Lecture 2 - Flashcards

1
Q

Protects the organization’s ability to ?

Four important functions for an organization

The need for security

A

function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Enables the safe operation of applications implemented on the organization’s ?

Four important functions for an organization

The need for security

A

IT systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Protects the ? the organization collects and uses

Four important functions for an organization

The need for security

A

data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Safeguards the ? in use at the organization

Four important functions for an organization

The need for security

A

technology assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

?

is responsible

Protecting the ability to function

The need for security

A

Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Information security is a ?, ??

Protecting the ability to function

The need for security

A
  • a management issue
  • a people issue
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

?

must argue for information security in terms of impact and cost

Protecting the ability to function

The need for security

A

Communities of interest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

?

must argue for information security in terms of impact and cost

Protecting the ability to function

The need for security

A

Communities of interest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

?

must create integrated, efficient, and capable applications

Enabling safe operation

The need for security

A

Organizations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Organization need environments that ? applications

Enabling safe operation

The need for security

A

safeguard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

?

must not abdicate to the IT department its responsibility to make choices and enforce decisions

Enabling safe operation

The need for security

A

Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

One of the most valuable assets is ?

Protecting data

The need for security

A

data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Without ?, an organization loses its record of transactions and/or its ability to deliver value to its customers

Protecting data

The need for security

A

data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An effective ? is essential to the protection of the integrity and value of the organization’s data

Protecting data

The need for security

A

information security program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Organizations must have secure ? based on the size and scope of the enterprise

Safeguarding technology assets

The need for security

A

infrastructure services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Additional ? may have to be provided

Safeguarding technology assets

The need for security

A

security services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

More ? may be needed to replace security programs the organization has outgrown

Safeguarding technology assets

The need for security

A

robust solutions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Management must be informed of the various kinds of ? facing the organization

Threats to Information Security

A

threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A ? is an object, person, or other entity that represents a constant danger to an asset

Threats to Information Security

A

threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

By examining each ? in turn, management effectively protects its
information through policy, education and training, and technology controls

Threats to Information Security

A

threat category

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

12 Threats to Information security

Threats to Information Security

A
  1. Acts of human error or failure
  2. Compromises to intellectual property
  3. Deliberate acts of espionage or trespass
  4. Deliberate acts of information extrotion
  5. Deliberate acts of sabotage or vandalism
  6. Deliberate acts of theft
  7. Deliberate software attacks
  8. Forces of nature
  9. Deviations in quaity of service from service providers
  10. Technical hardware failures or errors
  11. Technical sortware failures or errors
  12. Technological obsolescence
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

?

Includes acts done without malicious intent

Threats to Information Security

A

Acts of human error or failure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

?, ??, ???, ????

(4) Caused by:

Acts of human error or failure

Threats to Information Security

A
  • Inexperience
  • Improper training
  • Incorrect assumptions
  • Other circumstances
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

?

are greatest threats to information security –They are closest to the organizational data

