Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ITEC85A - Information Assurance AND Security 1 > Lecture 2 - > Flashcards

Lecture 2 - Flashcards

1
Q

Protects the organization’s ability to ?

Four important functions for an organization

The need for security

A

function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Enables the safe operation of applications implemented on the organization’s ?

Four important functions for an organization

The need for security

A

IT systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Protects the ? the organization collects and uses

Four important functions for an organization

The need for security

A

data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Safeguards the ? in use at the organization

Four important functions for an organization

The need for security

A

technology assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

?

is responsible

Protecting the ability to function

The need for security

A

Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Information security is a ?, ??

Protecting the ability to function

The need for security

A
  • a management issue
  • a people issue
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

?

must argue for information security in terms of impact and cost

Protecting the ability to function

The need for security

A

Communities of interest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

?

must argue for information security in terms of impact and cost

Protecting the ability to function

The need for security

A

Communities of interest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

?

must create integrated, efficient, and capable applications

Enabling safe operation

The need for security

A

Organizations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Organization need environments that ? applications

Enabling safe operation

The need for security

A

safeguard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

?

must not abdicate to the IT department its responsibility to make choices and enforce decisions

Enabling safe operation

The need for security

A

Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

One of the most valuable assets is ?

Protecting data

The need for security

A

data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Without ?, an organization loses its record of transactions and/or its ability to deliver value to its customers

Protecting data

The need for security

A

data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An effective ? is essential to the protection of the integrity and value of the organization’s data

Protecting data

The need for security

A

information security program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Organizations must have secure ? based on the size and scope of the enterprise

Safeguarding technology assets

The need for security

A

infrastructure services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Additional ? may have to be provided

Safeguarding technology assets

The need for security

A

security services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

More ? may be needed to replace security programs the organization has outgrown

Safeguarding technology assets

The need for security

A

robust solutions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Management must be informed of the various kinds of ? facing the organization

Threats to Information Security

A

threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A ? is an object, person, or other entity that represents a constant danger to an asset

Threats to Information Security

A

threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

By examining each ? in turn, management effectively protects its
information through policy, education and training, and technology controls

Threats to Information Security

A

threat category

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

12 Threats to Information security

Threats to Information Security

A
  1. Acts of human error or failure
  2. Compromises to intellectual property
  3. Deliberate acts of espionage or trespass
  4. Deliberate acts of information extrotion
  5. Deliberate acts of sabotage or vandalism
  6. Deliberate acts of theft
  7. Deliberate software attacks
  8. Forces of nature
  9. Deviations in quaity of service from service providers
  10. Technical hardware failures or errors
  11. Technical sortware failures or errors
  12. Technological obsolescence
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

?

Includes acts done without malicious intent

Threats to Information Security

A

Acts of human error or failure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

?, ??, ???, ????

(4) Caused by:

Acts of human error or failure

Threats to Information Security

A
  • Inexperience
  • Improper training
  • Incorrect assumptions
  • Other circumstances
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

?

are greatest threats to information security –They are closest to the organizational data

Acts of human error or failure

Threats to Information Security

A

Employees

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

?, ??, ???, ????, ?????

(5) Employee mistakes can easily lead to the following:

Acts of human error or failure

Threats to Information Security

A
  • Revelation of classified data
  • Entry of erroneous data
  • Accidental deletion or modification of data
  • Storage of data in unprotected areas
  • Failure to protect information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Many of these threats can be prevented with ?

Acts of human error or failure

Threats to Information Security

A

controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Situations of ? not delivered as expected

Deviations in quality of service by service providers

Threats to Information Security

A

product or services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

? depends on many inter-dependent support systems

Deviations in quality of service by service providers

Threats to Information Security

A

Information system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

?, ??, ???

(3) Three sets of service issues that dramatically affect the availability of information and systems are

Deviations in quality of service by service providers

Threats to Information Security

A
  • Internet service
  • Communications
  • Power irregularities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Loss of ? can lead to considerable loss in the availability of informtion

Internet service issues

Threats to Information Security

A

Internet service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

?, ??

(2) When an organization outsources its web servers, the outsourcer assumes responsiblity for

Internet service issues

Threats to Information Security

A
  • All internet services
  • The hardware and operating system software used to operate the web site
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

(6) Other utility services have potential impact.
Among these are

Communication and other services

Threats to Information Security

A
  • telephone
  • water & wastewater
  • trash pickup
  • cable television
  • natural or propane gas
  • custodial services
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

The threat of ? can lead to inability to function properly

Communication and other services

Threats to Information Security

A

loss of services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

?

can increase, decrease, or cease

Power irregularities

Threats to Information Security

A

Voltage levels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

?, ??, ???, ????, ?????, ??????

