Final Exam
Quiz yourself by thinking what should be in
each of the black spaces below before clicking
on it to display the answer.
Help!
|
|
||||
|---|---|---|---|---|---|
| Availability | ______________ enables authorized users-persons or computers systems to access information without inference or obstruction
🗑
|
||||
| Accuracy | Information has ______________ when it is free from mistakes or errors and it has the value that the end user expects
🗑
|
||||
| Authenticity | ______________ of information is the quality or state of being genuine
🗑
|
||||
| Confidentially | Information has ______________ when it is protected from disclosure or exposure to unauthorized individuals or systems
🗑
|
||||
| Integrity | Information has ______________ when it is whole, complete, and uncorrupted
🗑
|
||||
| Software piracy | The most common breach of software-based intellectual property is ______________
🗑
|
||||
| Virus | A ______________ consists of segments of code that performs malicious actions
🗑
|
||||
| Worm | A ______________ is a malicious program that replicates itself constantly, without requiring another program environment
🗑
|
||||
| Trojan Horses | ______________ are software programs that hide their true nature and reveal their design behavior only when activated
🗑
|
||||
| Espionage | When an individual gains access to information an organization is trying to protect, it is considered ______________
🗑
|
||||
| Hackers | ______________ are people who use and/or create computer software to gain access to information illegally
🗑
|
||||
| Human error | The category of threats that includes acts performed without intent or malicious purpose by an authorized user is ______________
🗑
|
||||
| Attack | A/n ______________ is an act that takes advantage of a vulnerability to compromise a controlled system
🗑
|
||||
| Phishing | ______________ is an attempt to gain personal or financial information from an individual usually by posing as a legitimate entity
🗑
|
||||
| Pharming | ______________ is the redirection of legitimate web traffic to an illegitimate site for the purpose of obtaining private information
🗑
|
||||
| Laws | ______________ are formally adopted rules for acceptable behavior
🗑
|
||||
| Civil | ______________ law governs a nation or state
🗑
|
||||
| Criminal | ______________ law addresses a violation that harms society
🗑
|
||||
| Private | ______________ law focuses on individual relationships
🗑
|
||||
| Public | ______________ law govern regulatory agencies
🗑
|
||||
| The protection of information (along with critical assets, hardware, and systems that use or transmit information) from threats, such as hackers or cyberterrorists. Physical security is when physical objects are safely guarded from improper access | What is security?
🗑
|
||||
| It is the criteria for what makes information of value to organizations. It has been the industry standard since the beginning of the mainframe. Confidentially, integrity, and availability. | Discuss the CIA Triangle
🗑
|
||||
| Software, Hardware, Data, Procedures, People, Networks | What are the 6 major components of information systems?
🗑
|
||||
| The bottom-up is when grassroots efforts attempt to change (not often successful). Top-down is when corporate-level top employees do it (normally successful) | Describe the bottom-up and top-down approach to information security
🗑
|
||||
| SEE PAGE 44 FOR THREATS | List 10 of the 14 categories of threats
🗑
|
||||
| Protects the organization's ability to function Enables the safe operation of applications in the IT systems Protects the data the organization uses and collects Safeguards the company's technological assets | What are the functions (4) that information security performs for an organization?
🗑
|
||||
| 1. 2. 3. Probability that penalty will be administered | What do we do to make laws and penalties a deterrent?
🗑
|
||||
| A vulnerability is a risk in the system that has the potential to be exploited by threats. Exposure is when those vulnerabilities become public. Attacking is the act of taking advantage of a vulnerability to compromise a controlled system. | What is the difference between an exposure, vulnerability, and attack?
🗑
|
||||
| Telecommunications Deregulation and Competition Act | Regulates interstate and foreign telecommunications
🗑
|
||||
| Freedom of Information Act | Allows for the disclosure of previously unreleased information and documents controlled by the US government
🗑
|
||||
| Federal Privacy Act | Governs federal agency use of personal information
🗑
|
||||
| Electronic Communications Privacy | Regulates interception and disclosure of electronic information
🗑
|
||||
| Computer Fraud and Abuse Act | Defines and formalizes laws to counter threats from computer-related acts and offenses.
