Unit 9 Flashcards
This is the protection of computer systems and information from harm, theft, and unauthorized use.
Computer Security
This is the act of protecting yourself and others from attacks that are carried out primarily with computers.
Cybersecurity
This is the practice of securing a computer network from intruders, whether targeted attackers or opportunistic malware.
Network Security
This focuses on keeping software and devices free of threats.
Application security
This protects the integrity and privacy of data, both in storage and in transit.
Information security
This includes the processes and decisions for handling and protecting data assets.
Operational Security
This define how an organization responds to a cybersecurity incident.
Disaster recovery and business continuity
These policies dictate how the organization restores its operations and information to return to the same operating capacity as before the event.
Disaster recovery policies
This is the plan for when the organization falls back on while trying to operate without certain resources.
Business continuity
This addresses the most unpredictable cyber-security factor: people.
End-user education
What are the main principles of information security?
Confidentiality
Integrity
Availability
This means that data should only be able to be seen by the people in the organization that need to see it in order to do their jobs.
Confidentiality
This is protecting information from being modified by unauthorized parties. It involves maintaining the accuracy, consistency and trustworthiness of data by implementing security measures.
Integrity
This is protecting information from being modified by unauthorized parties.
Availability
This is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
Firewall
This is a person who breaks into a computer system.
Hacker
This is anything that can compromise the confidentiality, integrity, or availability of an information system.
Threat
This is any weakness in the information technology (IT) infrastructure that hackers can exploit to gain unauthorized access to data.
Vulnerability
This refers to malicious software
Malware
This is the practice of sending fake emails or messages that appear to come from a trustworthy source
Phishing
This is a type of malware that encrypts a victim’s files and demands a ransom payment in exchange for the decryption key.
Ransomware
These are attacks that overload a website or online service with traffic, making it inaccessible to users.
Distributed Denial of Service (DDoS) attacks
These are threats by current or former employees, business partners, contractors, or anyone who has had access to any systems or networks in the past can be considered an insider threat if they abuse their access permissions.
Insider threats
This is an eavesdropping attack, where a hacker/intruder intercepts and relays messages between two parties in order to steal data.
Man-in-the-middle attack
Here, an intruder or group of intruders sneak into a system and remain undetected for an extended period.
Advanced persistent threats (APTs)
This involves manipulating people into divulging confidential information that compromise security.
Social Engineering
This is designed to trick users into revealing sensitive information as they appear to be legitimate sources
Phishing
This is a method used to record the keystrokes made by a user on a computer or mobile device.
Key Logging
This is also known as packet sniffing or network sniffing. This is the practice of intercepting and analyzing data packets transmitted over a wireless network.
Wireless Sniffing
This is a straightforward method to crack passwords by trying every possible combination until the correct one is found.
Brute Force Guessing
This is a a type of password cracking by trying all the words in a predefined list known as a “dictionary”
Dictionary Attacks
This is also known as challenge questions or Knowledge-based authentication that verifies a user’s identity by asking questions to recover the user’s password.
Security questions
This is the act of secretly listening to private conversations.
Eavesdropping
This is a deceptive practice where which an attacker falsifies information or identity to impersonate someone or something else.
Spoofing
These are files or documents sent with the intent to compromise the security of the recipient’s computer, steal information, or deliver malware.
malicious Email Attachments
This is designed to replicate itself and infect other computer programs, files, or systems.
Virus
This can self-replicate and spread independently, typically without user interaction.
Worms
This disguises itself as a legitimate or benign program to deceive users into executing it. These rely on social engineering and user interaction to spread.
Trojan Horses
These are software applications or scripts designed to perform automated tasks. Used for both legitimate and malicious activities.
Bots
This is short for advertising-supported software
Adware
This is a type of malware that collects information about the user’s activities without their consent.
Spyware
This is a type of malware that encrypts a victim’s files or entire system, rendering them inaccessible.
Ransomware
This is a type of malware that provides unauthorized access and control over a computer system or network.
Backdoor
This is short for robot network, is a collection of internet-connected devices or computers that are compromised by malicious software enrolled by a single entity.
Botnet
This is a subset of cybersecurity that specifically focuses on protecting the confidentiality, integrity, and availability of sensitive information and data. It involves the application of policies and procedures to ensure that data remains secure.
Information Security