1.1 Security Overview

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

hacker

Any threat agent who uses their technical knowledge to bypass security mechanisms to exploit a vulnerability to access information.

Employees

Can be the most overlooked yet most dangerous threat agent because they have greater access to information assets than anyone on the outside trying to break in.

availability

Copying files to a server that includes malware could threaten data's _________ if the malware deletes or corrupts data.

digital signatures

Non-repudiation is enforced by?

USB devices

What is the greatest threat to the confidentiality of data in most secure organizations?

external

What kind of threats include hackers, fraud perpetrators, and viruses.

exploit

A procedure or product that takes advantage of a vulnerability to carry out a threat, such as when a disgruntled employee waits for the server room door to be left ajar, copies the database to a thumb drive, and then sells it.

Confidentiality

A user copies files from her desktop computer to a USB flash device and puts the device into her pocket. Which security risks is most pressing?

confidentiality

By definition, which security concept ensures that only authorized parties can access data?

encryption

Confidentiality ensures that data is not disclosed to unintended persons. This is provided through _________, which converts the data into a form that makes it less likely to be usable by an unintended recipient.

Script kiddies

Download and run attacks available on the internet, but generally are not technically savvy enough to create their own attacking code or script.

internal

Employees are also known as what kind of threats?

Confidentiality

Ensures that data is not disclosed to unintended persons.

Confidentiality

Ensures that data is not disclosed to unintended persons. This is provided through encryption, which converts the data into a form that makes it less likely to be usable by an unintended recipient.

Integrity

Ensures that data is not modified or tampered with. This is provided through hashing.

Availability

Ensures the uptime of the system so that data is available when needed.

Cyber terrorists

Generally use the Internet to carry out terrorist activities, such as disrupting network-dependent institutions.

Physical security

Includes all hardware and software necessary to secure data, such as firewalls and antivirus software.

hashing

Integrity ensures that data is not modified or tampered with. This is provided through _________.

Non-repudiation

Provides validation of a message's origin. For example, if a user sends a digitally signed email, they cannot claim later that the email was not sent.

confidentiality

Removable media poses a big threat to __________ because it makes it easy to remove data and share data with unauthorized users.

vulnerability

Risk management generally takes the following items into account: A weakness that allows a threat to be carried out, such as a USB port that is enabled on the server hosting the database or a server room door that is frequently left ajar. USB devices pose the greatest threat to the confidentiality of data in most secure organizations.

threat

Risk management generally takes the following items into account: An entity that can cause the loss of an asset or any potential danger to the confidentiality, integrity, or availability of information or systems, such as a data breach that results in a database being stolen.

asset

Risk management generally takes the following items into account: Something that has value to the person or organization, such as sensitive information in a database.

threat agent

Risk management generally takes the following items into account: Sometimes known as an attacker, is an entity that can carry out a threat, such as a disgruntled employee who copies a database to a thumb drive and sells it to a competitor.

Confidentiality

Smart phones with cameras and internet capabilities pose a risk to which security concept?

vulnerability

The absence or weakness of a safeguard that could be exploited, such as a USB port that is enabled on the server hosting the database.

Risk management

The process of identifying security issues and deciding which countermeasures to take in reducing risk to an acceptable level. The main objective is to reduce the risk for an organization to a level that is deemed acceptable by senior management.

Policies

The rules an organization implements to protect information?

confidentiality

Users can take pictures of computer screens or save data to cell phones and make that information available to non-authorized users. Smart phones with cameras and data transfer capabilities pose a risk to?

Cybercriminals

Usually seek to exploit security vulnerabilities for some kind of financial reward or revenge.

File verification

What is Hashing Used for? Say I have a file that I downloaded that I want to verify hasn't been corrupted or infected with a virus. First I would generate the hash of the file I downloaded, then I would compare that hash against the one provided by the site where the file came from. If they match, then the file I received has not been altered. (Most sites do not provide hashes for their file downloads). If the hashes don't match, then it's been altered somehow. It could have been corrupted, infected, or changed some other way. The file may look the same, taste the same, work the same, etc. But if even one teensy tiny bit of data has been changed, the hashes will not match.

confidentiality

When a cryptographic system protects data ________, unauthorized users cannot view the resource.

vulnerability

Which of the following is an example of a vulnerability? A misconfigured server is a?

accidentally

Which of the following is an example of an internal threat? A user _________ deletes the new product designs.

Integrity

Your computer system is a participant in an asymmetric cryptography system. You've created a message to send to another user. Before transmission, you hash the message and encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. In this example, what protection does the hashing activity provide?

internal

_______ Threats are intentional or accidental acts by employees, including: • Malicious acts such as theft, fraud, or sabotage • Intentional or unintentional actions that destroy or alter data • Disclosing sensitive information by snooping or espionage

External

_________ threats are events that originate outside of the organization. They typically focus on compromising the organization's information assets.


Ensembles d'études connexes

OPMA 3306 CH 6 MANUFACTURING PROCESSES

View Set

MKTG 3213 Exam 2- Module 10 and 11

View Set

Physics Chapter 1 Formative Assessments

View Set