Cyber security

¡Supera tus tareas y exámenes ahora con Quizwiz!

Mitigate

To lessen an impact, for example, the impact of a cyber security incident or a risk.

Signature based

A digital signature is code that is attached to an electronically transmitted document to verify its contents and the sender's identity.

Hacking

A method of gaining unauthorised access to a computer system/network.

Penetration testing

A software tool that tests a computer system/network to find vulnerabilities that could be exploited by an attacker.

Attacker

Individuals or organisations that target computer systems/networks illegally.

Integrity

Integrity of data aims to protect data from unauthorised modification.

Encryption

A method that is used to attempt to ensure data security by use of encrypted (secret) code. In order to read the contents of an encrypted message or file, someone must have access to a secret key or password that will enable them to decrypt the message or file.

Fuzzing

A method that is used to test the security of software.

Botnet

A network of computers infected with malicious software and controlled without the owners' knowledge, for example, to send spam or hoax emails.

Disaster recovery plan

A plan that documents a set of procedures for an organisation to follow in order to recover and protect a computer system and its data in the event of a cyber security incident.

Business continuity plan

A plan to continue operations that an organisation will follow if it is affected by a cyber security incident

Audit trail

A record of activities on a computer system/network, for example, a record of modifications to data or access to parts of a system/network.

Cyber security incident report

A report that documents the details of a cyber security incident, such as the type of incident, when it occurred, how it was performed, etc.

Account lockout

A software security method performed by operating system software that locks any account when a user fails a login attempt more than a set number of times. For example, system software can be set up to lock an account for several hours if the user fails the login three consecutive times in a set time frame.

Risk

A threat to a computer system/network can result in a risk, for example, if a hacker gains access to a person's computer, there is a risk that data will be stolen.

Biometric access

Access to a computer system/network using technologies that measure and analyse human body characteristics for authentication purposes, such as DNA, fingerprints, retinas, voice patterns, facial patterns and hand measurements.

Patch management

Acquiring, testing and installing code changes or patches to software on a computer system/network.

Threat

An action that when performed on a computer system/network can cause destruction or disruption, for example, a hack or malware.

Denial of service

An attempt to disrupt a network/business/organisation by issuing more requests than a system is able to cope with, it can be performed with malicious intent or as a protest.

Phisher

An individual that attempts to acquire personal information, often for malicious reasons, such as fraud, by pretending to be a known and trusted individual or organisation.

Scammer

An individual who attempts to gain, for example, money from another person by fraudulent means enabled by the use of computers and the Internet.

Ethical hacking

An individual who attempts to penetrate a computer system/network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit. He or she is also known as a white hat hacker. He or she can also work alone.

Cyber criminal

An individual who commits illegal activities using computers and the Internet.

Vulnerability broker

An individual who exploits a vulnerability or weakness in a computer system/network for gain, for example, a hacker.

Hacker

An individual who gains unauthorised access to a computer system/network.

Hacktivist

An individual who gains unauthorised access to computer system/network for social or political purposes.

Script kiddie

An individual who uses existing computer scripts or codes to hack into computer systems. They do not have the expertise to write their own code.

Insider

An individual working inside an organisation, a trusted employee, who performs an illegal action, such as hacking.

Cyber security incident

An unwanted/unexpected event, such as an intrusion into a computer system/network, such as the spread of malware.

Availability

Data/information stored on a computer system/network must be available to authorised users and organisations and be protected from unauthorised deletion.

Honeypot

Decoy servers or computer systems that are set up to gather information on intruders or attackers of computer systems/networks.

Non repudiation

Ensures that an individual cannot deny the authenticity of their signature on a document or the sending of a message that they sent.

Escalation of privileges

Exploiting a weakness or weaknesses in an operating system or software application, such as a bug, design flaw or configuration oversight and gaining elevated access to resources that are normally protected.

Unauthorised access

Gaining access into a computer system/network illegally.

Social engineering

Hackers use this non-technical method to access computer systems/networks without authorisation. It involves fooling people into breaking normal security procedures, such as guarding their passwords and relies on manipulating the good nature of individuals.

Cyber dependant

Illegal activities dependent on the use of computers and the Internet, such as hacking or the distribution of malware on a network.

Cyber enabled

Illegal activities that could be undertaken without the use of computers, such as fraud but that are enabled by the use of computers, such as fraudulently obtaining money for goods online.

Confidentiality

Information stored on a computer system/network must be protected against unintended or unauthorised access. Data confidentiality is a measure of the ability of a system to protect its data.

Vulnerability

Is a weakness in a computer system/network that can be exploited by a threat, for example, out of date anti-malware software can result in the threat of a malware attack. If a computer system/network's vulnerabilities can be found and dealt with, this will help to minimize threats and risks.

Virus

Malicious software which is capable of copying itself and corrupting computer systems/networks or destroying data.

Spyware

Malware software that is designed to obtain covert information about someone else's computer activities by transmitting data covertly, from their hard drive, for example key logging software.

Access management

Managing the access to a computer system/network. It includes procedures such as account administration, account maintenance, account monitoring and the revocation of an account.

Cyber security

Refers to technologies, processes and practices designed to protect computers, networks, software and data from attack, damage or unauthorised access and aims to protect data confidentiality, integrity and availability.

Anti-malware

Software designed to prevent, detect and eradicate malicious software, such as a virus or a worm

Intrusion prevention system

Software that examines network traffic flows to detect and prevent vulnerability exploits.

Malware

Software that is designed to cause disruption or damage to data and/a computer system/network.

Anomaly based

Software that is designed to detect computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous.

Firewall

Software that is designed to protect a computer system/network from unauthorised access and intrusion.

Intrusion detection system

Software that monitors network or system activities for unexpected or malicious activities.

Host firewall

Software that runs on a single host computer that restricts incoming and outgoing network activity for that host computer only. It can be used to prevent a host computer from becoming infected and stop infected host computers from spreading malware to other hosts computers.

Asset

Something that is of value to a person, an organisation or a state, e.g. data, finance and secrets that should be secured against cyber security incidents.

Phishing

The act of attempting to acquire personal information, often for malicious reasons, such as fraud, by pretending to be a known and trusted individual or organisation.

Risk analysis

This involves analysing a computer system or a set of procedures and assessing whether a system is at risk from a cyber incident due to weaknesses or vulnerabilities in software, hardware or procedures.

Sandboxing

This is a security method for separating running programs on a computer system/network. It is often used to run untested code, or untrusted programs from unknown sources such as suppliers, untrusted users and untrusted websites.

Risk management

This refers to ensuring that risks are monitored carefully and mitigated against or eliminated from a computer system/network.

Hoax email

Usually an email message warning recipients of a non-existent threat, usually forging quotes supposedly from authorities such as Microsoft and IBM.


Conjuntos de estudio relacionados

Chapter 12: Inventory Management

View Set

Chapter 7 - Small Business Strategies - Imitation with a Twist

View Set

The Nose, Paranasal Sinuses, and Maxillary Nerve

View Set

Art/Architecture in Other Areas of Asia

View Set

44.1 Advertising, Marketing, and Sales

View Set

Construction Communication Test 3

View Set