Test 2 Flashcards
T O F:
It is impossible for organizations to provide perfect security
True
Define Security
can be defined as the degree of protection against criminal activity, danger, damage, or loss.
Define Information Security
all of the processes and policies designed to protect an organization’s information and information systems (IS) from unauthorized access, use, disclosure, disruption, modification, or destruction
Define a Threat to an information resource
A threat to an information resource is any danger to which a system may be exposed.
Define the Exposure of an information resource
The exposure of an information resource is the harm, loss, or damage that can result if a threat compromises that resource
Define an information resource’s vulunerability
An information resource’s vulnerability is the possibility that a threat will harm that resource.
What are the 5 Key Facts contributing to the increasing vulnerability of organizational information resources
1.Today’s interconnected, interdependent, wirelessly networked business environment
2.Smaller, faster, cheaper computers and storage devices
3.Decreasing skills necessary to be a computer hacker
4.International organized crime taking over cybercrime
5.Lack of management support
What are the 2 major categories of threats in information security?
The 2 major categories of threats are unintentional threats and deliberate threats.
Unintentional threats are acts performed without malicious intent
Define Social Engineerings
An attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information, such as passwords
Types of Social Engineering
Phone Calls- why weren’t u in court?
Physical- hey I’m with IT
Tailgating- following in 320 lol
Soulder Surfing- watch you put password on phone
What are Fishing Attacks?
Phishing Attacks: use deception to acquire sensitive personal information by masquerading as official-looking e-mails, instant messages or te
What are the types of fishing attacks
Spear Phishing Attacks: personalized phishing attacks that target specific individuals or organizations
Whaling Attacks: spear phishing towards high-value individuals to steal sensitive info from companies (usually targeting executives and HR departments)
What are deliberate cyber threats?
Theft of Equipment or Information
What are some examples of deliberate threats
Identity Theft
Compromises to Intellectual Property
Software Attacks
Ransomware
Doxxing
Bots/Denial of Service
What is Malware
MALICIOUS software designed to wreak havoc
Define Ransomware
Blocks access to an individual computer or an organization’s computer system/network
Define Ransomware
Blocks access to an individual computer or an organization’s computer system/network
Define Doxxing
cybercriminals threaten to release the data to the public (private / sensitive customer data).
What is a bot master / bot herder?
Bot Master / Bot Herder- Person Over the Botnet
Bot: Infected Computer
Botnet: A bunch
Alien Software (pestware)
Adware, spyware, Spamware, Keystroke lovers, screen scrapers, stalkerware
What are some examples of alien software
Adware- Ads
Spyware – collects personal information about users without their consent.
Keystroke loggers (keyloggers) = records your keyboard strokes & internet browsing history
Screen scrapers = record a “movie” of screen contents and activities
Stalkerware = powerful surveillance functions which include keylogging, making screenshots, monitoring internet activity, recording location, recording video and
phone calls, and intercepting app (Skype, Facebook, WhatsApp, Snapchat iMessage,etc) communications
What are SCADA attacks
Supervisory control and data acquisition (SCADA) attacks
Important infastructure
Used to monitor or to control chemical, physical, and transport processes – such as those used in oil refineries, water/sewage treatment plants, electrical generators, and power plants.
SCADA systems control equipment (open/close valves, pumps, pressure, flow, voltage, current, etc)
Think Utilities (power/water) or Nuclear Facility cyber attack
What is cyberterrorism
Cyber attacks carried out by individuals or groups
What is cyberwarfare
Cyber attack related to government
What is information security
Information Systems are vulnerable to many potential hazards and threats. The 2 major categories of threats are unintentional threats and deliberate threats.
What is the most common level of attacks
Phishing and spear phishing
How Can Organizations Protect
Against Malware / Ransomware &
Other Threats?
Education
Information Security Controls
Risk Management
What is the most valuable control for protecting against threats
The single most valuable control is user education and training.
Effective and ongoing education makes every member of the organization aware of the vital importance of information security.
What are the major types of information security controls
Physical controls
Access controls
Communication controls
What does Access controls consist of
Prevent unauthorized individuals from using information resources (Passwords, Biometrics)
Multi-factor authentication
What is Encryption
Encryption: process of converting (scrambling) an original message into a form that cannot be read by anyone except the intended receiver
What is Transport Layer Security (TLS):
secures transactions on the internet (credit card purchases/online banking); encrypts and decrypts data between a Web server and browser
What is the goal of risk management
The goal of risk management is to identify, control, and minimize the impact of threats.
Seeks to reduce risk to acceptable levels (impossible to eliminate all risk)
What are the 3 most common Risk Mitigation strategies
Risk Acceptance: accept the potential risk, continue operating with no controls, and absorb any damages that occur
Risk Limitation: limit the risk by implementing controls that minimize the impact of the threat
Risk Transference: transfer the risk by using other means to compensate for the loss (buying insurance, 3rd party vendor)
What is an common example of a wide area network (WAN)
INTERNET is a type of WIDE AREA NETWORK
What is authentication
is that person supposed to be allowed to access the network
What is authorization
they’re supposed to be here but what should they have access to?
What is network protocols
How devices communicate with each other.
For computers & devices to communicate with each other, they have a common set of rules and procedures – known as protocol
Protocols dictate how data is formatted, transferred & received
What are internet addresses
Each computer on the internet has an assigned address, called the IP address (internet protocol address) that distinguishes it from all other computers
Your IP address is assigned to you when you login to a network or your service provider
What is the internet backbone
Primary network connections that link fiber cables connecting the whole world
