Lecture 2 - Flashcards by J D

Protects the organization’s ability to ?

Four important functions for an organization

The need for security

function

How well did you know this?

Not at all

Perfectly

Enables the safe operation of applications implemented on the organization’s ?

Four important functions for an organization

The need for security

IT systems

How well did you know this?

Not at all

Perfectly

Protects the ? the organization collects and uses

Four important functions for an organization

The need for security

data

How well did you know this?

Not at all

Perfectly

Safeguards the ? in use at the organization

Four important functions for an organization

The need for security

technology assets

How well did you know this?

Not at all

Perfectly

is responsible

Protecting the ability to function

The need for security

Management

How well did you know this?

Not at all

Perfectly

Information security is a ?, ??

Protecting the ability to function

The need for security

a management issue
a people issue

How well did you know this?

Not at all

Perfectly

must argue for information security in terms of impact and cost

Protecting the ability to function

The need for security

Communities of interest

How well did you know this?

Not at all

Perfectly

must argue for information security in terms of impact and cost

Protecting the ability to function

The need for security

Communities of interest

How well did you know this?

Not at all

Perfectly

must create integrated, efficient, and capable applications

Enabling safe operation

The need for security

Organizations

How well did you know this?

Not at all

Perfectly

Organization need environments that ? applications

Enabling safe operation

The need for security

safeguard

How well did you know this?

Not at all

Perfectly

must not abdicate to the IT department its responsibility to make choices and enforce decisions

Enabling safe operation

The need for security

Management

How well did you know this?

Not at all

Perfectly

One of the most valuable assets is ?

Protecting data

The need for security

data

How well did you know this?

Not at all

Perfectly

Without ?, an organization loses its record of transactions and/or its ability to deliver value to its customers

Protecting data

The need for security

data

How well did you know this?

Not at all

Perfectly

An effective ? is essential to the protection of the integrity and value of the organization’s data

Protecting data

The need for security

information security program

How well did you know this?

Not at all

Perfectly

Organizations must have secure ? based on the size and scope of the enterprise

Safeguarding technology assets

The need for security

infrastructure services

How well did you know this?

Not at all

Perfectly

Additional ? may have to be provided

Safeguarding technology assets

The need for security

security services

How well did you know this?

Not at all

Perfectly

More ? may be needed to replace security programs the organization has outgrown

Safeguarding technology assets

The need for security

robust solutions

How well did you know this?

Not at all

Perfectly

Management must be informed of the various kinds of ? facing the organization

Threats to Information Security

threats

How well did you know this?

Not at all

Perfectly

A ? is an object, person, or other entity that represents a constant danger to an asset

Threats to Information Security

threat

How well did you know this?

Not at all

Perfectly

By examining each ? in turn, management effectively protects its
information through policy, education and training, and technology controls

Threats to Information Security

threat category

How well did you know this?

Not at all

Perfectly

12 Threats to Information security

Threats to Information Security

Acts of human error or failure
Compromises to intellectual property
Deliberate acts of espionage or trespass
Deliberate acts of information extrotion
Deliberate acts of sabotage or vandalism
Deliberate acts of theft
Deliberate software attacks
Forces of nature
Deviations in quaity of service from service providers
Technical hardware failures or errors
Technical sortware failures or errors
Technological obsolescence

How well did you know this?

Not at all

Perfectly

Includes acts done without malicious intent

Threats to Information Security

Acts of human error or failure

How well did you know this?

Not at all

Perfectly

?, ??, ???, ????

(4) Caused by:

Acts of human error or failure

Threats to Information Security

Inexperience
Improper training
Incorrect assumptions
Other circumstances

How well did you know this?

Not at all

Perfectly

are greatest threats to information security –They are closest to the organizational data

Acts of human error or failure

Threats to Information Security

Employees

How well did you know this?

Not at all

Perfectly

# ?, ??, ???, ????, ????? (5) Employee mistakes can easily lead to the following: | Acts of human error or failure ## Footnote **Threats to Information Security**

* Revelation of classified data * Entry of erroneous data * Accidental deletion or modification of data * Storage of data in unprotected areas * Failure to protect information

Many of these threats can be prevented with **?** | Acts of human error or failure ## Footnote **Threats to Information Security**

controls

Situations of **?** not delivered as expected | Deviations in quality of service by service providers ## Footnote **Threats to Information Security**

product or services

**?** depends on many inter-dependent support systems | Deviations in quality of service by service providers ## Footnote **Threats to Information Security**

Information system

# ?, ??, ??? (3) Three sets of service issues that dramatically affect the availability of information and systems are | Deviations in quality of service by service providers ## Footnote **Threats to Information Security**

* Internet service * Communications * Power irregularities

Loss of **?** can lead to considerable loss in the availability of informtion | Internet service issues ## Footnote **Threats to Information Security**

Internet service

# ?, ?? (2) When an organization outsources its web servers, the outsourcer assumes responsiblity for | Internet service issues ## Footnote **Threats to Information Security**

* All internet services * The **hardware and operating system software** used to operate the web site

(6) Other utility services have potential impact. Among these are | Communication and other services ## Footnote **Threats to Information Security**

