Topic #13, #14, and #15 - CIS 2700 Exam 2 Review

Ace your homework & exams now with Quizwiz!

IT Defenses

- Antivirus Software: Designed to detect malicious codes and prevent users from downloading them - Intrusion Detection Systems (IDS): Scans for unusual or suspicious traffic (passive defense). - Intrusion Prevention Systems (IPS): Is designed to take immediate action - such as blocking specific IP addresses - whenever a traffic-flow anomaly is detected (active defense) *Security is an ongoing, unending process*

Intentional Cyberthreats: Hacking

- Hacking is broadly defined as intentionally accessing a computer without authorization or exceeding authorized access. - Hacktivist: is short for hacker-activist, or someone who performs hacking to promote awareness, or otherwise support a social, political, economic, or other cause.

Factors Leading to an Increased Risk of Cyberattack

- Interconnected, interdependent, and wirelessly networked business environment. - Smaller, faster, and cheaper computers and storage devices. - Decreasing skills necessary to be a computer hacker. - International organized crime taking over cybercrime. - Lack of management support.

Intentional Cyberthreats: Physical Theft or Loss

- Miniaturization: Smaller devices such as laptops, tablets, modems, and routers are easily transportable, are prompt to physical theft or loss. - Difficult to determine if data breach has occurred with unencrypted sensitive document on a missing device.

2016 Biggest Data Breaches Worldwide (Supplemental Knowledge)

1. Anthem Insurance: Identity theft - healthcare records; 78.8 million records breached. 2. Turkish General Directorate: Identity theft - Malicious outsider (government agency); 50 million records breached. 3. Korean Pharmaceutical Info. Center: Identity theft - Malicious insider; 43 million records breached. 4. U.S. Office of Personnel Management: Personally identifiable information (PII) (government agency); 22 million records breached. 5. Experian: Identity theft - malicious outsider (credit bureau); 15 million records breached.

Three Objectives of Data & Information Systems Security

1. Confidentiality: No unauthorized data disclosure. 2. Integrity: Data, documents, messages, and other files have not been altered in any unauthorized way. 3. Availability: Data is accessible when needed by those authorized to do so.

Cyberattack Targets Include

1. Critical infrastructure 2. Theft of intellectual property 3. Identity theft 4. BYOD (Bring Your Own Device) 5. Social media. Attacks can be high profile or under the radar. Managers underestimate IT vulnerabilities and threats.

Exploit

A code that takes advantage of a software vulnerability or security flaw.

Vulnerability

A gap in IT security defenses of a network, system, or application that can be exploited by a threat to gain unauthorized access.

Internal Controls (IC)

A process to ensure that sensitive data is protected and accurate; designed to achieve: - Reliability of financial reporting, to protect investors - Operational efficiency - Compliance with laws, regulations, and policies - Safeguarding of assets

Cyberthreat

A threat posed by means of the internet (a.k.a. cyberspace) and the potential source of malicious attempts to damage or disrupt a computer network, system, or application.

Intellectual Property

A work or invention that is the result of creativity that has commercial value. - Can represent more than 80% of a company's value - Losing intellectual property, commonly known as trade secrets, could threaten a company's existence. - losing customer data to hackers can be costly and embarrassing.

Incident (Supplemental Knowledge)

An attempted or successful unauthorized access to a network, system, or application. - Unwanted disruption or denial of service, unauthorized use of a system for processing or storage of data; changes to a system without the owner's knowledge, instruction, or consent.

Biometric Control - Mobile Security Defense

An automated method of verifying the identity of a person, based on physical or behavioral characteristics (e.g. thumbprint or fingerprint, voice print, retinal scan, and signature).

Voice Biometrics - Mobile Security Defense

An effective authentication solution across a wide range of consimer devices including smartphones, tablets, and TVs.

Copyrighted Property

Blueprint, manuscript, or a design protected by law from unauthorized use by others.

Mobile Biometrics - Mobile Security Defense

Can significantly improve the security of physical devices and provide stronger authentication for remove access or cloud services.

White Hat (Hacker)

Computer security specialist who breaks into protected systems and network to test and assess their security.

Business Continuity Plan

Covers business processes, assets, human resources, and business partners. - Keeps the business running after a disaster occurs. - Covers fires, earthquakes, floods, power outages, malicious attacks, and other types of disasters.

Industry Standards: Payment Card Industry Data Security Standard (PCI DSS)

Created by VISA, MasterCard, American Express, and Discover. - Requires merchants and card payment providers to make certain their web applications are secure. - Improves customers' trust in e-commerce. - Increases the web security of online merchants. - Penalties for noncompliance are severe.

