Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
securityCHPT1
terms
| Question | Answer |
|---|---|
| accounting | the ability to provides tracking of events |
| asset | an item that has value |
| authorization | the act of ensuring that an individual or element is geniune |
| authentication | the steps that ensure that the individual is who thet claim to be |
| availability | security actions that ensure that data is accessible to authorized users |
| confidentiality | security actions that ensure only authorized parties can view the information |
| threat | type of action that has the potential to cause harm |
| information security threats | events or actions that represent danger to information assets |
| threat | the potential for creating a loss is real |
| vulnerability | a flaw or weakness that allows a threat agent to bypass security |
| risk | the likelihood that the threat agent will exploit the vulnerability |
| three options for dealing with risk | accept the risk |
| three options for dealing with risk | diminish the risk |
| three options for dealing with risk | transfer the risk |
| HIPPA | health insurance portability and accountability act |
| Sarbox | sarbanes oxley act of |
| GLBA | gramm-leach-bliley act |
| californias database security breach notification act | |
| cyberterrorism | a premeditated politically motivated attack against information,computer systems,computer programs,and data that results in violence |
| types of attackers | hackers |
| types of attackers | script kiddies |
| types of attackers | spies |
| types of attackers | insiders |
| types of attackers | cybercriminals |
| types of attackers | cyberterrorists |
| steps of an attack | probe for information |
| steps of an attack | penetrate any defenses |
| steps of an attack | modify security settings |
| steps of an attack | circulate to other systems |
| steps of an attack | paralyze networks and devices |
| five fundamental security principles | layering |
| five fundamental security principles | limiting |
| five fundamental security principles | diversity |
| five fundamental security principles | obscurity |
| five fundamental security principles | simplicity |
| four generally recognized security positions | chief information security officer |
| four generally recognized security positions | security manager |
| four generally recognized security positions | security administrator |
| four generally recognized security positions | security technician |
| information security | focused on protecting the electronic information of organizations and users |
| difficulties in defending against attacks | universally connected devices |
| difficulties in defending against attacks | increase speed of attacks |
| difficulties in defending against attacks | greater sophistication of attacks |
| difficulties in defending against attacks | availability and simplicity of attack tools |
| difficulties in defending against attacks | faster detection of vulnerabilities |
| difficulties in defending against attacks | delays in patching |
| difficulties in defending against attacks | weak patch distribution |
| difficulties in defending against attacks | distributed attacks |
| difficulties in defending against attacks | user confusion |
| security includes | preventive measures |
| security includes | rapid response |
| security includes | preemptive attacks |
| information security ensures that protective measures are | properly implemented |
| information security is intended to | protect information that provided value to people and organizations |
| cia | confidentiality integrity availability |
| three protections that must be extended over information | cia |
| aaa | authentication authorization accounting |
| set of protections that must be implemented to secure information | aaa |
| third objective of information security | protect the devices that store,manipulate,and transmit the information` |
| information security | that which protects the integrity,confidentiality,and availability of info on the devices that store,manipulate,and transmit the information thru products,peoples and procedures |
| information security components | products people procedures |
| information technology assets | information |
| information technology assets | application software |
| information technology assets | system software |
| information technology assets | physical items |
| information technology assets | services |
| information security technology | asset |
| information security technology | threat |
| information security technology | threat agent |
| information security technology | vulnerability |
| information security technology | exploit |
| information security technology | risk |
| ciso | responsible for the assessment,management and implementation of security |
| security manager | supervises technicians,admins,security staff.requires understanding of configuration and operation but not necessarily technical mastery |
| security administrator | has both technical knowledge and managerial skills.manages daily operations of security technology |
| security technician | entry level position with basic necessary skillsdiagnose,troubleshoot,support to configure security hardware |
| cybercriminal characteristics | low incomes |
| cybercriminal characteristics | unstable legal systems |
| cybercriminal characteristics | tense political relations |
| cybercriminal characteristics | strong technical universities |
| main goals of information security | prevent data theft |
| main goals of information security | thwart identify theft |
| main goals of information security | avoid the legal consequences of not securing info |
| main goals of information security | maintaining productivity |
| main goals of information security | foil cyberterrorism |
| hacker | someone who attacks computers |
| script kiddies | someone who wants to break into computers to create damage yet lack the knowledge to do so |
| spy | a person who has been hired to break into a computer and steal info |
| cybercriminals | a network of attackers,identity theives,spammers, and financial fraudsters |
| cyberterrorists | attackers who are motivated by their principles or beliefs |
| exploiting a vulnerability | sending infected email to a system that does not scan for viruses |
| risk | the likelihood that the threat agent will exploit the vulnerability |
| threat agent | person attempting to break into computer |
| threat agent | tornado |
| threat agent | malicious software |
| risk | threat x vulnerability x cost |
| information security loss | theft of info |
| information security loss | a delay in transmiting info |
| information security loss | loss of good will or reputation |
| layering | creating a barrier of multiple defenses |
| layering security | most comprehensive protection |
| limiting access to information | reduces the threat against it |
| diversity | related to layering.if attackers penetrate one layer another layer has a different set of security |
| obscurity | what is on the inside makes attacks more difficult |
| obscurity | the shift changes not known so the planned attack can not be carried out |
| simplicity | complex systems allow more opportunities for something to go wrong |
| white hat hackers | expose security flaws so they get fixed,dont steal data |
| black hat hackers | goal is malicious and destructive |
| black hat hackers | hackers |
Created by:
cgeaski
Popular Computers sets