🗑
|
||||
| Economic Espionage Act | Prevents abuse of information gained while employed elsewhere
🗑
|
||||
| Security and Freedom through Encryption Act | Affirms the rights of persons in the United States to use and sell products that include encryption and relax export controls on such products
🗑
|
||||
| Identity Theft and Assumption Deterrence Act | Attempts to instigate specific penalties for identity theft
🗑
|
||||
| Gramm-Leach-Bliley Act | Repeals the restriction on banks affiliating with insurance and security firms
🗑
|
||||
| SOX | Enforces accountability for executives at publicly traded companies
🗑
|
||||
| Risk | Each threat must be examined to assess the potential to endanger an organization. This examination is known as a/n ______________ assessment.
🗑
|
||||
| Likelihood | ______________ is the probability that a specific vulnerability will be the object of a successful attack
🗑
|
||||
| Residual | ______________ risk is the risk that remains even after the application of controls
🗑
|
||||
| Policies | ______________ are documents that specify an organization's approach to security
🗑
|
||||
| Defense in depth | The layered approach to security is called ______________
🗑
|
||||
| Security perimeter | A/n ______________ defines the boundary between the outer limit of an organization's security and the beginning of the outside world
🗑
|
||||
| Firewall | A/n ______________ is a device that selectively discriminates against information flowing into or out of the organization
🗑
|
||||
| DMZ | A buffer against outside attacks is considered a/n ______________
🗑
|
||||
| Mandatory access | ______________ controls give users and data owners limited control over access to information
🗑
|
||||
| Role based | ______________ controls are tied to the role a user performs in an organization
🗑
|
||||
| Task based | ______________ controls are tied to the assignment or responsibility of the user
🗑
|
||||
| Intrusion | A/n ______________ occurs when an attacker attempts to gain entry into or disrupt the normal operations of an information system
🗑
|
||||
| Intrusion detection | A/n ______________ works like burglar alarm to detect an attempt to break into your computer system
🗑
|
||||
| Intrusion prevention | A/n ______________ can detect an intrusion and prevent that intrusion
🗑
|
||||
| Host | A ______________ IDPS resides on a particular computer or server, known as the host, and monitors activity only on that system
🗑
|
||||
| Enterprise Security Plan | General security policy
🗑
|
||||
| System Specific Plan | Functions as standards or procedures to be used when configuring systems
🗑
|
||||
| DMZ | Boundary between the outer limit of an organization's security and the beginning of the outside world
🗑
|
||||
| Firewall | Device that discriminates against information flowing into or out of the organization
🗑
|
||||
| Proxy | Server performs services on behalf of another system
🗑
|
||||
| SETA | Control measure to reduce the incidences of accidental security breaches by employees
🗑
|
||||
| Incident Response Plan | Addresses the identification, classification, response, and recovery from an incident
🗑
|
||||
| Disaster Recovery Plan | Addresses the preparation from and recovery from a disaster
🗑
|
||||
| Business Continuity Plan | Ensures that critical business functions continue if disaster occurs
🗑
|
||||
| Static Packet Filtering | First generation firewalls
🗑
|
||||
| Application layer | Second generation firewalls
🗑
|
||||
| Transport Mode | Data within an IP packet is encrypted but not the header information
🗑
|
||||
| Tunnel | Mode the entire client packet is encrypted
🗑
|
||||
| Signature-based | IDPS examines network traffic in search of patterns that match known signatures
🗑
|
||||
| Statistical anomaly-based | IDPS collects statistical summaries by observing traffic that is known to be normal
🗑
|
||||
| Stateful | ______________ Protocol analysis compares predetermined profiles of benign activity against observed events to identify deviations
🗑
|
||||
| Deep packet inspection | examines packets at the application layer for information that indicates a possible intrusion
🗑
|
||||
| Honeypot | Decoy systems designed to lure potential attackers away from critical systems
🗑
|
||||
| Padded cell | A honeypot that has been protected so that it cannot be easily compromised
🗑
|
||||
| Trap-and-trace application | Combination of techniques to detect an intrusion and then trace it back to its source
🗑
|
||||
| Mitigate, Defend, Transfer, Accept, Control | What are the 5 basic risk control strategies?
🗑
|
||||
| General - direction of security within organization Issue specific - deals with individual issues surrounding security (email, acceptable use, etc...) System specific - deals with the system in general and its configuration | Name and discuss the three types of security policies
🗑
|
||||
| Something a user knows (Password, PIN #) Something a user has (Key card, computer chip) Something a user is (Retina, thumbprint) | There are three authentication mechanism. What are they and briefly describe each?
🗑
|
||||
| A particular user can have authorization for their specific area A group of users can have authorization for the resources they are using Authorization across multiple systems | Authorization can be handled in one of three ways. What are they?