(6) Voltage levels can increase, decrease, or cease:

Power irregularities

Threats to Information Security

A
  • spike
  • surge
  • sag
  • brownout
  • fault
  • blackout
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

?

momentary increase

Power irregularities: Voltage levels

Threats to Information Security

A

spike

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

?

prolonged increase

Power irregularities: Voltage levels

Threats to Information Security

A

surge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

?

momentary low voltage

Power irregularities: Voltage levels

Threats to Information Security

A

sag

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

?

prolonged drop

Power irregularities: Voltage levels

Threats to Information Security

A

brownout

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

?

momentary loss of power

Power irregularities: Voltage levels

Threats to Information Security

A

fault

41
Q

?

prolonged loss

Power irregularities: Voltage levels

Threats to Information Security

A

blackout

42
Q

?

is susceptible to flucatuations, controls, can be applied to manage power quality

Power irregularities: Voltage levels

Threats to Information Security

A

Electronic equipment

43
Q

?

(3) Broad category of activities that breach confidentiality

Espionage/Trespass

Threats to Information Security

A
  • Unauthorized accessing of information
  • Competitive intelligence vs. espionage
  • Shoulder surfing can occur any place a person is accessing confidential information
44
Q

? accessing of information

Espionage/Trespass: Category of activities that breach confidentiality

Threats to Information Security

A

Unauthorized

45
Q

Competitive intelligence vs. ?

Espionage/Trespass: Category of activities that breach confidentiality

Threats to Information Security

A

Espionage

46
Q

?

can occur any place a person is accessing confidential information

Espionage/Trespass: Category of activities that breach confidentiality

Threats to Information Security

A

Shoulder surfing

47
Q

?

implemented to mark the boundaries of an organization’s virtual territory giving notice to trespassers that they are encroaching on the organization’s cyberspace

Espionage/Trespass: Category of activities that breach confidentiality

Threats to Information Security

A

Controls

48
Q

?

uses skill, guile, or fraud to steal the property of someone else

Espionage/Trespass: Category of activities that breach confidentiality

Threats to Information Security

A

Hackers

49
Q

?, ??

(2) Generally two skill levels among hackers

Espionage/Trespass

Threats to Information Security

A
  • Expert hacker
  • Script kiddies
50
Q

?

develops software scripts and codes exploits

Espionage/Trespass

Threats to Information Security

A

Expert hacker

51
Q

?

usually a master of many skills

Espionage/Trespass

Threats to Information Security

A

Expert hacker

52
Q

?

will often create attack software and share with others

Espionage/Trespass

Threats to Information Security

A

Expert hacker

53
Q

?

hackers of limited skill

Espionage/Trespass

Threats to Information Security

A

Script kiddies

54
Q

?

use expert-written software to exploit a system

Espionage/Trespass

Threats to Information Security

A

Script kiddies

55
Q

?

do not usually fully understand the systems they hack

Espionage/Trespass

Threats to Information Security

A

Script kiddies

56
Q

?, ??

(2) Other terms for system rule breakers

Espionage/Trespass

Threats to Information Security

A
  • Cracker
  • Phreaker
57
Q

?

an individual who “cracks” or removes protection designed to prevent unauthorized duplication

Espionage/Trespass

Threats to Information Security

A

Cracker

58
Q

?

hacks the public telephone network

Espionage/Trespass

Threats to Information Security

A

Phreaker

59
Q

?

is an attacker or formerly trusted insider stealing information from a computer system and demanding compensation for its return or non-use

Threats to Information Security

A

Information extortion

60
Q

?

found in credit card number theft

Information extortion

Threats to Information Security

A

Extortion

61
Q

Individual or group who want to deliberately ? the operations of a computer system or business, or perform acts of ?? to either destroy an asset or damage the image of the organization

Threats to Information Security

A
  • sabotage
  • vandalism
62
Q

These threats can range from ? to ??

Sabotage and Vandalism

Threats to Information Security

A
  • petty vandalism
  • organized sabotage
63
Q

Organizations rely on image so ? can lead to dropping consumer confidence and sales

Sabotage and Vandalism

Threats to Information Security

A

Web defacing

64
Q

Rising threat of hacktivist or cyber-activist operations – the most extreme version is ?

Sabotage and Vandalism

Threats to Information Security

A

cyber-terrorism

65
Q

? of another’s property - physical, electronic, or intellectual

Deliberate acts of theft

Threats to Information Security

A

Illegal taking

66
Q

The value of information suffers when it is ? and taken away without the
owner’s knowledge

Deliberate acts of theft

Threats to Information Security

A

copied

67
Q

?

can be controlled - a wide variety of measures used from locked doors to guards or alarm systems

Deliberate acts of theft

Threats to Information Security

A

Physical theft

68
Q

?

is a more complex problem to manage and control - organizations may not even know it has occurred

Deliberate acts of theft

Threats to Information Security

A

Electronic theft

69
Q

When an individual or group designs software to attack systems, they create malicious code/software called ?

