the target systems
malware
spread with user interaction (needs host)
virus
spread automatically (no host)
worms
disguised as legitimate software
trojan
hides deep within PC
rootkit
monitors your activity
spyware
multiple malware in one attack
blended threat
controls your PC form a distance
remote access
maliciously feeds you ads
adware
hunts software vulnerabilities (not expert but can steal info using this)
exploit kit
tool to exploit info
* is a type of malicious software that blocks access to a computer system or encrypts data until a sum of money is paid
ransomware
