MIS Activity 5
The key attributes of __________ include: have plan in place; centralized reporting; determine cause; specific responses - speed, preparation pays; don't make problem worse; and practice.
a disaster and incident response plan
hardening
__________ is the process of reducing the vulnerabilities of a computer by restricting the functions and actions it is willing to perform.
Human safeguards
__________ relate to the procedures and people components of an information system.
A virus
a computer program that replicates itself.
In the context of information security management, __________ occurs when someone deceives by pretending to be someone else.
pretexting
The three critical organizational security fundamentals
security policy, risk management, and defense in layers.
Risk
simply the chance of loss
cookies
small files that your browser receives when you visit web sites
Cookies
small files that your browser stores on your computer when you visit Web sites
safeguard
some measure that individuals or organizations take to block the threat from obtaining the asset
In this video, Agent Macey explains how a _____ pretends to be a legitimate company and sends email requesting users to update their confidential information such as passwords or account numbers.
spoofer
All of the following are recommended personal security safeguards EXCEPT __________.
enable cookies so you have greater end user freedom
According to the information provided in this video, any business that has an online presence is at risk for all of the following EXCEPT _____.
hiring unqualified employee
SQL injection attack
is when an attacker enters a SQL statement into a form on a Web page in which a client is supposed to enter a name or other data.
__________ is a safety procedure where a trusted party has a copy of the encryption key.
key escrow
Good smartphone security practices
lock the phone, turn off Bluetooth, monitor app access requests, turn on data erase, and turn on automatic updates.
According to the DHS agent portrayed in this video, the Secret Service has responded to network intrusions at businesses throughout the United States that have been impacted by _____ through their point-of-sale systems.
malware
Based on the information provided in this video, which of the following usually happens in a denial-of-service attack?
A hacker floods a Web server with so many requests that it becomes unavailable to its intended users.
computer forensics
After the initial response to the disaster or incident, __________ can help determine the cause of the event.
Trojan horse.
An individual posing as an online gamer accesses information stored in an unsuspecting user's computer by placing a program in his hard disk that appears to be legitimate. The system functions normally with the program performing underlying functions. The malware used by the individual is referred to as a _________
A CAPTCHA
Completely Automated Public Turing Test To Tell Computers and Humans Apart
The recommended personal security safeguards are:
Create strong and multiple passwords. Send no valuable data via email or messaging. Use https to buy from trusted Web sites. Clear browser history, temp files, and cookies. Regularly update antivirus software. Use caution when using public machines or hot spots. Log out after high-value activities. Do not use USB drives. Use your smartphone securely
__________ is the process of reducing the vulnerabilities of a computer by restricting the functions and actions it is willing to perform.
Hardening
Pretexting
In the context of information security management, which of the following occurs when someone deceives by pretending to be someone else?
__________ is the process of preventing unauthorized access to an IS or modification of its data.
Information systems security
Firewall
a part of a computer system or network that is designed to block unauthorized access while permitting outward communication.
A worm,
a software program capable of reproducing itself that can spread from one computer to the next over a network
An Advanced Persistent Threat (APT)
a sophisticated, possibly long-running computer hack that is perpetrated by large, well-funded organizations such as governments.
Ransomware
blocks access to a com
When your security is compromised, the first indication you receive will be
bogus charges on your credit card or messages from friends complaining about the disgusting email they just received from your email account.
data safeguards
data rights and responsibilities, passwords, encryption, backup and recovery, physical security
__________ include: define data policies, specify data rights and responsibilities; access only when authenticated; encrypt data; practice backup and recovery procedures; and ensure physical security
data safeguards
A(n) __________ is where a malicious hacker, or computer criminal, floods a Web server with millions of bogus service requests that so occupy the server that it cannot service legitimate requests.
denial of service (DoS) attack
A(n) __________ is where a malicious hacker, or computer criminal, floods a Web server with millions of bogus service requests that so occupy the server that it cannot service legitimate requests.
denial-of service (DoS) attack
In this video, Special Agent Macey says the single largest threat to the Internet is _____.
denial-of-service attacks
technical safeguards
identification and authorization, encryption, firewalls, malware protection, application design
A virus
is a destructive program that disrupts the normal functioning of computer systems.
A key
is a number used to encrypt data. It is called a key because it locks and unlocks a message.
threat
is a person or organization that seeks to obtain or alter data or other IS assets illegally, without the owners permission and often without the owners knowledge
smart card
is a plastic card similar to a credit card. Unlike credit, debit, and ATM cards, which have a magnetic strip, smart cards have a microchip. The microchip, which holds far more data than a magnetic strip, is loaded with identifying data.
Phishing
is a similar technique for obtaining unauthorized data that uses pretexting via email.
Sniffing
is a technique for intercepting computer communications.
Cross-Site Scripting (XSS)
is a technique used by criminals to infect target machines with malware. In a typical XSS attack, the criminal posts a reply to a discussion board but along with the plaintext reply adds malicious code invisible to the discussion board. Then, when you click on the criminal's reply to participate in the discussion, the criminal's plaintext reply and the malicious invisible code are downloaded to your machine.
Encryption
is the process of transforming clear text into coded, unintelligible text for secure storage or communication.
Hijacking
occurs when a hacker steals an encryption key that client is using to access a secure site and reuses that key to impersonate the legitimate user.
IP spoofing
occurs when an intruder uses another site's IP address to masquerade as that other site
Social engineering
occurs when employees are manipulated into divulging data or bypassing security on behalf of others. These others are typically hackers or criminals, but employees are unaware of that.
pretexting
occurs when someone deceives by pretending to be someone else.
Information systems security
the process of preventing unauthorized access to an IS or modification of its data
A __________ is a person or organization that seeks to obtain or alter data or other assets illegally, without the owner's permission and often without the owner's knowledge.
threat
virtual private network, or VPN
uses software or a dedicated computer to create a private network over the public internet
authentication
verifies the credentials of the individual seeking access to a computer resource