Week 6- Information Security and Privacy

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

STAR SLIDE ⭐️ Programs installed on a computer without a users consent or knowledge - use up valuable system resources and may report ______ activities back to the ______ - not designed to ______ system functioning or _____ data from files (NOT a software attack) Ex. Include - small files stored on a computer containing information about visited websites - display pop up advertisements on computer screens - collects personal information about users without consent. This is a _____ to attack. Do this through _____ ______ logging (record key strokes and web browser history) or ______ ______ (record a continuous movie of activities on a screen) - create a launchpad for sending out spam emails

Alien software or pestware, users, creators, disrupt, steal, cookies adware, spyware, conduit, key stroke, screen scraping, spamware

STAR SLIDE ⭐️ Communication Controls - software that attempts to identify and eliminate viruses and worms, and other malicious programs. A software which will find programs, files, softwares, etc that might compromise your computer, either by being ______ or by exploiting a_______ in the program normally supposed to process them- rootkits, _______, and other types of this - the above detects those programs - can perform various protective measures based in the security settings in the antivirus software such as _______, permanent _______, fix, etc. will also look for potentially harmful files that are ______ from the Internet or attacked to an ______ and notifies/removes it to protect your computer

Anti malware systems (AV), executable, vulnerability, Trojans, quarantine, removal, downloaded, email

Examples of physical controls - doors, walls, fences, gates, locks, _____, ______, ______ Systems

Badges, guards, alarm

STAR SLIDE ⭐️ factors contributing to vulnerability - today's interconnected, independent, wirelessly networked ______ environment - ______ support has not increased as quickly as threats: low security ______ among employees - smaller computers and storage devices. Give ex. - decreasing skills necessary needed to be a computer ______: attacks are increasingly sophisticated, new and easier tools make it very easy to attack network - lack of skilled _____ to protect information - international organized ______ taking over cybercrime

Business, management, awareness, flash drives or phones or laptops, hacker, personnel, crime

STAR SLIDE ⭐️ Remote software attack without user action - bombarding and crashing a target computer with bogus requests - used to attack computers to perform above attacks Software attacks by programmers - _____ ______: program disguised as innocent - _____ or _____ door: allows unauthorized access to the program or system, bypassing security measures - _____ _____: dormant until activated at a certain date and time

Denial of service attack (DoS), distributed denial of service attack (DDoS), Trojan horse, back, trap, logic bomb

STAR SLIDE ⭐️ Communication Controls - converting an original message into a form that can only be read by the intended receiver. Ex include ______ ____ version of this (aka asymmetric) and digital _______ - use logins and encryption to establish secured, private connection in a public network (the internet) - an encryption standard for secure transactions such as credit card purchases and online banking (ex. Verisign) - monitor employees computers, email, and internet activity

Encryption, public key, certificate, virtual private network, secure socket layer (transport layer security), employee monitoring systems

STAR SLIDE ⭐️ Individual attempts to gain illegal access to organizational information - ______ _____ is legal information gathering while the above crosses the _____ boundary. Ex. ______, _____ IP An attacker demands payment for not stealing the information, for returning stolen information, or for not to disclose the information stolen from a company

Espionage or trespass, competitive intelligence, legal, Sony, google, information extortion

STAR SLIDE ⭐️ Deliberate threats - _____ or trespass - information ______ - _____ of equipment or information - ______ theft - sabotage or ______ - compromise to ______ property - supervisory control and data acquisition (______) attack's - cyber______ and cyber______ - software attacks (______) - _____ software

Espionage, extortion, theft, identity, vandalism, intellectual, SCADA, terrorism, warfare, malware, alien

STAR SLIDE ⭐️ Communication Controls - enforces access control policy to prevent certain information from moving between untrusted (ex. Internet) and private networks (ex. Company network). Aka _____ filter. basically software which monitors ______ ______ and ______ ______ into and out of a network or computer and determines whether or not to allow it to _______. Can be limited to simple _____/______ combinations or do full _____ aware scans

Firewalls, packet, network traffic, connection attempts, pass, IP, port, content

Strategies for business continuity plan include - a fully configured computer facility with all of the company's services, communication links, and physical plant operations. This _______ computer resources, peripherals, telephone systems, applications and workstations. Reduce risk to the greatest extent but are the most expensive option - provides many of the same services and options as the above but it typically does not include the actual ______ the company needs. Includes ______ equipment such as servers but it often does not include user _______ - provides only rudimentary services and facilities, such as a building or a room with heating, ac, and humidity control. This type of site provides no _____ hardware or user _______. Reduce the risk to the least but are the least expensive option

Hot site, duplicates, warm site, applications, computer, workstations, cold site, computer, workstations

STAR SLIDE ⭐️ Unintentional threats most dangerous departments - ______ _____ personnel - _____ ______ personnel Attackers use social skills to trick a legitimate employee into providing confidential company information such as passwords. Techniques include - ______: when unauthorized individuals follow authorized individuals into an otherwise secure location - ______ searching and Facebook befriending Other areas or threats in the business include ______, guards, contract labor, and ______ Unintentional threat is intentional from ______ side and unintentional from _______/_______ side

Human Resources, information technology, social engineering, tailgating, shoulder, janitors, consultants, attacker, employee, citizen

