CS 150 Ch. 1-3
An item that has value.
Asset
What is a state sponsored attacker?
Attacker commissioned by governments to attack enemies' information systems.
List and describe three of the characteristics of information that must be protected by information security?
Authentication: ensuring that the person someone claims to be is not an imposter Authorization: providing permission or approval to specific technology resources Accounting: tracking of events
The ___________________ reports directly to the chief information officer (CIO), and is responsible for assessing, managing, and implementing security.
Chief Information Security Officer
A premeditated, politically motivated attack against information, computer systems, computer programs, and data, which often results in violence.
Cyberterrorism
Automated attack package that can be used without an advanced knowledge of computers
Exploit kit
The ____ Act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.
Gramm-Leach-Bliley
Attacker who attacks for ideological reasons that are generally not as well defined as a cyberterrorist's motivation
Hactivist
What type of theft involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain?
Identity theft
Describe script kiddies.
Individuals who want to attack computers yet they lack the knowledge of computers and networks needed to do so.
An _______________ is a type of threat that can come from employees, contractors, and business partners, such as a disgruntled worker.
Insiders
Select below the information protection item that ensures that information is correct and that no unauthorized person or malicious software has altered that data.
Integrity
To date, the single most expensive malicious attack occurred in 2000, which cost an estimated $8.7 billion. What was the name of this attack?
Love Bug
What is a hacker?
Outdated term that referred to a person who used advanced computer skills to attack computers.
A situation that involves exposure to danger
Risk
Select below the term that is used to describe individuals who want to attack computers yet lack the knowledge of computers and networks needed to do so:
Script kiddies
A type of action that has the potential to cause harm.
Threat
A person or element that has the power to carry out a threat
Threat agent
The means by which an attack could occur
Threat vector
Security is the goal to be free from danger as well as the process that achieves that freedom.
True
The CompTIA Security+ Certification is aimed at an IT security professional with the recommended background of a minimum of two years experience in IT administration, with a focus on security.
True
A flaw or weakness that allows a threat agent to bypass security
Vulnerability
An example of a(n) ____________________ that information security must deal with is a software defect in an operating system that allows an unauthorized user to gain access to a computer without the user's knowledge or permission.
Vulnerability
____________________ provides tracking of events.
accounting
In information security, what constitutes a loss?
all of the above
Information security is achieved through a combination of what three entities? Provide at least one example of each entity.
confidentiality: credit card number for online purchase must be kept secure from other parties Integrity: preventing an attacker from changing a $10,000.00 purchase to a $1.00 purchase. Availability: not locking information down completely to ensure that an employee can see what the person ordered to be able to ship it to that customer
In what kind of attack can attackers make use of hundreds of thousands of computers under their control in an attack against a single server or network?
distributed