Chapters 1-3
Quiz yourself by thinking what should be in
each of the black spaces below before clicking
on it to display the answer.
Help!
|
|
||||
|---|---|---|---|---|---|
| Rand Report | show 🗑
|
||||
| Multiplexed Information and Computing Service (MULTICS) | show 🗑
|
||||
| microprocessor | show 🗑
|
||||
| security | show 🗑
|
||||
| show | _____ protects physical items, objects, or areas from unauthorized access and misuse
🗑
|
||||
| personnel security | show 🗑
|
||||
| show | _____ protects the details of a particular operation or series of activities
🗑
|
||||
| show | _____ protects networking components, connections, and contents
🗑
|
||||
| information security | show 🗑
|
||||
| show | _____ is the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information
🗑
|
||||
| confidentiality, integrity, and availability | show 🗑
|
||||
| access | show 🗑
|
||||
| show | An intentional or unintentional act that can cause damage to or otherwise compromise information and/or the systems that support it
🗑
|
||||
| control, safeguard, or countermeasure | show 🗑
|
||||
| exploit | show 🗑
|
||||
| show | In information security, _____exists when a vulnerability known to an attacker is present.
🗑
|
||||
| loss | show 🗑
|
||||
| protection profile or security posture | show 🗑
|
||||
| risk | show 🗑
|
||||
| subject / object | show 🗑
|
||||
| show | A category of objects, persons, or other entities that presents a danger to an asset. _____ are always present and can be purposeful or undirected
🗑
|
||||
| show | The specific instance or a component of a threat. All hackers in the world present a collective threat but one single hacker is a _____.
🗑
|
||||
| vulnerability | show 🗑
|
||||
| show | Critical Characteristics of Information: the value of information comes from the 7 characteristics it possesses:
🗑
|
||||
| show | _____ enables authorized users—persons or computer systems—to access information without interference or obstruction and to receive it in the required format
🗑
|
||||
| show | Information has _____ when it is free from mistakes or errors and it has the value that the end user expects
🗑
|
||||
| show | _____ of information is the quality or state of being genuine or original, rather than a reproduction or fabrication. Information has _____ when it is in the same state in which it was created, placed, stored, or transferred
🗑
|
||||
| email spoofing | show 🗑
|
||||
| pretexting | show 🗑
|
||||
| phishing | show 🗑
|
||||
| integrity | show 🗑
|
||||
| show | when a file is read by a special algorithm that uses the value of the bits in the file to compute a single large number
🗑
|
||||
| utility | show 🗑
|
||||
| possession | show 🗑
|
||||
| show | An _____ is much more than computer hardware; it is the entire set of software, hardware, data, people, procedures, and networks that make possible the use of information resources in the organization.
🗑
|
||||
| software, hardware, data, people, procedures, networks | show 🗑
|
||||
| show | _____ is the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system
🗑
|
||||
| data | show 🗑
|
||||
| people | show 🗑
|
||||
| show | _____ are written instructions for accomplishing a specific task. When an unauthorized user obtains an organization’s _____, this poses a threat to the integrity of the information
🗑
|
||||
| show | The IS component that created much of the need for increased computer and information security is _____
🗑
|
||||
| show | To achieve balance and to operate an information system that satisfies the user and the security professional, the security level must allow _____, yet protect against threats
🗑
|
||||
| show | Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems. This is often referred to as a _____ approach.
🗑
|
||||
| show | The _____ approach—in which the project is initiated by upper-level managers who issue policy, procedures and processes, dictate the goals and expected outcomes, and determine accountability for each required action, has a high probability of success.
🗑
|
||||
| processes and procedures | show 🗑
|
||||
| show | The _____ is a methodology for the design and implementation of an information system.
🗑
|
||||
| Investigation, Analysis, Logical Design, Physical Design, Implementation, Maintenance | show 🗑
|
||||
| show | The _____ phase begins with an examination of the event or plan that initiates the process. During the _____ phase, the objectives, constraints, and scope of the project are specified.
🗑
|
||||
| analysis | show 🗑
|
||||
| show | In the _____ phase, the information gained from the analysis phase is used to begin creating a systems solution for a business problem.
🗑
|
||||
| show | During the _____ phase, specific technologies are selected to support the alternatives identified and evaluated in the logical design. This phase integrates various components and technologies.
🗑
|
||||
| show | In the _____ phase, any needed software is created. Components are ordered, received, and tested.
🗑
|
||||
| show | The _____ phase is the longest and most expensive phase of the process. This phase consists of the tasks necessary to support and modify the system for the remainder of its useful life cycle.
🗑
|
||||
| remain the same | show 🗑
|
||||
| 1. Protecting the organization’s ability to function 2. Enabling the safe operation of applications running on the organization’s IT systems 3. Protecting the data the organization collects and uses 4. Safeguarding the organization’s technology assets | show 🗑
|
||||
| policy | show 🗑
|
||||
| goods and services | show 🗑
|
||||
| size and scope | show 🗑
|
||||
| public key infrastructure (PKI) | show 🗑
|
||||
| firewall | show 🗑
|
||||
| show | _____ is an object, person, or other entity that presents an ongoing danger to an asset.
