Part 1 Flashcards
Maintaining a strong security posture can take advantage of numerous benefits namely:
Reduction in ______ being paid.
Insurance premiums
Building a Secure Organization
Building a secure organization is important to long- term success:
Maintaining a strong ______can take advantage of numerous benefits
Security posture
Maintaining a strong security posture can take advantage of numerous benefits namely:
Use its security program as a ____
marketing tool
Maintaining a strong security posture can take advantage of numerous benefits
You will not have to spend time and money identifying _____
security breaches
_____can cost an organization sig- nificantly through a tarnished reputation, lost business, and legal fees.
Security breaches
HIPAA
Health Insurance Portability and Accountability Act (HIPAA)
GLBA
Gramm-Leach-Bliley Act (GLBA)
Name three regulations that require businesses to maintain the security of information.
Health Insurance Portability and Accountability Act (HIPAA)
Gramm-Leach-Bliley Act (GLBA)
Sarbanes-Oxley Act,
OBSTACLES TO SECURITY
In attempting to build a secure organization, we should take a close look at the obstacles that make it challenging to build a totally secure organization.
Security Is _____
Inconvenient
Security, by its very nature, is inconvenient, and the more _______, the more inconvenient the process becomes.
robust the security mechanisms
Employees in an organization have a job to do; _________
they want to get to work right away
Most security mechanisms, from passwords to multifactor authentication, are seen as ____
roadblocks to productivity
Examples:
# whole disk encryption to laptop # second login step # lost productivity
To gain a full appreciation of the frustration caused by security measures security lines at any ____
airport
Security implementations are based on a _____;
Sliding scale
Security implementations are based on a sliding scale; one end of the scale is ____ , the other is _______.
total security and total inconvenience
And
total insecurity and complete ease of use
When we implement any security mechanism, it should be placed on the scale where the _______ match the ________ for the organization.
level of security and ease of use
acceptable level of risk
Computers Are Powerful and Complex
Most people are unfamiliar with the _____ and what goes on “behind the scenes.”
way computers truly function
Things such as the Windows Registry, ports, and services are completely unknown to most users and poorly understood by many computer industry professionals.
For example, many indi- viduals still believe that a Windows login password pro- tects data on a computer. On the contrary—
someone can simply take the hard drive out of the computer, install it as a slave drive in another computer, or place it in a USB drive enclosure, and all the data will be readily accessible.
Computers Are ____
Computer Users Are ____
Powerful and Complex
Unsophisticated
Computer Users Are Unsophisticated
Many computer users believe that because they are skilled at generating spreadsheets, word processing documents, and presentations, they “know everything about comput- ers.” These “_____” have moved beyond application basics, but many still do not understand even basic security concepts.
power users
Many users will indiscriminately ____ and visit _______despite the fact that these actions could violate company policies.
install software and questionable Web sites
The “bad guys”— people who want to steal information from or wreak havoc on computers systems—have also identified that the aver- age user is a ____.
weak link in the security chain
As companies began investing more money in perimeter defenses, attackers look to _____
the path of least resistance.
They send malware as attachments to email, ____
asking recipients to open the attachment.