Acts of human error or failure

Threats to Information Security

A

Employees

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
# ?, ??, ???, ????, ????? (5) Employee mistakes can easily lead to the following: | Acts of human error or failure ## Footnote **Threats to Information Security**
* Revelation of classified data * Entry of erroneous data * Accidental deletion or modification of data * Storage of data in unprotected areas * Failure to protect information
26
Many of these threats can be prevented with **?** | Acts of human error or failure ## Footnote **Threats to Information Security**
controls
27
Situations of **?** not delivered as expected | Deviations in quality of service by service providers ## Footnote **Threats to Information Security**
product or services
28
**?** depends on many inter-dependent support systems | Deviations in quality of service by service providers ## Footnote **Threats to Information Security**
Information system
29
# ?, ??, ??? (3) Three sets of service issues that dramatically affect the availability of information and systems are | Deviations in quality of service by service providers ## Footnote **Threats to Information Security**
* Internet service * Communications * Power irregularities
30
Loss of **?** can lead to considerable loss in the availability of informtion | Internet service issues ## Footnote **Threats to Information Security**
Internet service
31
# ?, ?? (2) When an organization outsources its web servers, the outsourcer assumes responsiblity for | Internet service issues ## Footnote **Threats to Information Security**
* All internet services * The **hardware and operating system software** used to operate the web site
32
(6) Other utility services have potential impact. Among these are | Communication and other services ## Footnote **Threats to Information Security**
* telephone * water & wastewater * trash pickup * cable television * natural or propane gas * custodial services
33
The threat of **?** can lead to inability to function properly | Communication and other services ## Footnote **Threats to Information Security**
loss of services
34
# ? can increase, decrease, or cease | Power irregularities ## Footnote **Threats to Information Security**
Voltage levels
35
# ?, ??, ???, ????, ?????, ?????? (6) Voltage levels can increase, decrease, or cease: | Power irregularities ## Footnote **Threats to Information Security**
* spike * surge * sag * brownout * fault * blackout
36
# ? momentary increase | Power irregularities: Voltage levels ## Footnote **Threats to Information Security**
spike
37
# ? prolonged increase | Power irregularities: Voltage levels ## Footnote **Threats to Information Security**
surge
38
# ? momentary low voltage | Power irregularities: Voltage levels ## Footnote **Threats to Information Security**
sag
39
# ? prolonged drop | Power irregularities: Voltage levels ## Footnote **Threats to Information Security**
brownout
40
# ? momentary loss of power | Power irregularities: Voltage levels ## Footnote **Threats to Information Security**
fault
41
# ? prolonged loss | Power irregularities: Voltage levels ## Footnote **Threats to Information Security**
blackout
42
# ? is **susceptible to flucatuations**, controls, can be applied to manage power quality | Power irregularities: Voltage levels ## Footnote **Threats to Information Security**
Electronic equipment
43
# ? (3) Broad category of activities that breach confidentiality | Espionage/Trespass ## Footnote **Threats to Information Security**
* Unauthorized accessing of information * Competitive intelligence vs. espionage * Shoulder surfing can occur any place a person is accessing confidential information
44
**?** accessing of information | Espionage/Trespass: Category of activities that breach confidentiality ## Footnote **Threats to Information Security**
Unauthorized
45
Competitive intelligence vs. **?** | Espionage/Trespass: Category of activities that breach confidentiality ## Footnote **Threats to Information Security**
Espionage
46
# ? can occur any place a person is accessing confidential information | Espionage/Trespass: Category of activities that breach confidentiality ## Footnote **Threats to Information Security**
Shoulder surfing
47
# ? implemented to mark the boundaries of an organization’s virtual territory giving notice to trespassers that they are encroaching on the organization’s cyberspace | Espionage/Trespass: Category of activities that breach confidentiality ## Footnote **Threats to Information Security**
Controls
48
# ? uses skill, guile, or fraud to steal the property of someone else | Espionage/Trespass: Category of activities that breach confidentiality ## Footnote **Threats to Information Security**
Hackers
49
# ?, ?? (2) Generally two skill levels among hackers | Espionage/Trespass ## Footnote **Threats to Information Security**
* Expert hacker * Script kiddies
50
# ? develops software scripts and codes exploits | Espionage/Trespass ## Footnote **Threats to Information Security**
Expert hacker
51
# ? usually a master of many skills | Espionage/Trespass ## Footnote **Threats to Information Security**
Expert hacker
52
# ? will often create attack software and share with others | Espionage/Trespass ## Footnote **Threats to Information Security**
Expert hacker
53
# ? hackers of limited skill | Espionage/Trespass ## Footnote **Threats to Information Security**
Script kiddies
54
# ? use expert-written software to exploit a system | Espionage/Trespass ## Footnote **Threats to Information Security**
Script kiddies
55
# ? do not usually fully understand the systems they hack | Espionage/Trespass ## Footnote **Threats to Information Security**
Script kiddies
56
# ?, ?? (2) Other terms for system rule breakers | Espionage/Trespass ## Footnote **Threats to Information Security**
* Cracker * Phreaker
57
# ? an individual who "cracks" or removes protection designed to prevent unauthorized duplication | Espionage/Trespass ## Footnote **Threats to Information Security**
Cracker
58
# ? hacks the public telephone network | Espionage/Trespass ## Footnote **Threats to Information Security**
Phreaker
59
# ? is an **attacker or formerly trusted insider stealing information from a computer system** and demanding compensation for its return or non-use ## Footnote **Threats to Information Security**
Information extortion
60
# ? found in credit card number theft | Information extortion ## Footnote **Threats to Information Security**
Extortion
61
Individual or group who want to deliberately **?** the operations of a computer system or business, or perform acts of **??** to either destroy an asset or damage the image of the organization ## Footnote **Threats to Information Security**
* sabotage * vandalism
62
These threats can range from **?** to **??** | Sabotage and Vandalism ## Footnote **Threats to Information Security**
* petty vandalism * organized sabotage
63