* telephone * water & wastewater * trash pickup * cable television * natural or propane gas * custodial services

The threat of **?** can lead to inability to function properly | Communication and other services ## Footnote **Threats to Information Security**

loss of services

# ? can increase, decrease, or cease | Power irregularities ## Footnote **Threats to Information Security**

Voltage levels

# ?, ??, ???, ????, ?????, ?????? (6) Voltage levels can increase, decrease, or cease: | Power irregularities ## Footnote **Threats to Information Security**

* spike * surge * sag * brownout * fault * blackout

# ? momentary increase | Power irregularities: Voltage levels ## Footnote **Threats to Information Security**

spike

# ? prolonged increase | Power irregularities: Voltage levels ## Footnote **Threats to Information Security**

surge

# ? momentary low voltage | Power irregularities: Voltage levels ## Footnote **Threats to Information Security**

sag

# ? prolonged drop | Power irregularities: Voltage levels ## Footnote **Threats to Information Security**

brownout

# ? momentary loss of power | Power irregularities: Voltage levels ## Footnote **Threats to Information Security**

fault

# ? prolonged loss | Power irregularities: Voltage levels ## Footnote **Threats to Information Security**

blackout

# ? is **susceptible to flucatuations**, controls, can be applied to manage power quality | Power irregularities: Voltage levels ## Footnote **Threats to Information Security**

Electronic equipment

# ? (3) Broad category of activities that breach confidentiality | Espionage/Trespass ## Footnote **Threats to Information Security**

* Unauthorized accessing of information * Competitive intelligence vs. espionage * Shoulder surfing can occur any place a person is accessing confidential information

**?** accessing of information | Espionage/Trespass: Category of activities that breach confidentiality ## Footnote **Threats to Information Security**

Unauthorized

Competitive intelligence vs. **?** | Espionage/Trespass: Category of activities that breach confidentiality ## Footnote **Threats to Information Security**

Espionage

# ? can occur any place a person is accessing confidential information | Espionage/Trespass: Category of activities that breach confidentiality ## Footnote **Threats to Information Security**

Shoulder surfing

# ? implemented to mark the boundaries of an organization’s virtual territory giving notice to trespassers that they are encroaching on the organization’s cyberspace | Espionage/Trespass: Category of activities that breach confidentiality ## Footnote **Threats to Information Security**

Controls

# ? uses skill, guile, or fraud to steal the property of someone else | Espionage/Trespass: Category of activities that breach confidentiality ## Footnote **Threats to Information Security**

Hackers

# ?, ?? (2) Generally two skill levels among hackers | Espionage/Trespass ## Footnote **Threats to Information Security**

* Expert hacker * Script kiddies

# ? develops software scripts and codes exploits | Espionage/Trespass ## Footnote **Threats to Information Security**

Expert hacker

# ? usually a master of many skills | Espionage/Trespass ## Footnote **Threats to Information Security**

Expert hacker

# ? will often create attack software and share with others | Espionage/Trespass ## Footnote **Threats to Information Security**

Expert hacker

# ? hackers of limited skill | Espionage/Trespass ## Footnote **Threats to Information Security**

Script kiddies

# ? use expert-written software to exploit a system | Espionage/Trespass ## Footnote **Threats to Information Security**

Script kiddies

# ? do not usually fully understand the systems they hack | Espionage/Trespass ## Footnote **Threats to Information Security**

Script kiddies

# ?, ?? (2) Other terms for system rule breakers | Espionage/Trespass ## Footnote **Threats to Information Security**

* Cracker * Phreaker

# ? an individual who "cracks" or removes protection designed to prevent unauthorized duplication | Espionage/Trespass ## Footnote **Threats to Information Security**

Cracker

# ? hacks the public telephone network | Espionage/Trespass ## Footnote **Threats to Information Security**

Phreaker

# ? is an **attacker or formerly trusted insider stealing information from a computer system** and demanding compensation for its return or non-use ## Footnote **Threats to Information Security**

Information extortion

# ? found in credit card number theft | Information extortion ## Footnote **Threats to Information Security**

Extortion

Individual or group who want to deliberately **?** the operations of a computer system or business, or perform acts of **??** to either destroy an asset or damage the image of the organization ## Footnote **Threats to Information Security**

* sabotage * vandalism

These threats can range from **?** to **??** | Sabotage and Vandalism ## Footnote **Threats to Information Security**

* petty vandalism * organized sabotage

Organizations rely on image so **?** can lead to dropping consumer confidence and sales | Sabotage and Vandalism ## Footnote **Threats to Information Security**

Web defacing

Rising threat of hacktivist or cyber-activist operations – the most extreme version is **?** | Sabotage and Vandalism ## Footnote **Threats to Information Security**

cyber-terrorism

**?** of another's property - physical, electronic, or intellectual | Deliberate acts of theft ## Footnote **Threats to Information Security**

Illegal taking

The value of information suffers when it is **?** and taken away without the owner’s knowledge | Deliberate acts of theft ## Footnote **Threats to Information Security**

copied

# ? can be controlled - a wide variety of measures used from **locked doors to guards or alarm systems** | Deliberate acts of theft ## Footnote **Threats to Information Security**