🗑
|
||||
| intellectual property | show 🗑
|
||||
| show | unlawful use or duplication of software-based intellectual property.
🗑
|
||||
| show | Deliberate software attacks occur when an individual or group designs and deploys software to attack a system. Most of this software is referred to as _____. They damage, destroy, or deny service to the target systems.
🗑
|
||||
| show | A computer _____ consists of segments of code that perform malicious actions. The code attaches itself to an existing program and takes control of that program’s access to the targeted computer.
🗑
|
||||
| macro virus | show 🗑
|
||||
| worm | show 🗑
|
||||
| trojan horse | show 🗑
|
||||
| show | A virus or worm can have a payload that installs a _____ component in a system, which allows the attacker to access the system at will with special privileges.
🗑
|
||||
| show | A _____ threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures.
🗑
|
||||
| availability disruption | show 🗑
|
||||
| brownout | show 🗑
|
||||
| show | _____ is a well-known and broad category of electronic and human activities that can breach the confidentiality of information.
🗑
|
||||
| competitive intelligence | show 🗑
|
||||
| hacker | show 🗑
|
||||
| show | Expert hacker programs are automated exploits that allow novice hackers to act as _____ or hackers of limited skill who use expertly written software to attack a system
🗑
|
||||
| packet monkeys | show 🗑
|
||||
| show | The term _____ is now commonly associated with an individual who cracks or removes software protection that is designed to prevent unauthorized duplication.
🗑
|
||||
| show | A _____ hacks the public telephone network to make free calls or disrupt services.
🗑
|
||||
| human error or failure | show 🗑
|
||||
| information extortion | show 🗑
|
||||
| show | Missing, inadequate, or incomplete organizational _____ makes an organization vulnerable to loss, damage, or disclosure of information assets when other threats lead to attacks.
🗑
|
||||
| show | Missing, inadequate, or incomplete _____ that are missing, misconfigured, antiquated, or poorly designed make an organization more likely to suffer losses when other threats lead to attacks.
🗑
|
||||
| show | _____ is a category of threat involving the deliberate destruction of a computer system or business, or acts of mischief to either destroy an asset or damage the image of an organization.
🗑
|
||||
| show | _____ operations interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.
🗑
|
||||
| cyberterrorism | show 🗑
|
||||
| show | _____ is the illegal taking of anothers property, which can be physical, electronic, or intellectual
🗑
|
||||
| trap doors | show 🗑
|
||||
| malicious code | show 🗑
|
||||
| bot | show 🗑
|
||||
| Spyware | show 🗑
|
||||
| adware | show 🗑
|
||||
| show | The application of computing and network resources to try every possible password combination is called a _____ attack.
🗑
|
||||
| show | The _____ attack is a variation of the brute force attack which narrows the field by selecting specific target accounts and using a list of commonly used passwords instead of random combinations
🗑
|
||||
| denial-of-service (DoS) | show 🗑
|
||||
| show | A _____ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.
🗑
|
||||
| show | _____ is a technique used to gain unauthorized access to computers, wherein the intruder sends messages with a source IP address that has been forged to indicate that the messages are coming from a trusted host.
🗑
|
||||
| man-in-the-middle / hijacking | show 🗑
|
||||
| spam | show 🗑
|
||||
| show | A _____is when an attacker routes large quantities of e-mail to the target.
🗑
|
||||
| sniffer | show 🗑
|
||||
| show | _____ is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker.
🗑
|
||||
| show | Phishing attacks use three primary techniques, often in combination with one another:
🗑
|
||||
| pharming | show 🗑
|
||||
| timing | show 🗑
|
||||
| show | An approach to software development that includes planning for security objectives in the systems development lifecyle used to create systems with procedures and software deployed in a secure fashion is called _____.
🗑
|
||||
| show | Commonplace security principle that says:
Keep the design as simple and small as possible
🗑
|
||||
| fail-safe defaults | show 🗑
|
||||
| open design | show 🗑
|
||||
| show | Commonplace security principle that says:
where feasible a protection mechanism should require two keys to unlock, rather than one
🗑
|
||||
| least privilege | show 🗑
|
||||
| least common mechanism | show 🗑
|
||||
| psychological acceptability | show 🗑
|
||||
| show | Commonplace security principle that says:
every access to every object must be checked for authority
🗑
|
||||
| buffer | show 🗑
|
||||
| overrun | show 🗑
|
||||
| show | _____ problems occur when user input is passed directly to a compiler or interpreter. The underlying issue is the developer’s failure to ensure that command input is validated before it is used in the program.
🗑
|
||||
| cross site scripting (or XSS) | show 🗑
|
||||
| programmers | show 🗑
|
||||
| show | Most modern cryptosystems use ____. These use a mathematical algorithm, based on a seed value and another other system component (such as the computer clock) to simulate a random number.
