Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Final Exam

TermDefinition
Availability ______________ enables authorized users-persons or computers systems to access information without inference or obstruction
Accuracy Information has ______________ when it is free from mistakes or errors and it has the value that the end user expects
Authenticity ______________ of information is the quality or state of being genuine
Confidentially Information has ______________ when it is protected from disclosure or exposure to unauthorized individuals or systems
Integrity Information has ______________ when it is whole, complete, and uncorrupted
Software piracy The most common breach of software-based intellectual property is ______________
Virus A ______________ consists of segments of code that performs malicious actions
Worm A ______________ is a malicious program that replicates itself constantly, without requiring another program environment
Trojan Horses ______________ are software programs that hide their true nature and reveal their design behavior only when activated
Espionage When an individual gains access to information an organization is trying to protect, it is considered ______________
Hackers ______________ are people who use and/or create computer software to gain access to information illegally
Human error The category of threats that includes acts performed without intent or malicious purpose by an authorized user is ______________
Attack A/n ______________ is an act that takes advantage of a vulnerability to compromise a controlled system
Phishing ______________ is an attempt to gain personal or financial information from an individual usually by posing as a legitimate entity
Pharming ______________ is the redirection of legitimate web traffic to an illegitimate site for the purpose of obtaining private information
Laws ______________ are formally adopted rules for acceptable behavior
Civil ______________ law governs a nation or state
Criminal ______________ law addresses a violation that harms society
Private ______________ law focuses on individual relationships
Public ______________ law govern regulatory agencies
The protection of information (along with critical assets, hardware, and systems that use or transmit information) from threats, such as hackers or cyberterrorists. Physical security is when physical objects are safely guarded from improper access What is security?
It is the criteria for what makes information of value to organizations. It has been the industry standard since the beginning of the mainframe. Confidentially, integrity, and availability. Discuss the CIA Triangle
Software, Hardware, Data, Procedures, People, Networks What are the 6 major components of information systems?
The bottom-up is when grassroots efforts attempt to change (not often successful). Top-down is when corporate-level top employees do it (normally successful) Describe the bottom-up and top-down approach to information security
SEE PAGE 44 FOR THREATS List 10 of the 14 categories of threats
Protects the organization's ability to function Enables the safe operation of applications in the IT systems Protects the data the organization uses and collects Safeguards the company's technological assets What are the functions (4) that information security performs for an organization?
1. 2. 3. Probability that penalty will be administered What do we do to make laws and penalties a deterrent?
A vulnerability is a risk in the system that has the potential to be exploited by threats. Exposure is when those vulnerabilities become public. Attacking is the act of taking advantage of a vulnerability to compromise a controlled system. What is the difference between an exposure, vulnerability, and attack?
Telecommunications Deregulation and Competition Act Regulates interstate and foreign telecommunications
Freedom of Information Act Allows for the disclosure of previously unreleased information and documents controlled by the US government
Federal Privacy Act Governs federal agency use of personal information
Electronic Communications Privacy Regulates interception and disclosure of electronic information
Computer Fraud and Abuse Act Defines and formalizes laws to counter threats from computer-related acts and offenses.
Economic Espionage Act Prevents abuse of information gained while employed elsewhere
Security and Freedom through Encryption Act Affirms the rights of persons in the United States to use and sell products that include encryption and relax export controls on such products
Identity Theft and Assumption Deterrence Act Attempts to instigate specific penalties for identity theft
Gramm-Leach-Bliley Act Repeals the restriction on banks affiliating with insurance and security firms
SOX Enforces accountability for executives at publicly traded companies
Risk Each threat must be examined to assess the potential to endanger an organization. This examination is known as a/n ______________ assessment.
Likelihood ______________ is the probability that a specific vulnerability will be the object of a successful attack
Residual ______________ risk is the risk that remains even after the application of controls
Policies ______________ are documents that specify an organization's approach to security
Defense in depth The layered approach to security is called ______________
Security perimeter A/n ______________ defines the boundary between the outer limit of an organization's security and the beginning of the outside world
Firewall A/n ______________ is a device that selectively discriminates against information flowing into or out of the organization
DMZ A buffer against outside attacks is considered a/n ______________
Mandatory access ______________ controls give users and data owners limited control over access to information
Role based ______________ controls are tied to the role a user performs in an organization
Task based ______________ controls are tied to the assignment or responsibility of the user
Intrusion A/n ______________ occurs when an attacker attempts to gain entry into or disrupt the normal operations of an information system
Intrusion detection A/n ______________ works like burglar alarm to detect an attempt to break into your computer system
Intrusion prevention A/n ______________ can detect an intrusion and prevent that intrusion
Host A ______________ IDPS resides on a particular computer or server, known as the host, and monitors activity only on that system
Enterprise Security Plan General security policy
System Specific Plan Functions as standards or procedures to be used when configuring systems
DMZ Boundary between the outer limit of an organization's security and the beginning of the outside world
Firewall Device that discriminates against information flowing into or out of the organization
Proxy Server performs services on behalf of another system
SETA Control measure to reduce the incidences of accidental security breaches by employees
Incident Response Plan Addresses the identification, classification, response, and recovery from an incident
Disaster Recovery Plan Addresses the preparation from and recovery from a disaster
Business Continuity Plan Ensures that critical business functions continue if disaster occurs
Static Packet Filtering First generation firewalls
Application layer Second generation firewalls
Transport Mode Data within an IP packet is encrypted but not the header information
Tunnel Mode the entire client packet is encrypted
Signature-based IDPS examines network traffic in search of patterns that match known signatures
Statistical anomaly-based IDPS collects statistical summaries by observing traffic that is known to be normal
Stateful ______________ Protocol analysis compares predetermined profiles of benign activity against observed events to identify deviations
Deep packet inspection examines packets at the application layer for information that indicates a possible intrusion
Honeypot Decoy systems designed to lure potential attackers away from critical systems
Padded cell A honeypot that has been protected so that it cannot be easily compromised
Trap-and-trace application Combination of techniques to detect an intrusion and then trace it back to its source
Mitigate, Defend, Transfer, Accept, Control What are the 5 basic risk control strategies?
