Busy. Please wait.

Forgot Password?

Don't have an account?  Sign up 

show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.

By signing up, I agree to StudyStack's Terms of Service and Privacy Policy.

Already a StudyStack user? Log In

Reset Password
Enter the email address associated with your account, and we'll email you a link to reset your password.

Remove ads
Don't know (0)
Know (0)
remaining cards (0)
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
restart all cards

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Chapter 1 terms

Chapter 1 Security Terms

Advanced Persistent Threat (APT) Multiyear intrusion campaign that targets highly sensitive economic, proprietary, or natiional security information.
Asset An item that has value
Authentication The steps that ensure that the individual is who he or she claims to be
Availability Security actions that ensure that data is accessible to authorized users
Broker Attacker who sells knowledge of a vulnerability to other attackers or governments
BYOD (bring your own device) The practice of allowing users to use their own personal devices to connect to an organizational network.
Califorina's Database Security Breach Notification Act The first state electronic privacy law, which covers any state agency, person, or company that does business in california
Confidentiality Security actions that ensure that only authorized parties can view the information
Cyber Kill Chain A systematic outline of the steps of a cyber attack, introduced at Lockheed Martin in 2011
Cybercrime Targeted attacks against financial networks, unauthorized access to information, and the theft of person infomation
Cybercriminals A network of attackers, identity thieves, spammers, and financial fraudsters
Cyber terrorsim A premeditated politically motivated attack against information computer systems computer programs and data which often resuslts in violence
deterrence understanding the attacker and then informting him of the consequences of the action
exploit kit automated attack package that can be used without and advanced knowledge of computers
Gramm-Leach-Bliley Act (GLBA) A U.S. Law that requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information
hactivist attacker who attacks for ideological reasons that are generally not as well-defined as a cyberterrorist's motivations
Heal Insurance Portability and Accountability Act (HIPPa) A U.S. law designed to guard protected health information and implement policies and procedures to safeguard it.
Identity theft Stealing another person's personal infomration such as a Social Security number, and then using the information to impersonate the victim. generally for financial gain.
Information security the tasks of protecting the intergrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, peopole, and procedures
insiders Employees, contractors, and business partners who can be responsible for an attack
Integrity Security actions that ensure that the information is correct and no unauthroized person or malicious software has altered the data
mitigation addressing a risk by making it less serious
Payment Card Industry Data Security Standard (PCI DSS) A set of security standards that all U.S. compaines processing, storing, or transmitting credit card information must follow
risk A situation that involves exposure to danger
risk avoidance Identifying the risk but making the decision to not engage in the activity
risk avoidance identifying the risk but making the decision to not engage in the activity
Sarbanes-Oxley Act (Sarbox) A U.S. law designed to fight corporate corruption
Script kiddie Individual who lacks advancedknowledge of computers and networks and so uses downloaded automated attack softwar to attack information systems
State-sponsored attacker Attacker commissioned by governements to attack enemies information systems
threat a type of action that has the potential to cause harm
threat agent A person or element that has the power to carry out a threat
Threat likelihood The probability that a threat will actually occur
Threat vector the means by which an attack could occur
Transference Transferring the risk to a thrid party
Vulnerability A flaw or weakness that llows a threat agent to bypass security.
Acceptance Acknowledging a risk but taking to action to address it
Accounting the ability that provides tracking of events
Created by: Senglert