M8 Flashcards
(54 cards)
why systems are vulnerable?
- security
- controls
- accessibility of networks
- hardware problems
- software problems
- disasters
- use of networks/computers outside of firm’s control
- loss and theft of portable devices
Policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems
security
Methods, policies, and organizational procedures that ensure safety of organization’s assets; accuracy and reliability of its accounting records; and operational adherence to management standards
controls
internet vulnerabilities
network open to anyone
size of internet
use of fixed internet addresses with cable/DSL modems
unencrypted VOIP
email, P2P, IM (through interception, attachments, transmissions)
wireless security challenges
- radio frequency bands easy to scan
- SSIDs (Identify access points, broadcast multiple times, can be identified by sniffer programs)
- war driving
- rogue access points
a type of malware that disguises itself as a legitimate program or file to trick users into running it. needs user interaction to spread
trojan horse
malicious software that enters a user’s computer, gathers data from the device and user, and sends it to third parties without their consent
spyware
broader term encompassing any malicious software designed to harm a computer or network
malware
a cyberattack that injects malicious SQL code into an application, allowing the attacker to view or modify a database.
SQL injection attacks
a type of malware that encrypts a user’s data or locks access to a computer, demanding a ransom payment for its release
ransomware
a standalone malicious program that replicates itself and spreads automatically through a network without human interaction
worm virus or worm
use their technical skills for a range of purposes, including ethically identifying vulnerabilities and improving system security
hackers aka white hats
use those skills for malicious purposes like data theft or system disruption
aka black hats
activities involve in computer crime
system intrusion
system damage
cybervandalism - intentional, disruption, defacement, destruction of website or corporate IS
involves intercepting and analyzing network traffic. passive act of capturing data
sniffing
involves disguising a communication from an unknown source as being trustworthy or legitimate, often to gain access to sensitive information or systems.
spoofing
a network of internet-connected devices, including computers, servers, and IoT devices, that have been hijacked and infected with malware
botnet
floods a server with traffic, making a website or resource unavailable
Denial-of-service attacks (DoS)
a DoS attack that uses multiple computers or machines to flood a targeted resource
Distributed denial-of-service attacks
(DDoS)
unsolicited, unwanted messages or communications sent out in bulk, often with the intention of advertising, phishing, or spreading malwar
spam
who/what are the internal threats?
employees
what creates software vulnerability?
- commercial software as it contains flaws such as bugs, zero defects
- patches
this are small pieces of software to repair flaws and exploits often created faster than patches can be release and implemented
patches
- Evidence for white collar crimes often in digital form
- Proper control of data can save time and money when responding to legal discovery request
electronic evidence