Intentional Cyberthreat

Done on purpose. - Hacking - Phishing - Crimeware (Spyware, adware, malware, and ransomeware) - Insider and Privilege Misuse - Physical Theft

Intentional Cyberthreats: Internal Threats

Insider and Privilege Misuse: - Internal threats from employees can be some of the most challenging to defend against. - Data tampering is a common means of internal attack - Data tampering refers to an attack during which someone enters false or fraudulent data into a computer, or changes/deletes existing data. - Data tampering is extremely serious because it may not be detected; the method often used by insiders and fraudsters.

Intentional Cyberthreats: Crimeware

Malware refers to hostile or intrusive software including: - Computer viruses - Worms - Trojan horses - Ransomware Malicious programs used to disrupt computer or mobile operations, gather sensitive information, gain access to private computer systems. Spyware is tracking software that is not designed to intentionally damage or disable a system but to monitor or track activities. Adware is software that embeds advertisement in the application. Ransomware is a type of malware that is designed to block access to a computer system until a sum of money has been paid

Identity Theft

One of the worst and most prevalent cyber threats. - Made worse by electronic sharing and databases - Businesses reluctant to reveal incidents in which their customers' financial information may have been stolen, lost, or compromised.

Black Hat (Hacker)

Person who attempts to find computer security vulnerabilities and exploit them for personal and/or financial gain, or other malicious reasons.

Gray Hat (Hacker)

Person who may violate ethical standards or principles, but without the malicious intent ascribed to black hat hackers.

Intentional Cyberthreats: Phishing

Phishing: Social-engineering attack that can use email sent to the recipient under false pretense to steal confidential information from the target. Spear Phishing: Targets select groups of people who have something in common. - Trick user into opening an infected email that looks like a real one. - Phony website - Confidential information is requested such as passwords, user IDs, PIN's, and account numbers.

Bring Your Own Device (BYOD)

Policy allows employees to use their personal mobile devices and computers to access enterprise data and applications. - Roughly 74% of U.S. organizations are using or planning to use BYOD. - Security Risk: Mobile devices rarely have strong authentication, access controls, and encryption even though they connect to critical data and cloud services. Device could also be lost or stolen.

Business Continuity

Refers to maintaining business functions or restoring them quickly when there is a major disruption.

Social Media Attacks

Social networks and cloud computing increase vulnerabilities by providing a single point of failure and attack for organized criminal networks. - Social media-related events have quadrupled over the past five years. - One in eight enterprises has suffered at least on security breach due to social media-related cyberattack - Facebook scams were the most common form of malware distributed in 2015.

Threat

Someone or something that can cause loss, damage, or destruction.

Asset

Something of value that needs to be protected.

IT Security Defense-in-Depth Model

Step 1: Senior management commitment and support. Step 2: Acceptable use policies and IT security training. Step 3: IT security procedures and enforcement. Step 4: Hardware and software (kept up-to-date).

Critical Infrastructure

Systems and assets so vital to the country that their incapacity or destruction would have a debilitating effect; such as: - Government Facilities - Transportation Systems - Health Care & Public Health - Emergency Services

Cyber Defense Strategies

The major objectives of Defense Strategies are: - Prevention and deterrence - Detection - Contain the damage (damage control) - Recovery - Correction - Awareness and compliance * Auditing can provide an additional layer of safeguards.*

Cyber Risk Management: Risk

The probability of a threat successfully exploiting a vulnerability and the estimated cost of the loss or damage.

Data Breach

The successful retrieval of sensitive information by an individual, group, or software system. Keywords: Malicious, unauthorized, unwanted, consent.

Unintentional Cyberthreat

Unaware of wrong doing. 1. Human error ( a majority of internal security issues) - Poorly designed systems; Faulty programming - Neglecting to change passwords - Unaware users 2. Environmental Hazards - Natural disasters - Faulty Systems 3. Computer Systems Failures - Poor manufacturing/maintenance or systems malfunctions


Related study sets

Social 10-2 Vocabulary--All Issues

View Set

Chapter 27: Management of Patients with Coronary Vascular Disorders

View Set

Chapter 16: The Structural Basis of Cellular Info: DNA, chromosomes, and the nucleus

View Set

Principles of Macroeconomics Quiz Questions

View Set

Pharmacology II Prep U Chapter 58: Drugs Affecting Gastrointestinal Motility, Ch. 57: Focus on Nursing Pharmacology (Karch) - Drugs Affecting Gastrointestinal Secretions, Pharmacology Antibiotics and Antivirals, Chapter 52: Drugs Affecting the Urinar...

View Set

Psychiatric Mental Health Nursing NCLEX Questions (50 Questions)

View Set

Learning Curve - Ch. 2: Demand: Thinking Like a Buyer

View Set

OB Final HTN & Beetus nclex practice

View Set