STAR SLIDE ⭐️ Authentication- proof of ______. Use something the user.... - is (aka ______): an authentication method that examines a persons innate physical characteristics (ex. Include ______ scans, palm scars, _______ scans, iris recognition, _____ recognition) - ______: authentication mechanism that includes regular _____ cards, smart _____ cards, and ______ -_______: an authentication mechanism that includes ______, signature, and _____ recognition - _______: an authentication mechanism that includes _____ and ______ Authorization- determines which actions, rights, or privilege has based on his or her verified _________

Identity, biometrics, fingerprint, retina, facial, has, ID, ID, tokens, does, voice, gait, knows, password, paraphrase, identity

Protecting organizations information resources from unauthorized access, use, disclosure, disruption, modification, or destruction

Information security

STAR SLIDE ⭐️ Smaller equipment is easier to steal. Larger storage means more ______ lost. Ex. Of this includes _____ _____ (rummaging through trash to find discarded information) Deliberate assumption of another persons identity to access financial information through... - _____: impersonating a trusted organization in an electronic communication - stealing from _____ - social engineering (occurs a lot through this)

Information, dumpster diving, theft of equipment or information, identity theft, phishing, databases

More data being collected about customers, represents bigger potential exposure - the more data that needs to be protected the more ______ might be required for ______ technology- bigger servers to handle ______ and ______ data very fast, more money on the encryption software, bigger database, etc Process of transforming information so it is unintelligible to anyone but the recipient Process of transforming encrypted information so that it is legible again

Money, information, encrypting, decrypting, encrypting, decrypting

Information security controls - prevents unauthorized individuals from gaining access to a company's facilities - restricts unauthorized individuals from using information resources (aka computer resources) and involve two major functions: ______ and _______ - secure the movement of data across networks - purpose is to provide guidance to people who keep the business operating after a disaster occurs (disaster recovery plan) - the chain of events linking planning to IT, protection and to recovery

Physical controls, access controls, authentication, authorization, communication controls, business continuity plan, business continuity

STAR SLIDE ⭐️ Unintentional human errors - Carelessness with ______ computing devices (give ex): this includes leaving them places, not having security controls installed, and having malware introduced because of carelessness - opening questionable ______, clicking on links or attachments (ex. Include _____ and spear ______) - careless ______ surfing (look for _____): this can result in ______ and or _____ software being introduced into the organizations network - weak _____ selection and use - carelessness with ones _______: ex include leaving desks and filing cabinets unlocked and not logging off the company network when leaving

Portable, laptop, smartphone, usb flash drives, emails, phishing, phishing, internet, https, malware, alien, password, office

Concerns for personal data - involve collecting, storing, and disseminating information about the individuals - involve the authenticity, fidelity, and accuracy of information that is collected and processed. Ex. Someone else searches something on _____ computer - involve the ownership and value of information - revolve around who should have access to information and whether a fee should be paid for this access - involve security measurements. Ex. So many people have your info (doctor, dentist, etc) and what _____ do they have to protect it

Privacy, accuracy, your, property, accessibility, security, security

Provides online privacy and anonymity by creating a ______ network from a _______ Internet connection (encrypted tunnel of communication) - mask the ______ _______ address so your online actions are virtually untraceable - the ______ _____ address is your digital ______ not the key that gives access to your information

Private, public, virtual private network, internet protocol, internet protocol, location

STAR SLIDE ⭐️ Occurs when an intruder maliciously alters a web page by inserting or substituting provocative and frequently offending data - ex. Syrian electronic army defaces Forbes magazine website Compromises to ______ ______ (the property created by individuals or corporations) - an intellectual work, such as a business plan, that is a company secret and is not based on public information - an official document that grants the holder exclusive rights in an invention or a process for a specified period of time - a statutory grant that provides the creators or owners of intellectual property with ownership of the property, also for a designated period

Sabotage or vandalism, intellectual property, Trade secret, patent, copyright

Target CEO is the first CEO fired for ______ ______

Security breach

STAR SLIDE ⭐️ These kinds of systems control chemical, physical, or transport processes. Give ex. Attack via the internet to use a targets computer systems to cause physical, real world harm - usually to carry out a _____ agenda

Supervisory control and data acquisition attacks (SCADA), oil refineries, water and sewage treatment plans, electrical generators and nuclear power plants, cyberterrorism and cyberwarfare, political

Information security definitions - Any danger to which a system may be exposed - the possibility that the system will suffer harm by a threat - involves the unauthorized viewing, access, or retrieval of data ______ are constant but depending on the ______, chances of _______ are higher or lower

Threat, vulnerability, breach, threat, vulnerability breach

Types of threats - ______ threats (name two types) - ______ threats

Unintentional, human error, social engineering, deliberate

STAR SLIDE ⭐️ Remote software attack needing user action - ______: requires an active host program or an already infected and active operating system in order for it to run, cause damage, and infect other executable files or documents - ______: stand alone malicious program that can self replicate and often uses computer network to spread itself , relying on security failures in the target computer to access it - _____ attack - _____ phishing attack: a phishing attack on a specific target

Virus, work, phishing, spear

STAR SLIDE ⭐️ Communication Controls - a process in which a company identifies the software that it will allow to run on its competitors and permits acceptable software to run, and it either prevents any other software from running or lets new software run only in a quarantined environment until the company can verify its validity - includes certain types of software that are not allowed to run in the company environment. Allows everything to run unless it's on this list

Whitelisting, blacklisting


Ensembles d'études connexes

US History, Chapter 11, Civil War

View Set

Scientific Methods assignment and quiz

View Set

WK10/MN success/High Risk Antepartum

View Set

Chapter 17, 18, 19 - Growth & Development

View Set

Operating System Chapter 8: Memory management services

View Set