Organizations rely on image so **?** can lead to dropping consumer confidence and sales | Sabotage and Vandalism ## Footnote **Threats to Information Security**
Web defacing
64
Rising threat of hacktivist or cyber-activist operations – the most extreme version is **?** | Sabotage and Vandalism ## Footnote **Threats to Information Security**
cyber-terrorism
65
**?** of another's property - physical, electronic, or intellectual | Deliberate acts of theft ## Footnote **Threats to Information Security**
Illegal taking
66
The value of information suffers when it is **?** and taken away without the owner’s knowledge | Deliberate acts of theft ## Footnote **Threats to Information Security**
copied
67
# ? can be controlled - a wide variety of measures used from **locked doors to guards or alarm systems** | Deliberate acts of theft ## Footnote **Threats to Information Security**
Physical theft
68
# ? is a **more complex problem** to manage and control - **organizations may not even know it has occurred** | Deliberate acts of theft ## Footnote **Threats to Information Security**
Electronic theft
69
When an individual or group designs software to attack systems, they create malicious code/software called **?** | Deliberate software attacks ## Footnote **Threats to Information Security**
Malware
70
# ? Designed to damage, destroy, or deny service to the target systems | Deliberate software attacks ## Footnote **Threats to Information Security**
Malware
71
# ? (9) (Malicious code/software) Includes | Deliberate software attacks ## Footnote **Threats to Information Security**
* Macro virus * Boot virus * Worms * Trojan horses * Logic bombs * Back door or trap door * Denial-of-service attacks * Polymorphic * Hoaxes
72
# ? is a computer program that attaches itself to an executable file or application | Deliberate software attacks ## Footnote **Threats to Information Security**
Virus
73
(Viruse) It can replicate itself, usually through an executable program attached to an **?** | Deliberate software attacks ## Footnote **Threats to Information Security**
e-mail
74
The keyword is **“?”**. A virus can not stand on its own | Deliberate software attacks ## Footnote **Threats to Information Security**
attaches
75
You must prevent viruses from being installed on **?** in your organizations | Deliberate software attacks ## Footnote **Threats to Information Security**
computers
76
There is no **?** of preventing them from attaching themselves to your computer | Deliberate software attacks ## Footnote **Threats to Information Security**
foolproof method
77
# ? **compares virus signature files** against the programming code of know viruses | Deliberate software attacks ## Footnote **Threats to Information Security**
Antivirus software
78
Regularly **?** virus signature files is crucial | Deliberate software attacks ## Footnote **Threats to Information Security**
update
79
A **?** is a computer program that replicates and propagates itself without having to attach itself to a host | Deliberate software attacks ## Footnote **Threats to Information Security**
worm
80
Most infamous worms are **?** and **??** | Deliberate software attacks ## Footnote **Threats to Information Security**
* Code Red * Nimda
81
Cost businesses millions of dollars in damage as a result of **?** | Deliberate software attacks ## Footnote **Threats to Information Security**
lost productivity
82
**?** and the time spent recovering lost data, reinstalling programming's, operating systems, and hiring or contracting IT personnel | Deliberate software attacks ## Footnote **Threats to Information Security**
Computer downtime
83
# ? **disguise themselves as useful computer programs** or applications and can install a backdoor or rootkit on a computer | Deliberate software attacks ## Footnote **Threats to Information Security**
Trojan Programs
84
# ? are computer programs that **give attackers a means of regaining access to the attacked computer later** | Deliberate software attacks ## Footnote **Threats to Information Security**
Backdoors or rootkits
85
Trojan programs that use common ports, such as **?**, or **??**, are more difficult to detect | Deliberate software attacks: Challenges ## Footnote **Threats to Information Security**
* TCP 80 * UPD 53
86
Many **?** can recognize port-scanning program or information leaving a questionable port | Deliberate software attacks: Challenges ## Footnote **Threats to Information Security**
software firewalls
87
Many Trojan programs use **?** to conduct their exploits | Deliberate software attacks: Challenges ## Footnote **Threats to Information Security**
standard ports
88
# ? A **??** sends info from the infected computer to the person who initiated the spyware program on your computer | Deliberate software attacks ## Footnote **Threats to Information Security**
* Spyware * Spyware program
89
# ? **??** can register each keystroke entered | Deliberate software attacks ## Footnote **Threats to Information Security**
* Spyware * Spyware program
90
# ? Main purpose is to determine a user’s purchasing habits so that Web browsers can display advertisements tailored to that user | Deliberate software attacks ## Footnote **Threats to Information Security**
Adware
91
# ? Slow down the computer it’s running on | Deliberate software attacks ## Footnote **Threats to Information Security**
Adware
92
# ?, ?? (2) Both programs can be installed without the user being aware of their presence | Deliberate software attacks ## Footnote **Threats to Information Security**
* Spyware * Adware
93
# ?, ?? (2) Both programs can be installed without the user being aware of their presence | Deliberate software attacks ## Footnote **Threats to Information Security**
* Spyware * Adware
94
# ? Many U.S. government organizations make **security awareness programs mandatory**, and many private-sector companies are following their example | Protecting against deliberate software attacks ## Footnote **Threats to Information Security**
Educating Your Users
95
# ? Email **monthly security updates** to all employees | Protecting against deliberate software attacks ## Footnote **Threats to Information Security**
Educating Your Users
96
# ? Update virus signature files as soon as possible | Protecting against deliberate software attacks ## Footnote **Threats to Information Security**
Educating Your Users
97
# ? Protect a network by implementing a firewall | Protecting against deliberate software attacks ## Footnote **Threats to Information Security**
Educating Your Users
98
# ? Your approach to users or potential customers should be **promoting awareness rather than instilling fear**. | Protecting against deliberate software attacks ## Footnote **Threats to Information Security**
Avoiding Fear Tactics
99
# ? When training users, be sure to **build on the knowledge they already have** | Protecting against deliberate software attacks ## Footnote **Threats to Information Security**
Avoiding Fear Tactics