General - direction of security within organization Issue specific - deals with individual issues surrounding security (email, acceptable use, etc...) System specific - deals with the system in general and its configuration Name and discuss the three types of security policies
Something a user knows (Password, PIN #) Something a user has (Key card, computer chip) Something a user is (Retina, thumbprint) There are three authentication mechanism. What are they and briefly describe each?
A particular user can have authorization for their specific area A group of users can have authorization for the resources they are using Authorization across multiple systems Authorization can be handled in one of three ways. What are they?
Authentication, Encapsulation, and Encryption A VPN that proposes to offer a secure and reliable capability must accomplish what three functionality regardless of protocols used.
Kerberos is a third party authentication program that uses a symmetric encryption. It has a database of keys between the client and the server. It issues temporary keys for users to gain access. Explain how Kerberos works?
?????????? Define the technologies used in biometric authentication technologies?
Fingerprint, Iris, Retina What are the three human characteristics considered truly unique?
Cryptanalysis ______________ is the process of obtaining the original message from an encrypted message without knowing the algorithm and keys used to perform the encryption
Encryption ______________ is the process of converting an original message into a form that is unreadable to unauthorized individuals
Decipher To decrypt, decode, or convert, ciphertext into the equivalent plaintext is ______________
Encipher To encrypt, encode, or convert, plaintext into the equivalent ciphertext is ______________
Transposition The ______________ cipher simply rearranges the values with a block to create the ciphertext
Message access control A ______________ allows only specific recipients (symmetric key holders) to access the message digest
Secure hash standard The ______________ is a secure algorithm for computing a condensed representation of a message of a data file
Symmetric Encryption methodologies that require the same secret key to encipher and decipher the message is considered ______________ encryption.
Assymetric Encryption methodologies that require two different but related keys, and either key can be used to encrypt or decrypt the message is ______________ encryption
Nonreputation Digital signature can be used to verify that the message was sent by the sender. This process is known as ______________
Steganography The process of hiding information within a file is a modern version of ______________
Fail-safe If a door lock fails and the door becomes unlocked, it is a/n ______________
Fail-secure If a door lock fails and the door becomes locked, it is a/n ______________
TEMPEST ______________ is a technology that prevents the loss of data that may result from the emission of electromagnetic radiation
Mantrap ______________ is a small enclosure that has a separate entry and exit points
Tailgating ______________ occurs when an authorized person present a key to open a door and other people with or without authorization may enter
Direct A/n ______________ changeover involves stopping the old method
Phased A/n ______________ implementation involves a measured rollout of the planned system
Pilot In ______________ implementation, the entire security system is put in a single office as a test
Parallel The ______________ operations strategy involves running the new methods alongside the old.
Information technology When positioning the information security department within an organization, the model commonly used by large organizations places the information security department within the ______________ department
CIO The ______________ is the executive in charge of the organization's information
CISO The ______________ must direct the information security department
separation of duties ______________ is used to reduce the chance of an individual violating information security and breaching the confidentiality, integrity, or availability of information.
least privilege The principle that employees should be provided access to the minimum amount of information for them to perform their duties
rate of rise thermal detection fixed temperature What are the three basic types of fire detection systems?
Temperature Filteration Humidity Static Electricity What are the four environmental variables controlled by HVAC that can cause damage to information systems?
Direction Observation Interception of Transmission Electronic Intercepting What are the three methods of data interception?
Getting Started/Planning Setting Goals/Actions Wrapping Up What are the major steps in executing a project plan?
When the expected result and the measured result do no match, and there is significant deviation, the problem is investigated and fixed What is a negative feedback loop?
Time and money Goals Resources When executing a plan, a project manager can adjust one of three planning parameters, what are they?
Dates of Start/End Cost of Expenditures Cost of Non-Expenditures People to Work on the Program Goals to Worked On Name 5 things that goes into a work breakdown structure
They're minerals, Marie! Asymmetric vs Symmetric? Look 'em up!
Created by: mgolf