Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove Ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

securityCHPT1

terms

QuestionAnswer
accounting the ability to provides tracking of events
asset an item that has value
authorization the act of ensuring that an individual or element is geniune
authentication the steps that ensure that the individual is who thet claim to be
availability security actions that ensure that data is accessible to authorized users
confidentiality security actions that ensure only authorized parties can view the information
threat type of action that has the potential to cause harm
information security threats events or actions that represent danger to information assets
threat the potential for creating a loss is real
vulnerability a flaw or weakness that allows a threat agent to bypass security
risk the likelihood that the threat agent will exploit the vulnerability
three options for dealing with risk accept the risk
three options for dealing with risk diminish the risk
three options for dealing with risk transfer the risk
HIPPA health insurance portability and accountability act
Sarbox sarbanes oxley act of
GLBA gramm-leach-bliley act
californias database security breach notification act
cyberterrorism a premeditated politically motivated attack against information,computer systems,computer programs,and data that results in violence
types of attackers hackers
types of attackers script kiddies
types of attackers spies
types of attackers insiders
types of attackers cybercriminals
types of attackers cyberterrorists
steps of an attack probe for information
steps of an attack penetrate any defenses
steps of an attack modify security settings
steps of an attack circulate to other systems
steps of an attack paralyze networks and devices
five fundamental security principles layering
five fundamental security principles limiting
five fundamental security principles diversity
five fundamental security principles obscurity
five fundamental security principles simplicity
four generally recognized security positions chief information security officer
four generally recognized security positions security manager
four generally recognized security positions security administrator
four generally recognized security positions security technician
information security focused on protecting the electronic information of organizations and users
difficulties in defending against attacks universally connected devices
difficulties in defending against attacks increase speed of attacks
difficulties in defending against attacks greater sophistication of attacks
difficulties in defending against attacks availability and simplicity of attack tools
difficulties in defending against attacks faster detection of vulnerabilities
difficulties in defending against attacks delays in patching
difficulties in defending against attacks weak patch distribution
difficulties in defending against attacks distributed attacks
difficulties in defending against attacks user confusion
security includes preventive measures
security includes rapid response
security includes preemptive attacks
information security ensures that protective measures are properly implemented
information security is intended to protect information that provided value to people and organizations
cia confidentiality integrity availability
three protections that must be extended over information cia
aaa authentication authorization accounting
set of protections that must be implemented to secure information aaa
third objective of information security protect the devices that store,manipulate,and transmit the information`
information security that which protects the integrity,confidentiality,and availability of info on the devices that store,manipulate,and transmit the information thru products,peoples and procedures
information security components products people procedures
information technology assets information
information technology assets application software
information technology assets system software
information technology assets physical items
information technology assets services
information security technology asset
information security technology threat
information security technology threat agent
information security technology vulnerability
information security technology exploit
information security technology risk
ciso responsible for the assessment,management and implementation of security
security manager supervises technicians,admins,security staff.requires understanding of configuration and operation but not necessarily technical mastery
security administrator has both technical knowledge and managerial skills.manages daily operations of security technology
security technician entry level position with basic necessary skillsdiagnose,troubleshoot,support to configure security hardware
cybercriminal characteristics low incomes
cybercriminal characteristics unstable legal systems
cybercriminal characteristics tense political relations
cybercriminal characteristics strong technical universities
main goals of information security prevent data theft
main goals of information security thwart identify theft
main goals of information security avoid the legal consequences of not securing info
main goals of information security maintaining productivity
main goals of information security foil cyberterrorism
hacker someone who attacks computers
script kiddies someone who wants to break into computers to create damage yet lack the knowledge to do so
spy a person who has been hired to break into a computer and steal info
cybercriminals a network of attackers,identity theives,spammers, and financial fraudsters
cyberterrorists attackers who are motivated by their principles or beliefs
exploiting a vulnerability sending infected email to a system that does not scan for viruses
risk the likelihood that the threat agent will exploit the vulnerability
threat agent person attempting to break into computer
threat agent tornado
threat agent malicious software
risk threat x vulnerability x cost
information security loss theft of info
information security loss a delay in transmiting info
information security loss loss of good will or reputation
layering creating a barrier of multiple defenses
layering security most comprehensive protection
limiting access to information reduces the threat against it
diversity related to layering.if attackers penetrate one layer another layer has a different set of security
obscurity what is on the inside makes attacks more difficult
obscurity the shift changes not known so the planned attack can not be carried out
simplicity complex systems allow more opportunities for something to go wrong
white hat hackers expose security flaws so they get fixed,dont steal data
black hat hackers goal is malicious and destructive
black hat hackers hackers
Created by: cgeaski