Chapter 5: Information Security: Protecting Information and Resources

Question 1

Information Security

Answer 1

protect organization data and IS from unauthorized access and use

Question 2

Costs of Information Security Breaches

Answer 2

stolen work, blackmail, money, damage to company property, clients and reputation, etc

Question 3

CIA Triangle

Answer 3

Confidentiality
Integrity
Availability

Question 4

Confidentiality

Answer 4

prevent disclosing information to anyone who is not authorized to access

Question 5

Integrity

Answer 5

accuracy and reliability of information resources within an organization

Question 6

Availability (3)

Answer 6

-computers and networks are operational
- users can obtain information required
- quick recovery in event of failure or disaster

Question 7

McCumber Cube and sides

Answer 7

3 dimensional cube to bring goals together
Side 1: Transmission, Storage, Processing
Side 2: Confidentially, Integrity, Availability
Slide 3. Human Factors, Privacy and Practice, Technology

Question 8

Threats: Spyware

Answer 8

software secretly gathers info about users

Question 9

Threats: Adware

Answer 9

Form of spyware, collects info about user to displays ads in web browser

Question 10

Threats: Phishing

Answer 10

Sending fraudulent emails appearing from legitimate sources. Not directed like spear phishing

Question 11

Threats: Pharming

Answer 11

hijack IP address of a website etc users who enter website are directed to fraudulent website

Question 12

Threats: Spear Phishing

Answer 12

target email scan with sole purpose of obtaining sensitive data from company, person or organization

Question 13

Threats: Baiting & Quid Pro Quo

Answer 13

get someone to fall for something out of their own curiosity or fear, cyber actors offer them something in return

Question 14

Keystroke Loggers
what are they
what can they be used for (3)

Answer 14

monitor and record keystrokes
1. track employees computer use
2. Malicious purposes
3. prevent antivirus and anti-spyware

Question 15

Threats: Sniffing

Answer 15

hackers capture and record network traffic

Question 16

Threats: Spoofing

Answer 16

gain access to network by posing as an authorized user, disguise their identity

Question 17

Threats: Virus

Answer 17

self-propagating program code and attaches itself to many files and will cycle when program is used

Question 18

Threats: Worm

Answer 18

virus or program that can independently spread without being attached to host program

Question 19

Threats: Trojan Programming

Answer 19

A code that is intended to disrupt a computer, network or website

Question 20

Threats: Logic Bomb

Answer 20

Type of trojan program, release destructive worm or code

Question 21

Threats: Backdoor

Answer 21

designer can bypass security and sneak back into system to access program or files

Question 22

Threats: Blended Threat

Answer 22

Public and private networks, combine threats, virus, worms and codes to evade

Question 23

RAM Scraping

Answer 23

Scans RAM (memory) to find sensitive saved data

Question 24

Credentialing

Answer 24

stealing passwords, logins

Question 25

USB Worms

Answer 25

Viruses stored on USB device

Question 26

Cryptojacking

Answer 26

Harnessing loose computing program to mine cryptocurrency

Question 27

Social Engineering

Answer 27

use peoples skills to trick others into revealing private information to break into networks and servers

Question 28

Denial of Service Attack (DoS)

Answer 28

Floods a network with service requests to prevent legitimate user's access to the system

Question 29

Distributed Denial of Service Attack (DDoS)

Answer 29

thousands of computer work together to bombard a website with thousands of requests causing it to halt

Question 30

Telephony Denial of Service (TDoS)

Answer 30

high volumes of automated calls to tie up a target phone system, company comes to a halt

Question 31

Types of Hackers and description (3)

Answer 31

Script Kiddies: Use for malicious intent but not as skilled Black Hats: Typical Hacker White Hacker: Ethical hacker given permission to determine vulnerability of the software/network

Question 32

Defence: First Step to Comprehensive Security System Fault-Tolerant Systems and examples (3)

Answer 32

Ensure availability in event of a system failure by using hardware and software - Uninterruptible Power Supply (UPS) - Redundant Array of Independent Disks (RAID) - Mirror Disk

Question 33

Defence: Access Controls

Answer 33

Designed to protect system from unauthorized access

Question 34

Biometric Security Measures and examples

Answer 34

Physiological element unique to person which cannot be stolen or copied

Question 35

Non Biometric Measures: Callback Moderns

Answer 35

Log user off and call back at predetermined number (working from home)

Question 36

Non Biometric Measures: Terminal Resource Security

Answer 36

erases the screen and signs user off automatically after a length of inactivity

Question 37

Non Biometric Measures: Intrusion Detect System

Answer 37

protect against internal and external acess

Question 38

Non Biometric Measures: Password

Answer 38

a login credential made up of text, keys, symbols and characters

Question 39

Physical Security measures: (4)

Answer 39

cable shielding electronic tracker steel encasements ID Badges

Question 40

Firewalls and what does it decide?

Answer 40

soft/hardware barrier between private network and external computer or network decides whether to allow transmission of data

Question 41

Firewall Actions (4)

Answer 41

reject, report, reply, accept,

Question 42

Types of Firewall: Packet-filtering firewall

Answer 42

examines every packet passing in/out of network

Question 43

Types of Firewall: Application-filtering firewall

Answer 43

controls use of applications like email

Question 44

Types of Firewall: Proxy Server

Answer 44

intermediary between two systems

Question 45

Virtual Private Network (VPN)

Answer 45

secure tunnel through the internet to transmit messages, information and data etc WawanesaLife VPN

Question 46

Data Encryption

Answer 46

Transform Data (plaintext) to scrambled form (ciphertext)

Question 47

Encryption Protocols (3)

Answer 47

1. Manage encryption and security over internet 2. secure socket layers 3. Transport Layer Security

Question 48

Types of Encryption: 2

Answer 48

Public Key Infrastructure: Asymmetric Equation Secret Key Encryption: Symmetric Equation