Chapter 4

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

What are 3 types of software attacks?

- Remote attacks requiring user action - Remote attacks requiring no user action - Attacks by a programmer developing a system

Risk analysis

1. Assessing the value of each asset being protected 2. Estimating the probability that each asset will be compromised 3. Comparing the probable costs of the asset's being compromised with the costs of protecting that asset

Risk Mitigation Strategies

1. Risk acceptance • Accept the potential risk 2. Risk limitation • Limit risk by control 3. Risk transferring • Transferring risk, e.g., insurance

Risk _______________ means absorbing any damages that occur.

Acceptance

Which of the following is NOT one of the most dangerous employees to information security?

Accountants

Information Security

All of the processes and policies designed to protect an organization's information and information systems (IS) from unauthorized access, use, disclosure, disruption, modification, or destruction.

Social Engineering

An attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords

Unintentional Threat

An unintentional threat represents a serious threat to information security but appear without malicious intent. Many of the unintentional threats are results of human error.

Threat

Any danger to which a system may be exposed

Authentication and Authorization

Authentication confirms the identity of the person requiring access while authorization determines which actions, rights, or privileges the person has, based on his or her verified identity. Authentication is always performed first.

A ___________ is an attack by a programmer developing a system.

Back Door

Which of the following is NOT an example of alien software?

Blockware

If you have an empty building you can move into if your primary location is destroyed, you've implemented a _________ site.

Cold

A firewall is a _______ control.

Communication

Risk Mitigation

Concrete actions against risks: - implementing controls to prevent identified threats from occurring - developing a means of recovery if the threat becomes a

A ___________ is a remote attack needing no user action.

Denial-of-service attack

__________ is an identity theft technique.

Dumpster diving

Weak passwords are a(n) ___________ threat.

Employee

_________ is one common example of SSL.

HTTPS

The airport's self check-in computers are a(n) __________ threat.

Hardware

A smart ID card is something the user _______.

Has

Biometrics is something the user _______.

IS

Risk Management

Identifies, controls, and minimizes the impact of threats. In other words, risk management seeks to reduce risk to acceptable levels

___________ is threatening to steal or actually stealing information from a company and then demanding payment to not use or release that information.

Information extortion

If you hire a cybersecurity company like FireEye to identify security weaknesses in your information systems, you are using a risk _________ strategy.

Limitation

Which of the following is FALSE?

Mainframes make it easy to communicate freely and seamlessly with everyone.

The Heartbleed bug is an encryption security flaw in the ___________ software package that was an _____________ mistake by the software developer.

OpenSSL; unintended

A ___________ is a remote attack requiring user action.

Phishing Attack

_______________ is a process whereby the organization takes concrete actions against risks, such as implementing controls and developing a disaster recovery plan.

Risk Mitigation

You start browsing your favorite home improvement company's website and notice someone has changed all the logos to their main competitor's logos. This is an example of ___________.

Sabotage

_____________________ is an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords.

Social Engineering

Phishing is an example of __________.

Software Attack

Exposure

The harm, loss, or damage that can result if a threat compromises that resource.

Vulnerability

The possibility that the system will be harmed by a threat

Risk

The probability that a threat will impact an information resource.

_________ is any danger to which a system may be exposed.

Threat

Coca-Cola's formula is an example of a ___________.

Trade Secret

You have a small business that has had problems with malware on your employees' computers. You decide to hire a third-party company such as GFI Software to implement security controls and then monitor your company's systems. You are adopting a risk ________ strategy.

Transference

The goal of risk management is to reduce risk to acceptable levels.

True

Wireless is a(n) inherently _________ network.

Untrusted

Which of the following is NOT an unintentional threat to information systems?

Viruses

_________ is the possibility that the system will be harmed by a threat.

Vulnerability

Cybercriminals _________

target known software security weaknesses.


Kaugnay na mga set ng pag-aaral

Ch 13 - Spinal Cord & Spinal Nerves (ultimate study)

View Set

Theories of Counseling - Gestalt

View Set

Primary and Secondary sex characteristics, Psychology Chapter 10

View Set