Ch 8 Questions Flashcards
(25 cards)
What is the most common way ransomware attacks are conducted?
Phishing
Through malware through email
List 5 ways or controls a company can put in place to mitigate the risk of a ransomware attack.
Antivirus software on every server and machine
Education/Awareness messages
Email filter and security scanner is key in any company
Only corporate email
Secure all computers - Can’t install software, Disable external drives
How was the Solar Winds evet conducted? How does this differ from the most common type of ransomware attacks?
Russian hackers put malware in patches – infected all of the computers because every server has the agent running
Spying on government?
Happening for over a year before United States even noticed
No damage – gathering intelligence and spying
Who were prominent customers?
All agencies of the United States government
What are the components of an organizational framework for security and control?
General controls – govern the design, security, and use of computer programs and the security of data files in general throughout the organization’s information technology infrastructure
Ex. Software controls
Hardware controls
Computer operations controls
Data security controls
Implementation controls
Administrative controls
How to control common risks of eavesdropping on wireless connection?
Encryption
How to control common risks of stealing passwords?
Two-factor authentication
How to control common risks of phishing?
Training
Awareness
Education
Identity management is extremely important. How is this controlled?
AUP Policy
Authentication
Passwords
Tokens
2 Factor Authentication
Biometric Authentication
What is a denial of service attack?
Hackers flood a network server or web server with many thousands of false communications or requests for services to crash the network
The network receives so many queries that it cannot keep up with them and is thus unavailable to service legitimate requests
What is a denial of distributed service attack?
Uses numerous computers to inundate and overwhelm the network from numerous launch points
So many users trying to log on – filter out traffic and make sure they do not access network
How would malware get on your computer?
Operator error - download it
Phishing - emails and attachment
What is identity management?
Business processes and software tools for identifying the users of a program and controlling their access to system resources
What is and Acceptable Use Policy (AUP)?
Defines acceptable uses of the firm’s information and computing equipment, including desktop and laptop computers, wireless devices, telephones, and the Internet
What is authentication?
Refers to the ability to know that a person is who he or she claims to be
What are passwords?
Known only to authorized users, used to log onto a computer and system
What is a token?
A physical device, similar to an identification card, that is designed to prove the identity of a single user
What is biometric authentication?
Uses systems that read and interpret individual human traits, such as fingerprints, irises, and voices to grant or deny access
What is two-factor authentication?
Increases security by validating users through a multi-step process
What are firewalls?
Prevent unauthorized users from accessing private networks
A combination of hardware and software that controls the flow of incoming and outgoing network traffic
What is an intrusion detection system?
Full-time monitoring tools placed at the most vulnerable points or hotspots of corporate networks to detect and deter intruders
What is antivirus software?
Prevents, detects, and removes malware including computer viruses, computer worms, Trojan horses, spyware, and adware
What is an Information Systems Audit?
Examines the firm’s overall security environment as well as controls governing individual information systems
What is the risk assessment process?
Determines the level of risk to the firm is a specific activity or process is not properly controlled
What are application controls?
Specific controls unique to each computerized application