🗑
|
||||
| Authentication, Encapsulation, and Encryption | A VPN that proposes to offer a secure and reliable capability must accomplish what three functionality regardless of protocols used.
🗑
|
||||
| Kerberos is a third party authentication program that uses a symmetric encryption. It has a database of keys between the client and the server. It issues temporary keys for users to gain access. | Explain how Kerberos works?
🗑
|
||||
| ?????????? | Define the technologies used in biometric authentication technologies?
🗑
|
||||
| Fingerprint, Iris, Retina | What are the three human characteristics considered truly unique?
🗑
|
||||
| Cryptanalysis | ______________ is the process of obtaining the original message from an encrypted message without knowing the algorithm and keys used to perform the encryption
🗑
|
||||
| Encryption | ______________ is the process of converting an original message into a form that is unreadable to unauthorized individuals
🗑
|
||||
| Decipher | To decrypt, decode, or convert, ciphertext into the equivalent plaintext is ______________
🗑
|
||||
| Encipher | To encrypt, encode, or convert, plaintext into the equivalent ciphertext is ______________
🗑
|
||||
| Transposition | The ______________ cipher simply rearranges the values with a block to create the ciphertext
🗑
|
||||
| Message access control | A ______________ allows only specific recipients (symmetric key holders) to access the message digest
🗑
|
||||
| Secure hash standard | The ______________ is a secure algorithm for computing a condensed representation of a message of a data file
🗑
|
||||
| Symmetric | Encryption methodologies that require the same secret key to encipher and decipher the message is considered ______________ encryption.
🗑
|
||||
| Assymetric | Encryption methodologies that require two different but related keys, and either key can be used to encrypt or decrypt the message is ______________ encryption
🗑
|
||||
| Nonreputation | Digital signature can be used to verify that the message was sent by the sender. This process is known as ______________
🗑
|
||||
| Steganography | The process of hiding information within a file is a modern version of ______________
🗑
|
||||
| Fail-safe | If a door lock fails and the door becomes unlocked, it is a/n ______________
🗑
|
||||
| Fail-secure | If a door lock fails and the door becomes locked, it is a/n ______________
🗑
|
||||
| TEMPEST | ______________ is a technology that prevents the loss of data that may result from the emission of electromagnetic radiation
🗑
|
||||
| Mantrap | ______________ is a small enclosure that has a separate entry and exit points
🗑
|
||||
| Tailgating | ______________ occurs when an authorized person present a key to open a door and other people with or without authorization may enter
🗑
|
||||
| Direct | A/n ______________ changeover involves stopping the old method
🗑
|
||||
| Phased | A/n ______________ implementation involves a measured rollout of the planned system
🗑
|
||||
| Pilot | In ______________ implementation, the entire security system is put in a single office as a test
🗑
|
||||
| Parallel | The ______________ operations strategy involves running the new methods alongside the old.
🗑
|
||||
| Information technology | When positioning the information security department within an organization, the model commonly used by large organizations places the information security department within the ______________ department
🗑
|
||||
| CIO | The ______________ is the executive in charge of the organization's information
🗑
|
||||
| CISO | The ______________ must direct the information security department
🗑
|
||||
| separation of duties | ______________ is used to reduce the chance of an individual violating information security and breaching the confidentiality, integrity, or availability of information.
🗑
|
||||
| least privilege | The principle that employees should be provided access to the minimum amount of information for them to perform their duties
🗑
|
||||
| rate of rise thermal detection fixed temperature | What are the three basic types of fire detection systems?
🗑
|
||||
| Temperature Filteration Humidity Static Electricity | What are the four environmental variables controlled by HVAC that can cause damage to information systems?
🗑
|
||||
| Direction Observation Interception of Transmission Electronic Intercepting | What are the three methods of data interception?
🗑
|
||||
| Getting Started/Planning Setting Goals/Actions Wrapping Up | What are the major steps in executing a project plan?
🗑
|
||||
| When the expected result and the measured result do no match, and there is significant deviation, the problem is investigated and fixed | What is a negative feedback loop?
🗑
|
||||
| Time and money Goals Resources | When executing a plan, a project manager can adjust one of three planning parameters, what are they?
🗑
|
||||
| Dates of Start/End Cost of Expenditures Cost of Non-Expenditures People to Work on the Program Goals to Worked On | Name 5 things that goes into a work breakdown structure
🗑
|
||||
| They're minerals, Marie! | Asymmetric vs Symmetric? Look 'em up!
🗑
|
Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Created by:
mgolf
Popular Computers sets