Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
ISPP Chapter 10
Information Systems Security and Controls
| Question | Answer |
|---|---|
| 4 Primary Threats to IS Security | • Accidents and Natural Disasters • Employees and Consultants • Links to Outside Business Contacts • Outsiders |
| Information Systems Security | Precautions taken to keep all aspects of IS safe unauthorised use of access |
| Information Modification | Someone changes the information in some way |
| Unauthorised Access | People who are not given permission to see, modify or use data whether it be physical or digital data |
| Viruses | Destructive code that corrupt and destroy data |
| Worms | Like viruses, but tend to spread faster due to their replication nature |
| Denial of Service | Attack when electronic intruders deliberately attempt to prevent legitmate users from accessing services. Zombie computers are usually used to implement this. |
| Spyware | Software that secretly gathers information about a computer user without their knowledge. Adware is spyware that targets the user with banner advertisements |
| Spam | Junk email, sometimes containing worms and viruses |
| Spam Filters | Prevent Spam |
| Phishing | Attempts to trick bank account holders into giving away personal information for illegitimate use |
| CAPTCHA | A image displaying a code that a user has to input into an electronic form before submitting it |
| Cookies | Message passed to web browsers on a user's computer by a web server. Generally necessary for many sites, but can be used as spyware or other forms of malware |
| Risk analysis | Process in which you assess the value of the assets being protected over being compromised and the costs associated with it being compromised. |
| 3 Reactions for Risk Analysis | • Risk Reduction • Risk Acceptance • Risk Transference |
| Authentication | Passwords, photo ID's etc |
| Biometrics | Authentication using fingerprints, eye retinal patterns etc |
| Access-control Software | Software that keeps data secure from use or access depending on the user's permissions |
| Wireless LAN Control | Security control for Wireless networks |
| Drive-by Hacking | An outside attacker hacks the network for illegitimate use without entering the business premises |
| Firewalls | System designed to detect intrusion and prevent unauthorised access |
| Virtual Private Network (VPN) | Secure tunnel network for transferring data that is constructed dynamically within an existing network. |
| Encryption | Process of encoding messages which allows for authentication, privacy/confidentiality, integrity and non repudiation (ID of sender) |
| 5 Virus Prevention Measures | • Install Antivirus software • Avoid using flashdrives from unknown sources • Delete suspicious email • Treat all email with caution • Report suspicious activity immediately |
| Audit-control Software | Keeps track of computer activity so auditors can spot it and take action |
| Facilities | A place that is secure from human intervention as well as from the elements for IS |
| 3 Technological Safeguards | • Data Backups • CCTV • UPS (Uninterruptible power supply) |
| 3 Non-technical Safeguards | • Management of people's use of IS • Trustworthy Employees • Well-treated employees |
| 5 Step IS Security Plan | • Risk Analysis • Policies and Procedures for security breach • Implementation • Training of personnel • Auditing |
| Hierarchy of IS controls (Figure 10.27) | • Policies and Procedures • Management and Supervision • Technology and Applications |
| 3 Types of IS controls | • Preventative • Detective • Corrective |
| Sarbanes-Oxley Act | A reaction to large-scale accounting scandals primarily addressing the accounting sector that includes the use of IS controls in compliance reviews |
Created by:
coeezy
Popular Computers sets