Part 1 Flashcards
Maintaining a strong security posture can take advantage of numerous benefits namely:
Reduction in ______ being paid.
Insurance premiums
Building a Secure Organization
Building a secure organization is important to long- term success:
Maintaining a strong ______can take advantage of numerous benefits
Security posture
Maintaining a strong security posture can take advantage of numerous benefits namely:
Use its security program as a ____
marketing tool
Maintaining a strong security posture can take advantage of numerous benefits
You will not have to spend time and money identifying _____
security breaches
_____can cost an organization sig- nificantly through a tarnished reputation, lost business, and legal fees.
Security breaches
HIPAA
Health Insurance Portability and Accountability Act (HIPAA)
GLBA
Gramm-Leach-Bliley Act (GLBA)
Name three regulations that require businesses to maintain the security of information.
Health Insurance Portability and Accountability Act (HIPAA)
Gramm-Leach-Bliley Act (GLBA)
Sarbanes-Oxley Act,
OBSTACLES TO SECURITY
In attempting to build a secure organization, we should take a close look at the obstacles that make it challenging to build a totally secure organization.
Security Is _____
Inconvenient
Security, by its very nature, is inconvenient, and the more _______, the more inconvenient the process becomes.
robust the security mechanisms
Employees in an organization have a job to do; _________
they want to get to work right away
Most security mechanisms, from passwords to multifactor authentication, are seen as ____
roadblocks to productivity
Examples:
# whole disk encryption to laptop # second login step # lost productivity
To gain a full appreciation of the frustration caused by security measures security lines at any ____
airport
Security implementations are based on a _____;
Sliding scale
Security implementations are based on a sliding scale; one end of the scale is ____ , the other is _______.
total security and total inconvenience
And
total insecurity and complete ease of use
When we implement any security mechanism, it should be placed on the scale where the _______ match the ________ for the organization.
level of security and ease of use
acceptable level of risk
Computers Are Powerful and Complex
Most people are unfamiliar with the _____ and what goes on “behind the scenes.”
way computers truly function
Things such as the Windows Registry, ports, and services are completely unknown to most users and poorly understood by many computer industry professionals.
For example, many indi- viduals still believe that a Windows login password pro- tects data on a computer. On the contrary—
someone can simply take the hard drive out of the computer, install it as a slave drive in another computer, or place it in a USB drive enclosure, and all the data will be readily accessible.
Computers Are ____
Computer Users Are ____
Powerful and Complex
Unsophisticated
Computer Users Are Unsophisticated
Many computer users believe that because they are skilled at generating spreadsheets, word processing documents, and presentations, they “know everything about comput- ers.” These “_____” have moved beyond application basics, but many still do not understand even basic security concepts.
power users
Many users will indiscriminately ____ and visit _______despite the fact that these actions could violate company policies.
install software and questionable Web sites
The “bad guys”— people who want to steal information from or wreak havoc on computers systems—have also identified that the aver- age user is a ____.
weak link in the security chain
As companies began investing more money in perimeter defenses, attackers look to _____
the path of least resistance.
They send malware as attachments to email, ____
asking recipients to open the attachment.
Despite being told not to open attachments from unknown senders or simply not to open attachments at all, _____. The “I Love You Virus” spread very rapidly in this manner.
employees consistently violate this policy, wreaking havoc on their networks
Computers Created ____
Without a Thought to Security
Computers Created Without a Thought to Security
During the development of personal computers (PCs), _________ They were developed almost as curiosities.
no thought was put into security.
Even as they became more advanced and complex, all effort was focused on developing greater sophistication and capabilities; _____
no one thought they would have security issues.
_____ was not an issue back then
Security
The develop-ment of computers was focused on _____
what they could do, not how they could be attacked.
As computers began to be interconnected, the driving force was ____
providing the ability to share information, cer- tainly not to protect it.
Current Trend Is to Share, ____
Not Protect
Even now, despite the stories of compromised data, people still want to share their data with everyone. And _____ are making this easier to do than simply attaching a file to an email.
Web-based applications
_____ sites pro- vide the ability to share files
Social networking
These sites can allow proprietary data to leave an organization by ____.
bypassing security mechanisms