Physical theft

# ? is a **more complex problem** to manage and control - **organizations may not even know it has occurred** | Deliberate acts of theft ## Footnote **Threats to Information Security**

Electronic theft

When an individual or group designs software to attack systems, they create malicious code/software called **?** | Deliberate software attacks ## Footnote **Threats to Information Security**

Malware

# ? Designed to damage, destroy, or deny service to the target systems | Deliberate software attacks ## Footnote **Threats to Information Security**

Malware

# ? (9) (Malicious code/software) Includes | Deliberate software attacks ## Footnote **Threats to Information Security**

* Macro virus * Boot virus * Worms * Trojan horses * Logic bombs * Back door or trap door * Denial-of-service attacks * Polymorphic * Hoaxes

# ? is a computer program that attaches itself to an executable file or application | Deliberate software attacks ## Footnote **Threats to Information Security**

Virus

(Viruse) It can replicate itself, usually through an executable program attached to an **?** | Deliberate software attacks ## Footnote **Threats to Information Security**

e-mail

The keyword is **“?”**. A virus can not stand on its own | Deliberate software attacks ## Footnote **Threats to Information Security**

attaches

You must prevent viruses from being installed on **?** in your organizations | Deliberate software attacks ## Footnote **Threats to Information Security**

computers

There is no **?** of preventing them from attaching themselves to your computer | Deliberate software attacks ## Footnote **Threats to Information Security**

foolproof method

# ? **compares virus signature files** against the programming code of know viruses | Deliberate software attacks ## Footnote **Threats to Information Security**

Antivirus software

Regularly **?** virus signature files is crucial | Deliberate software attacks ## Footnote **Threats to Information Security**

update

A **?** is a computer program that replicates and propagates itself without having to attach itself to a host | Deliberate software attacks ## Footnote **Threats to Information Security**

worm

Most infamous worms are **?** and **??** | Deliberate software attacks ## Footnote **Threats to Information Security**

* Code Red * Nimda

Cost businesses millions of dollars in damage as a result of **?** | Deliberate software attacks ## Footnote **Threats to Information Security**

lost productivity

**?** and the time spent recovering lost data, reinstalling programming's, operating systems, and hiring or contracting IT personnel | Deliberate software attacks ## Footnote **Threats to Information Security**

Computer downtime

# ? **disguise themselves as useful computer programs** or applications and can install a backdoor or rootkit on a computer | Deliberate software attacks ## Footnote **Threats to Information Security**

Trojan Programs

# ? are computer programs that **give attackers a means of regaining access to the attacked computer later** | Deliberate software attacks ## Footnote **Threats to Information Security**

Backdoors or rootkits

Trojan programs that use common ports, such as **?**, or **??**, are more difficult to detect | Deliberate software attacks: Challenges ## Footnote **Threats to Information Security**

* TCP 80 * UPD 53

Many **?** can recognize port-scanning program or information leaving a questionable port | Deliberate software attacks: Challenges ## Footnote **Threats to Information Security**

software firewalls

Many Trojan programs use **?** to conduct their exploits | Deliberate software attacks: Challenges ## Footnote **Threats to Information Security**

standard ports

# ? A **??** sends info from the infected computer to the person who initiated the spyware program on your computer | Deliberate software attacks ## Footnote **Threats to Information Security**

* Spyware * Spyware program

# ? **??** can register each keystroke entered | Deliberate software attacks ## Footnote **Threats to Information Security**

* Spyware * Spyware program

# ? Main purpose is to determine a user’s purchasing habits so that Web browsers can display advertisements tailored to that user | Deliberate software attacks ## Footnote **Threats to Information Security**

Adware

# ? Slow down the computer it’s running on | Deliberate software attacks ## Footnote **Threats to Information Security**

Adware

# ?, ?? (2) Both programs can be installed without the user being aware of their presence | Deliberate software attacks ## Footnote **Threats to Information Security**

* Spyware * Adware

# ?, ?? (2) Both programs can be installed without the user being aware of their presence | Deliberate software attacks ## Footnote **Threats to Information Security**

* Spyware * Adware

# ? Many U.S. government organizations make **security awareness programs mandatory**, and many private-sector companies are following their example | Protecting against deliberate software attacks ## Footnote **Threats to Information Security**

Educating Your Users

# ? Email **monthly security updates** to all employees | Protecting against deliberate software attacks ## Footnote **Threats to Information Security**

Educating Your Users

# ? Update virus signature files as soon as possible | Protecting against deliberate software attacks ## Footnote **Threats to Information Security**

Educating Your Users

# ? Protect a network by implementing a firewall | Protecting against deliberate software attacks ## Footnote **Threats to Information Security**

Educating Your Users

# ? Your approach to users or potential customers should be **promoting awareness rather than instilling fear**. | Protecting against deliberate software attacks ## Footnote **Threats to Information Security**

Avoiding Fear Tactics

# ? When training users, be sure to **build on the knowledge they already have** | Protecting against deliberate software attacks ## Footnote **Threats to Information Security**

Avoiding Fear Tactics