🗑
|
||||
| show | Control Developers use a process known as _____ to ensure that the working system delivered to users represents the intent of the developers.
🗑
|
||||
| Improper File Access | show 🗑
|
||||
| show | Programmers use ______ abbreviated as (SSL) to transfer sensitive data, such as credit card numbers and other personal information, between a client and server.
🗑
|
||||
| show | _____ is one of the most common methods of obtaining inside and classified information is directly or indirectly from an individual, usually an employee.
🗑
|
||||
| show | A _____ is a failure of a program that occurs when an unexpected ordering of events in the execution of the program results in a conflict over access to the same system resource.
🗑
|
||||
| show | _____ occurs when developers fail to properly validate user input before using it to query a relational database.
🗑
|
||||
| show | _____ is one of the biggest challenges in private key systems, which involve two users sharing the same key, is securely getting the key to the other party.
🗑
|
||||
| laws | show 🗑
|
||||
| ethics | show 🗑
|
||||
| liability | show 🗑
|
||||
| show | _____ standards are met when an organization makes sure that every employee knows what is acceptable or unacceptable behavior, and knows the consequences of illegal or unethical actions.
🗑
|
||||
| show | _____ requires that an organization make a valid effort to protect others and continually maintains this level of effort.
🗑
|
||||
| jurisdiction | show 🗑
|
||||
| policy | show 🗑
|
||||
| policy | show 🗑
|
||||
| 1. dissemination (distribution), 2. review (reading), 3. comprehension (understanding), 4. compliance (agreement), 5. uniform enforcement | show 🗑
|
||||
| show | _____ is when an organization must be able to demonstrate that the relevant policy has been made readily available for review by the employee.
🗑
|
||||
| review | show 🗑
|
||||
| show | _____ is when an organization must be able to demonstrate that the employee understood the requirements and content of the policy. Common techniques include quizzes and other assessments.
🗑
|
||||
| compliance | show 🗑
|
||||
| show | _____ is when an organization must be able to demonstrate that the policy has been evenly applied, regardless of employee status or assignment.
🗑
|
||||
| show | _____ comprises a wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organizational entities and people.
🗑
|
||||
| criminal law | show 🗑
|
||||
| private law | show 🗑
|
||||
| The Computer Fraud and Abuse Act of 1986 (CFA Act) | show 🗑
|
||||
| USA Patriot Act of 2001 | show 🗑
|
||||
| Computer Security Act of 1987 | show 🗑
|
||||
| The Federal Privacy Act of 1974 | show 🗑
|
||||
| Electronic Communications Privacy Act of 1986 | show 🗑
|
||||
| The Fourth Amendment of the U.S. Constitution | show 🗑
|
||||
| Health Insurance Portability and Accountability Act Of 1996 (HIPAA) | show 🗑
|
||||
| show | _____ focuses on facilitating affiliation among banks, securities firms, and insurance companies. Specifically, this act requires all financial institutions to disclose their privacy policies on the sharing of nonpublic personal information.
🗑
|
||||
| The Fraud and Related Activity in Connection with Identification Documents, Authentication Features, and Information (Title 18, U.S.C. § 1028) | show 🗑
|
||||
| Economic Espionage Act in 1996 | show 🗑
|
||||
| The Security and Freedom through Encryption Act of 1999 | show 🗑
|
||||
| show | _____ affects the executive management of publicly traded corporations and public accounting firms. This law seeks to improve the reliability and accuracy of financial reporting.
🗑
|
||||
| The Freedom of Information Act | show 🗑
|
||||
| show | _____ created an international task force to oversee a range of security functions associated with Internet activities for standardized technology laws across international borders.
🗑
|
||||
| show | _____ introduced intellectual property rules into the multilateral trade system. It is the first significant international effort to protect intellectual property rights.
🗑
|
||||
| Digital Millennium Copyright Act (DMCA) | show 🗑
|
||||
| show | The _____ depends on the value of the information obtained and whether the offense is judged to have been committed:
1. For purposes of commercial advantage
2. For private financial gain
3. In furtherance of a criminal act
🗑
|
||||
| privacy | show 🗑
|
||||
| show | _____ is created by combining pieces of non private data—often collected during software updates and via cookies—that when combined may violate privacy.
🗑
|
||||
| show | The Federal Trade Commission (FTC) describes _____ is “occurring when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.”
🗑
|
||||
| fair use | show 🗑
|
||||
| ignorance, accident, and intent | show 🗑
|
||||
| show | Laws and policies and their associated penalties only deter if three conditions are present:
🗑
|
||||
| show | The _____ was created in 2003 by the Homeland Security Act of 2002, which was passed in response to the events of September 11, 2001.
🗑
|
||||
| National InfraGard Program | show 🗑
|
||||
| the Secret Service | show 🗑
|
Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Created by:
kimberjingle
Popular Computers sets