Chapter 2 Flashcards
(34 cards)
Organization Security
Without data, loses its record of transactions and /or ability to deliver value to customers.
What is a threat?
An object, person, or other entity that represents a constant danger to an asset.
64% of organizations had malware infections
14% indicated system penetration by an outsider.
What is information extortion? Describe how such an attack can cause loses?
Cyberextortion its an attack with a demand for money to stop the attack.
Cracker? Phreaker?
Cracker - cracks or removes software protection designed to prevent unauthorized duplication.
Phreaker - hacks the public telephone network.
Forces of Nature?
Disrupts storage, transmission, and use of information. Organizations must implement controls to limit damage and prepare contingency plans for continued operation.
Human Error or Failure?
Inexperience
Improper training
Incorrect assumptions
What happens because of employee mistakes?
Revelation of classified data, entry of erroneous data, accidental deletion or modification of data, storage of data in unprotected areas.
Information Extortion?
Steals information and asks for money, for its return or nondisclosure.
Credit cards.
Missing, Inadequate, or Incomplete
It can make organization vulnerable to loss, damage, or disclosure of information assets.
Sabotage or Vandalism
Cyberterrorism
Theft?
Illegal taking of another’s physical, electronic, or intellectual property.
Physical theft is controlled relatively easily.
Technical Hardware failures or error?
Distribution of flawed equipment.
Software failures?
Hidden faults
What is an attack?
Acts that exploits vulnerability.
Done by threat agent that damages or steals organization’s information.
Types of attacks?
Malicious code Hoaxes Back door Password crack Brute force Dictionary Denial of Service (DoS) Distributed Denial of Service (DDoS) Spoofing Man-in-the-middle. Spam Mail Bombing
What is malicious code?
Malicious code: viruses, worms, horses, web scripts, with intent to destroy or steal information.
What is hoaxes?
Hoaxes: transmission of a virus hoax with a real virus attached.
What is back door?
Backdoor: gaining access to system.
What password crack?
Password crack: attempting to reverse calculate a password.
What is brute force?
Trying every possible combination of options of a password.
What is dictionary?
Selects specific accounts to attack and uses commonly used passwords.
What is DoS?
Denial of Service:
large number of information requests to a target.
What is DDoS?
Distributed Denial of Service:
coordinated stream of requests is launched against target from many locations.
What is spoofing?
Intruder assumes a trusted IP address.