Deliberate software attacks

Threats to Information Security

A

Malware

70
Q

?

Designed to damage, destroy, or deny service to the target systems

Deliberate software attacks

Threats to Information Security

A

Malware

71
Q

?

(9) (Malicious code/software) Includes

Deliberate software attacks

Threats to Information Security

A
  • Macro virus
  • Boot virus
  • Worms
  • Trojan horses
  • Logic bombs
  • Back door or trap door
  • Denial-of-service attacks
  • Polymorphic
  • Hoaxes
72
Q

?

is a computer program that attaches itself to an executable file or application

Deliberate software attacks

Threats to Information Security

A

Virus

73
Q

(Viruse) It can replicate itself, usually through an executable program attached to an ?

Deliberate software attacks

Threats to Information Security

A

e-mail

74
Q

The keyword is “?”. A virus can not stand on its own

Deliberate software attacks

Threats to Information Security

A

attaches

75
Q

You must prevent viruses from being installed on ? in your organizations

Deliberate software attacks

Threats to Information Security

A

computers

76
Q

There is no ? of preventing them from attaching themselves to your computer

Deliberate software attacks

Threats to Information Security

A

foolproof method

77
Q

?

compares virus signature files against the programming code of know viruses

Deliberate software attacks

Threats to Information Security

A

Antivirus software

78
Q

Regularly ? virus signature files is crucial

Deliberate software attacks

Threats to Information Security

A

update

79
Q

A ? is a computer program that replicates and propagates itself without having to attach itself to a host

Deliberate software attacks

Threats to Information Security

A

worm

80
Q

Most infamous worms are ? and ??

Deliberate software attacks

Threats to Information Security

A
  • Code Red
  • Nimda
81
Q

Cost businesses millions of dollars in damage as a result of ?

Deliberate software attacks

Threats to Information Security

A

lost productivity

82
Q

? and the time spent recovering lost data, reinstalling programming’s, operating systems, and hiring or contracting IT personnel

Deliberate software attacks

Threats to Information Security

A

Computer downtime

83
Q

?

disguise themselves as useful computer programs or applications and can install a backdoor or rootkit on a computer

Deliberate software attacks

Threats to Information Security

A

Trojan Programs

84
Q

?

are computer programs that give attackers a means of regaining access to the attacked computer later

Deliberate software attacks

Threats to Information Security

A

Backdoors or rootkits

85
Q

Trojan programs that use common ports, such as ?, or ??, are more difficult to detect

Deliberate software attacks: Challenges

Threats to Information Security

A
  • TCP 80
  • UPD 53
86
Q

Many ? can recognize port-scanning program or information leaving a questionable port

Deliberate software attacks: Challenges

Threats to Information Security

A

software firewalls

87
Q

Many Trojan programs use ? to conduct their exploits

Deliberate software attacks: Challenges

Threats to Information Security

A

standard ports

88
Q

?

A ?? sends info from the infected computer to the person who initiated the spyware program on your computer

Deliberate software attacks

Threats to Information Security

A
  • Spyware
  • Spyware program
89
Q

?

?? can register each keystroke entered

Deliberate software attacks

Threats to Information Security

A
  • Spyware
  • Spyware program
90
Q

?

Main purpose is to determine a user’s purchasing habits so that Web browsers can display advertisements tailored to that user

Deliberate software attacks

Threats to Information Security

A

Adware

91
Q

?

Slow down the computer it’s running on

Deliberate software attacks

Threats to Information Security

A

Adware

92
Q

?, ??

(2) Both programs can be installed without the user being aware of their presence

Deliberate software attacks

Threats to Information Security

A
  • Spyware
  • Adware
93
Q

?, ??

(2) Both programs can be installed without the user being aware of their presence

Deliberate software attacks

Threats to Information Security

A
  • Spyware
  • Adware
94
Q

?

Many U.S. government organizations make security awareness programs mandatory, and many private-sector companies are following their example

Protecting against deliberate software attacks

Threats to Information Security

A

Educating Your Users

95
Q

?

Email monthly security updates to all employees

Protecting against deliberate software attacks

Threats to Information Security

A

Educating Your Users

96
Q

?

Update virus signature files as soon as possible

Protecting against deliberate software attacks

Threats to Information Security

A

Educating Your Users

97
Q

?

Protect a network by implementing a firewall

Protecting against deliberate software attacks

Threats to Information Security

A

Educating Your Users

98
Q

?

Your approach to users or potential customers should be promoting awareness rather than instilling fear.

Protecting against deliberate software attacks

Threats to Information Security

A

Avoiding Fear Tactics

99
Q

?

When training users, be sure to build on the knowledge they already have

Protecting against deliberate software attacks

Threats to Information Security

A

Avoiding Fear Tactics

ITEC85A - Information Assurance AND Security 1 (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions