shan Flashcards

bobo

1
Q

“The quality or state of being secure—to be free
from danger”

A

Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Types of security

A

Physical security
– Personal security
– Operations security
– Communications security
– Network security
– Information security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Critical Characteristics of Information

A

Availability
– Accuracy
– Authenticity
– Confidentiality
– Integrity
– Utility
– Possession

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Components of an Information System

A

Software
– Hardware
– Data
– People
– Procedures
– Network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SDLC

A

Systems Development Life Cycle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

methodology for design and implementation of
information system within an organization

A

Systems Development Life Cycle (SDLC):

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

: formal approach to problem solving
based on structured sequence of procedures

A

Methodology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SLDC 6 general phrases

A

investigation
analysis
logical design
physical design
implementation
maintenance and change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Preliminary cost-benefit analysis is developed

A

Investigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

determine what new system is expected
to do and how it will interact with existing systems

A

Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Data support and structures capable of providing
the needed inputs are identified

Creates and develops blueprints for information
security

A

Logical Design

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  • Technologies to support the alternatives identified
    and evaluated in the logical design are selected
  • Components evaluated on make-or-buy decision
A

Physical Design

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  • Needed software created
  • Components ordered, received, and tested
  • Users trained and documentation create
A

Implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  • Longest and most expensive phase
  • Consists of tasks necessary to support and modify
    system for remainder of its useful life
A

Maintenance and Change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Information Security Project Team

A
  • A number of individuals who are experienced in
    one or more facets of required technical and
    nontechnical areas:
    – Champion
    – Team leader
    – Security policy developers
    – Risk assessment specialists
    – Security professionals
    – Systems administrators
    – End user
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

: responsible for the security and use of
a particular set of information

A

Data owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

: responsible for storage,
maintenance, and protection of information

A

Data custodian

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

: end users who work with information to
perform their daily jobs supporting the mission of
the organization

A

Data users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

: an object, person, or other entity that
represents a constant danger to an asset

A

Threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

“ownership of ideas and
control over the tangible or virtual representation of
those ideas

A

Intellectual property (IP):

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Malware attacks

A

Viruses
– Worms
– Trojan horses
– Logic bombs
– Back door or trap door
– Polymorphic threats
– Virus and worm hoaxes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

– Develops software scripts and program exploits
– Usually a master of many skills
– Will often create attack software and share with
others

A

Expert hacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

– Many more unskilled hackers than expert hackers
– Use expertly written software to exploit a system
– Do not usually fully understand the systems they
hack

A

Unskilled hacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

: “cracks” or removes software protection
designed to prevent unauthorized duplication

A

Cracker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

: hacks the public telephone network

A

Phreaker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

: much more sinister form of hacking

A

Cyberterrorism

27
Q
  • Illegal taking of another’s physical, electronic, or
    intellectual property
A

Theft

28
Q

– Acts or actions that exploits vulnerability (i.e., an
identified weakness) in controlled system

A

Attacks

29
Q

: includes execution of viruses,
worms, Trojan horses, and active Web scripts with
intent to destroy or steal information

A

– Malicious code

30
Q

– : transmission of a virus hoax with a real
virus attached; more devious form of attack

A

Hoaxes

31
Q
  • Types of attacks
A

Back door
Password crack
Brute force:
Dictionary:
Denial-of-service (DoS):
Distributed denial-of-service (DDoS)
Spoofing:
Man-in-the-middle:
Spam
Mail bombing:
Sniffers
Phishing:
Pharming:
Social engineering:

32
Q

– : gaining access to system or network
using known or previously unknown/newly
discovered access mechanis

A

Back door

33
Q

–: attempting to reverse calculate a
password

A

Password crack

34
Q

: trying every possible combination of
options of a password

A

Brute force

35
Q

: selects specific accounts to attack and
uses commonly used passwords (i.e., the dictionary)
to guide guesses

A

Dictionary

36
Q

attacker sends large
number of connection or information requests to a
target
* Target system cannot handle successfully along with
other, legitimate service requests
* May result in system crash or inability to perform
ordinary functions

A

– Denial-of-service (DoS):

37
Q

: coordinated
stream of requests is launched against target from
many locations simultaneously

A

Distributed denial-of-service (DDoS)

38
Q

: technique used to gain unauthorized
access; intruder assumes a trusted IP address

A

Spoofing

39
Q

: attacker monitors network
packets, modifies them, and inserts them back into
network

A

Man-in-the-middle

40
Q

: unsolicited commercial e-mail; more a
nuisance than an attack, though is emerging as a
vector for some attacks

A

– Spam

41
Q

: also a DoS; attacker routes large
quantities of e-mail to target

A

Mail bombing

42
Q

: program or device that monitors data
traveling over network; can be used both for
legitimate purposes and for stealing information from
a network

A

Sniffers

43
Q

– : an attempt to gain personal/financial
information from individual, usually by posing as
legitimate entity

A

Phishing

44
Q

: redirection of legitimate Web traffic (e.g.,
browser requests) to illegitimate site for the purpose
of obtaining private information

A

Pharming

45
Q

using social skills to convince
people to reveal access credentials or other valuable
information to attacker

A

– Social engineering:

46
Q

: rules that mandate or prohibit certain
societal behavior

A

Laws

47
Q

: define socially acceptable behavior

A

Ethics

48
Q

: fixed moral attitudes or customs of
a particular group; ethics based on these

A

Cultural mores

49
Q

: legal obligation of an entity extending
beyond criminal or contract law; includes legal
obligation to make restitution

A

Liability

50
Q

: to compensate for wrongs committed
by an organization or its employees

A

Restitution

51
Q

: insuring that employees know what
constitutes acceptable behavior and know the
consequences of illegal or unethical actions

A

Due care

52
Q

: making a valid effort to protect
others; continually maintaining level of effort

A

Due diligence

53
Q

: court’s right to hear a case if the wrong
was committed in its territory or involved its
citizenry

A

Jurisdiction

54
Q

: right of any court to impose
its authority over an individual or organization if it
can establish jurisdiction

A

Long arm jurisdiction

55
Q

: body of expectations that describe
acceptable and unacceptable employee behaviors
in the workplace

A

Policies

56
Q

Criteria for policy enforcement:

A

– Dissemination (distribution)
– Review (reading)
– Comprehension (understanding)
– Compliance (agreement)
– Uniform enforcement

57
Q

Types of Law

A

Civil:
* Criminal
* Private:
* Public:

58
Q

governs nation or state; manages
relationships/conflicts between organizational
entities and people

A

Civil:

59
Q

: addresses violations harmful to society;
actively enforced by the state

A

Criminal

60
Q

: regulates relationships between individuals
and organizations

A

Private

61
Q

: regulates structure/administration of
government agencies and relationships with
citizens, employees, and other governments

A

Public

62
Q
  • One of the hottest topics in information security
  • Is a “state of being free from unsanctioned
    intrusion”
  • Ability to aggregate data from multiple sources
    allows creation of information databases previously
    impossible
A

Privacy

63
Q

– Federal Trade Commission: “occurring when
someone uses your personally identifying
information, like your name, Social Security number,
or credit card number, without your permission, to
commit fraud or other crimes”

A

Identity Theft