Overview of Security Flashcards

1
Q

Information Security

A

Act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, corruption, and destruction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Information Systems Security

A

Act of protecting the systems that hold and process our critical data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Confidentiality - C.I.A.

A

Information has not been disclosed to unauthorized people.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Integrity - C.I.A.

A

Information has not been modified or altered without proper authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Availability - C.I.A.

A

Information is able to be stored, accessed, or protected at all times.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Authentication - AAA of Security

A
When a person's identity is established with proof and confirmed by a system:
Something you know
Something you are
Something you have 
Something you do
Somewhere you are
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Authorization - AAA of Security

A

Occurs when a user is given access to a certain piece of data or certain areas of a building.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Accounting - AAA of Security

A

Tracking of data, computer usage, and network resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Non-Repudiation

A

Assurance that the sender of information is provided with proof of delivery.
When you have proof that someone has taken an action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Security Threats

A

Malware - malicious software.
Unauthorized Access - occurs when access to computer resources and data occurs without the consent of the owner.
System Failure - occurs when a computer crashes or an individual application fails.
Social Engineering - act of manipulating users into revealing confidential information or performing other detrimental actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Mitigating Threats

A

Physical Controls - alarm systems, locks, surveillance cameras, identification cards, and security guards.
Technical Controls - smart cards, encryption, ACLs, IDS, and network authentications.
Administrative Controls - policies, procedures, security awareness training, contingency planning, and disaster recovery plans. User training is the most cost-effective security control to use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Hackers

A

White Hats - non-malicious hackers who attempt to break into a company’s systems at their request.
Black Hats - malicious hackers who break into computer systems and networks without authorization or permission.
Gray Hats - Hackers without any affiliation to a company who attempt to break into a company’s network but risk the law by doing so.
Blue Hats - hackers who attempt to hack into a network with permission of the company but are not employed by the company.
Elite - hackers who find and exploit vulnerabilities before anyone else does. 1 in 10,000 are elite.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Threat Actors

A

Script Kiddies - little to no skill, who only use the tools and exploits written by others.
Hacktivists - hackers who are driven by a cause like social change, political agendas, or terrorism.
Organized Crime - hackers who are part of a crime group that is well-funded and highly sophisticated.
Advanced Persistent Threats - highly trained and funded groups of hackers (often by nation states) with covert and open-source intelligence at their disposal.
APTs > Organized Crime > Hacktivists > Script Kiddies - Skill Level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly