click below
click below
Normal Size Small Size show me how
securityCHPT1
terms
Question | Answer |
---|---|
accounting | the ability to provides tracking of events |
asset | an item that has value |
authorization | the act of ensuring that an individual or element is geniune |
authentication | the steps that ensure that the individual is who thet claim to be |
availability | security actions that ensure that data is accessible to authorized users |
confidentiality | security actions that ensure only authorized parties can view the information |
threat | type of action that has the potential to cause harm |
information security threats | events or actions that represent danger to information assets |
threat | the potential for creating a loss is real |
vulnerability | a flaw or weakness that allows a threat agent to bypass security |
risk | the likelihood that the threat agent will exploit the vulnerability |
three options for dealing with risk | accept the risk |
three options for dealing with risk | diminish the risk |
three options for dealing with risk | transfer the risk |
HIPPA | health insurance portability and accountability act |
Sarbox | sarbanes oxley act of |
GLBA | gramm-leach-bliley act |
californias database security breach notification act | |
cyberterrorism | a premeditated politically motivated attack against information,computer systems,computer programs,and data that results in violence |
types of attackers | hackers |
types of attackers | script kiddies |
types of attackers | spies |
types of attackers | insiders |
types of attackers | cybercriminals |
types of attackers | cyberterrorists |
steps of an attack | probe for information |
steps of an attack | penetrate any defenses |
steps of an attack | modify security settings |
steps of an attack | circulate to other systems |
steps of an attack | paralyze networks and devices |
five fundamental security principles | layering |
five fundamental security principles | limiting |
five fundamental security principles | diversity |
five fundamental security principles | obscurity |
five fundamental security principles | simplicity |
four generally recognized security positions | chief information security officer |
four generally recognized security positions | security manager |
four generally recognized security positions | security administrator |
four generally recognized security positions | security technician |
information security | focused on protecting the electronic information of organizations and users |
difficulties in defending against attacks | universally connected devices |
difficulties in defending against attacks | increase speed of attacks |
difficulties in defending against attacks | greater sophistication of attacks |
difficulties in defending against attacks | availability and simplicity of attack tools |
difficulties in defending against attacks | faster detection of vulnerabilities |
difficulties in defending against attacks | delays in patching |
difficulties in defending against attacks | weak patch distribution |
difficulties in defending against attacks | distributed attacks |
difficulties in defending against attacks | user confusion |
security includes | preventive measures |
security includes | rapid response |
security includes | preemptive attacks |
information security ensures that protective measures are | properly implemented |
information security is intended to | protect information that provided value to people and organizations |
cia | confidentiality integrity availability |
three protections that must be extended over information | cia |
aaa | authentication authorization accounting |
set of protections that must be implemented to secure information | aaa |
third objective of information security | protect the devices that store,manipulate,and transmit the information` |
information security | that which protects the integrity,confidentiality,and availability of info on the devices that store,manipulate,and transmit the information thru products,peoples and procedures |
information security components | products people procedures |
information technology assets | information |
information technology assets | application software |
information technology assets | system software |
information technology assets | physical items |
information technology assets | services |
information security technology | asset |
information security technology | threat |
information security technology | threat agent |
information security technology | vulnerability |
information security technology | exploit |
information security technology | risk |
ciso | responsible for the assessment,management and implementation of security |
security manager | supervises technicians,admins,security staff.requires understanding of configuration and operation but not necessarily technical mastery |
security administrator | has both technical knowledge and managerial skills.manages daily operations of security technology |
security technician | entry level position with basic necessary skillsdiagnose,troubleshoot,support to configure security hardware |
cybercriminal characteristics | low incomes |
cybercriminal characteristics | unstable legal systems |
cybercriminal characteristics | tense political relations |
cybercriminal characteristics | strong technical universities |
main goals of information security | prevent data theft |
main goals of information security | thwart identify theft |
main goals of information security | avoid the legal consequences of not securing info |
main goals of information security | maintaining productivity |
main goals of information security | foil cyberterrorism |
hacker | someone who attacks computers |
script kiddies | someone who wants to break into computers to create damage yet lack the knowledge to do so |
spy | a person who has been hired to break into a computer and steal info |
cybercriminals | a network of attackers,identity theives,spammers, and financial fraudsters |
cyberterrorists | attackers who are motivated by their principles or beliefs |
exploiting a vulnerability | sending infected email to a system that does not scan for viruses |
risk | the likelihood that the threat agent will exploit the vulnerability |
threat agent | person attempting to break into computer |
threat agent | tornado |
threat agent | malicious software |
risk | threat x vulnerability x cost |
information security loss | theft of info |
information security loss | a delay in transmiting info |
information security loss | loss of good will or reputation |
layering | creating a barrier of multiple defenses |
layering security | most comprehensive protection |
limiting access to information | reduces the threat against it |
diversity | related to layering.if attackers penetrate one layer another layer has a different set of security |
obscurity | what is on the inside makes attacks more difficult |
obscurity | the shift changes not known so the planned attack can not be carried out |
simplicity | complex systems allow more opportunities for something to go wrong |
white hat hackers | expose security flaws so they get fixed,dont steal data |
black hat hackers | goal is malicious and destructive |
black hat hackers | hackers |