Chapter 2 - Secure Information Systems

Employee:Actually, I just bought a new tablet recently that I really like. Will I be able to use that tablet for work? You:Yes, we have a______so you can use your tablet to access company computing resources and applications.

A BYOD (bring your own device) policy permits, and in some cases encourages, employees to use their own mobile devices (smartphones, tablets, or laptops) to access company computing resources and applications.

A distributed denial-of-service (DDoS)

A distributed denial-of-service (DDoS) attack is one in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks. it keeps the target so busy responding to a stream of automated requests that legitimate users cannot get in—the Internet equivalent of dialing a telephone number repeatedly so that all other callers hear a busy signal.

Patch

A general software security update intended to cover vulnerabilities that have been discovered

Worm

A harmful program that resides in the active memory of the computer and duplicates itself. Differ from viruses in that they can propagate without human intervention, often sending copies of themselves to other computers by email

Incident Notification

A key element of any response plan is to define who to notify and who not to notify in the event of a computer security incident.

Firewall

A part of a computer system or network that is designed to block unauthorized access while permitting outward communication

Virus

A piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner

Trojan Horse

A seemingly harmless program in which malicious code is hidden. A victim is usually tricked into opening it because it appears to be useful software from a legitimate source

Rootkit

A set of programs that enables its user to gain administrator-level access to a computer without the end user's consent or knowledge. Once installed, the attacker can gain full control of the system and even obscure its presence from legitimate system administrators

Smishing

A variation of phishing that involves the use of texting

Zero-Day Attack

An attack that takes place before the security community becomes aware of and fixes a security vulnerability

Hacktivist

An individual who hacks computers or Web sites in order to promote a political ideology

Careless Employee

An insider (employee, business partner, contractor, consultant) who does not follow the organization's security polices and enables a cyberattack to occur

Malicious Employee

An insider who deliberately attempts to gain access to and/or disrupt a company's information systems and business operations

Zombie Computer

Based on a command by the attacker or at a preset time, the botnet computers (called zombies) go into action, each sending a simple request for access to the target site again and again—dozens of times per second.

eradication

Before the IT security group begins the eradication effort, it must collect and log all possible criminal evidence from the system and then verify that all necessary backups are current, complete, and free of any malware.

a lesser uses her laptop to sign onto her company's database server from open Wi-fi connection at a local coffee shop

Careless insider

computer forensics

Computer forensics is a discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a manner that preserves the integrity of the data gathered so that it is admissible as evidence in a court of law.

Erica is late to work because the computer virus shut down the city's bus system

Cyberterrorist

derek uses his old accounts credentials to sign into his former employees network to get information on his old clients

Malicious employee

CEO:This report might give us a good picture of where we are right now, but what about in the future? How can we track ongoing concerns to make sure gaps in our security coverage don't open up later?You:It's good to do a risk assessment every year. In the meantime, we can use a_______ to help track key performance indicators tied to our security strategies.

Many organizations employ a security dashboard to help track the key performance indicators of their security strategy.

Employee:That's good to hear. Will you have to make any changes to it before I can use it for work? You:We'll scan it for any security vulnerabilities and apply the necessary_____ to close those gaps.

Once a vulnerability is discovered, users should install a patch to eliminate the problem.

CEO:So this would tell us where our security weaknesses are. Any idea how much it will cost to eliminate those vulnerabilities?You:Unfortunately, we can never eliminate all vulnerabilities unless we just stop doing business. Once we get the report, we can determine how much investment is needed to reach a level of______ that balances security costs with a level of risk we're comfortable with.

Reasonable assurance is the recognition that managers must use their judgment to ensure that the cost of control does not exceed the system's benefits or the risks involved.

Vishing

Similar to smishing except that the victims receive a voice mail message telling them to call a phone number or access a Web site

Cybercriminal

Someone who attacks a computer system or network for financial gain

Lone Wolf Attacker

Someone who violates computer or Internet security maliciously or for illegal personal gain

Cyberterrorist

State-sponsored individual or group who attempts to destroy the infrastructure components of governments, financial institutions, corporations, utilities, and emergency response units

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) requires health care organizations to employ standardized electronic transactions, codes, and identifiers to enable them to fully digitize medical records, thus making it possible to exchange medical data over the Internet.

Phishing

The act of fraudulently using email to try to get the recipient to reveal personal data

After deploying several of the recommended security improvements, you suggest that the final and most important step in protecting the organization's security perimeter is

The importance of end-user education cannot be overly emphasized. Creating and enhancing user awareness of security policies is an ongoing security priority for companies. Employees and contract workers must be educated about the importance of security so that they will be motivated to understand and follow security policies.

Incident Containment

The incident response plan should clearly define the process for deciding if an attack is dangerous enough to warrant shutting down or disconnecting critical systems from the network

Social Engineering

The use of deception to trick individuals into divulging data needed to gain access to an information system or network

Spam

The use of email systems to send unsolicited email to large numbers of people

your company's customer service line .... their data is included in the breach

business disruption

ex of zero day attack

can lead to an attack that exposes name, addresses, Social Security numbers, drivers license, And usually the original software manufacturer is an informed of the zero day vulnerability

ashley hacks into a local stores payment processing system and transferred money to her paypal account

cybercriminal

shareholders experience day 19% drop and share value in the 24 hours after the breach was publicized

direct impact

jeffrey steals emails from one of his state's political candidates and post online

hacktivist

the company offers one year of customer credit monitoring for customers whose credit information was compromised

legal consequences

Ransomware

malware that stops you from using your computer or accessing the data on your computer until you meet certain demands such as paying ransom or in some cases sending compromising photos

your company's it operation team works around the clock to identify how the breach occurred and implement needed patches to prevent further damage

recovery cost

cells activity for the quarter drops 22% a tough hit in the middle of the holiday shopping season

reputation damage

Employee:Does that mean my tablet will be safe going forward? You:Not necessarily. For example, a(n) ____could take advantage of a newly discovered vulnerability before it's patched.

zero day attack

Incident Follow-Up

•An essential part of follow-up is to determine how the organization's security was compromised so that it does not happen again. •A formal incident report includes a detailed chronology of events and the impact of the incident.

Protection of Evidence and Activity Logs

•An organization should document all details of a security incident as it works to resolve a security incident. •Capture all system events, the specific actions taken (what, when, and who), and all external conversations (what, when, and who) in a logbook.

Botnet

. The term botnet is used to describe a large group of such computers, which are controlled from one or more remote locations by hackers, without the knowledge or consent of their legitimate owners.