CYB 333 Q1

Ace your homework & exams now with Quizwiz!

GLBA

"Graham-Leach-Bliley Act" (Financial Services Modernization Act of 1999) repealed a 1933 law that barred the consolidation of financial institutions and insurance companies. Included within GLBA are multiple sections relating to the privacy of financial information. Companies must provide written notice to consumers of their privacy rights and explain the company's procedures for safeguarding data.

worms

. A worm is a self-contained program that replicates and sends copies of itself to other computers without any user input or action. Unlike a virus, a worm does not need to attach itself to an existing program.

Five types of authentication

1. Something you know 2. Something you have 3. Something unique to u 4. Somewhere you are 5. Something you do (or how you do it)

Buffer overflows

: An attack conducted by supplying more data than is expected. Buffer overflow attacks takes advantage of a system that does not properly account for the amount of data input into an application

Buffer overflows

: An attack conducted by supplying more data than is expected. Buffer overflow attacks takes advantage of a system that does not properly account for the amount of data input into an application.

Backdoors:

: Programs that attackers install after gaining unauthorized access to a system, to ensure that they can continue to have unrestricted access are known as:

Acceptable use policy

: defines what users are allowed to do with organization-owned IT assets

Role-based access control

: permission to access a system or resource is dependent upon the person's role (or job title) in an organization.

Rootkits

: software programs that have the ability to hide certain things from the operating system

Compliance laws

FISMA, SOX, GLBA, HIPAA, CIPA, FERPA

FERPA

Family Education Rights and Privacy Act

FISMA

Federal Information Security Management Act of 2002

phreaking

Hacking of the systems and computers used by phone companies

HIPAA

Health Insurance Portability and Accountability Act of 1996

accountability

The process of associating actions with users for later reporting and research is known as: It ensures that a person who access or makes changes to data or systems can be identified.

risk management

describes the process of identifying, assessing, prioritizing, and addressing risks.

Mandatory access controls

permission to access a system or resource is determined by the sensitivity of the resource through the user's security level.

gray hat hackers

A cross between black and white—they will often illegally break into systems merely to flaunt their expertise to the administrator of the system they penetrated or to attempt to sell their services in repairing security breaches.

CIPA

Children's Internet Protection Act (2001) The law places restrictions on the use of funding that is available through the Library Services and Technology Act (LSTA) of the Elementary and Secondary Education Act (ESEA), and on the Universal Service discount program known as the E-rate (discounts for Internet access or internal connections). Requires Internet safety policies (AUPs) and technology which blocks or filters certain material from being accessed through the Internet. Deadline for compliance with CIPA was July 1, 2004, following the Supreme Court ruling in 2003.

SOX

Sarbanes-Oxley Act of 2002

Logic bomb

a form of malware that executes when a certain predefined event occurs

Virus

a virus attaches itself to or copies itself into another program on a computer. It infects a host program and causes that host program to replicate itself to other computers.

Vulnerability

a weakness that allows a threat to be realized or have an effect on an asset

Authorization controls include

access control lists, physical access control, and network traffic filters. A biometric device is an authentication control

black hat hackers

break into other people's computer systems and may just look around or may steal and destroy information

Single sign-on (SSO)

can provide for stronger passwords because with only one password to remember, users are generally willing to use stronger passwords

Need to know

concept that prevents people from gaining access to information they don't need to carry out their job function

Confidentiality

concerned with privacy and secrecy

CIA Triad

confidentiality, integrity, and availability.

A security policy

defines a risk-mitigating definition or solution for your organization

Disaster Recovery plan:

defines how a business can get back on its feet after a major disaster (hurricane, fire). The steps involved in creating a comprehensive DRP should be completed in this order: define potential threats, document likely impact scenarios, and document the business and technical requirements to initiate the implementation phase

Hardening a system

ensure controls are in place to control known threats.

Types of biometrics

fingerprint, palm print, retina scan, hand geometry, facial recognition, voice patterns, keystroke dynamics

Bluesnarfing

gaining unauthorized access through a Bluetooth device

Business Continuity plan (BCP)

gives priorities to the functions an organization needs to keep going. A business continuity plan is a written plan for a structured response to any events that result in an interruption to critical business activities or functions.

PCI DSS

governs how credit cards, includes provisions that Gwen should implement before accepting credit card transactions

A business impact analysis (BIA)

identifies the resources for which a business continuity plan (BCP) is necessary.

A gap analysis

is a comparison of the security controls you have in place and the controls you need in order to address all identified threats

threat

is any action that could damage an asset. Information systems face both natural and human-induced threats

Availability

is concerned with ensuring that information is readily accessible to authorized users at all times

Access controls fall into 2 categories

logical access controls and physical access controls. Logical access controls allow access into a system or network; physical access allows access into buildings and protected areas

Ransomware

malware that forces a victim organization to pay money to prevent the deletion of data.

Trojan horse

malware that masquerades as a useful program

Botnet

many Internet-connected computers under the control of a remote hacker

Principle of least privilege

means granting someone the minimum access that allows them to do their job.

security kernel

provides a central point of access control and implements the reference monitor concept. It mediates all access requests and permits access only when the appropriate rules or conditions are met.

Integrity

refers to the ability to prevent data from being changed in an undesirable or unauthorized manner.

IoT five critical challenges

security, privacy, interoperability, legal and regulatory compliance, and emerging social and economic issues.

Evil twin attack

the attacker deploys a fake open or public wireless network to use a packet sniffer on any user who connects to it.

discretionary access system

the owner of the resource decides who gets in and changes permissions as needed. The owner can delegate that responsibility to others

Brute force attack

tries every possible combination of characters

white hat hackers

work at the request of the system owners to find system vulnerabilities and plug the holes

Dictionary attack

works by hashing all the words in a dictionary and then comparing the hashed value with the system password file to discover a match.


Related study sets

Subjuntivo Nominal - Presente y Pasado Clase de Lengua y Cultura Práctica 2

View Set

Types of life insurance policies

View Set

( 2 )- Health Insurance Providers

View Set

Chapter 8 Study Guide ( American History)

View Set

Principles of Management: Chapter 10 (Wesson)

View Set