Part 1 Flashcards Preview

Information Security Fundamentals > Part 1 > Flashcards

Flashcards in Part 1 Deck (35)
Loading flashcards...
0

Building a Secure Organization

Building a secure organization is important to long- term success:

Maintaining a strong ______can take advantage of numerous benefits

Security posture

1

Maintaining a strong security posture can take advantage of numerous benefits namely:

Reduction in ______ being paid.

Insurance premiums

2

Maintaining a strong security posture can take advantage of numerous benefits namely:

Use its security program as a ____

marketing tool

3

Maintaining a strong security posture can take advantage of numerous benefits

You will not have to spend time and money identifying _____

security breaches

4

_____can cost an organization sig- nificantly through a tarnished reputation, lost business, and legal fees.

Security breaches

5

HIPAA

Health Insurance Portability and Accountability Act (HIPAA)

6

GLBA

Gramm-Leach-Bliley Act (GLBA)

7

Name three regulations that require businesses to maintain the security of information.

Health Insurance Portability and Accountability Act (HIPAA)

Gramm-Leach-Bliley Act (GLBA)

Sarbanes-Oxley Act,

8

OBSTACLES TO SECURITY

In attempting to build a secure organization, we should take a close look at the obstacles that make it challenging to build a totally secure organization.

Security Is _____

Inconvenient

9

Security, by its very nature, is inconvenient, and the more _______, the more inconvenient the process becomes.

robust the security mechanisms

10

Employees in an organization have a job to do; _________

they want to get to work right away

11

Most security mechanisms, from passwords to multifactor authentication, are seen as ____

roadblocks to productivity

Examples:

# whole disk encryption to laptop
# second login step
# lost productivity

12

To gain a full appreciation of the frustration caused by security measures security lines at any ____

airport

13

Security implementations are based on a _____;

Sliding scale

14

Security implementations are based on a sliding scale; one end of the scale is ____ , the other is _______.

total security and total inconvenience

And

total insecurity and complete ease of use


15

When we implement any security mechanism, it should be placed on the scale where the _______ match the ________ for the organization.

level of security and ease of use

acceptable level of risk


16

Computers Are Powerful and Complex

Most people are unfamiliar with the _____ and what goes on “behind the scenes.”

way computers truly function

Things such as the Windows Registry, ports, and services are completely unknown to most users and poorly understood by many computer industry professionals.

17

For example, many indi- viduals still believe that a Windows login password pro- tects data on a computer. On the contrary—

someone can simply take the hard drive out of the computer, install it as a slave drive in another computer, or place it in a USB drive enclosure, and all the data will be readily accessible.

18

Computers Are ____
Computer Users Are ____

Powerful and Complex
Unsophisticated

19

Computer Users Are Unsophisticated

Many computer users believe that because they are skilled at generating spreadsheets, word processing documents, and presentations, they “know everything about comput- ers.” These “_____” have moved beyond application basics, but many still do not understand even basic security concepts.

power users

20

Many users will indiscriminately ____ and visit _______despite the fact that these actions could violate company policies.

install software and questionable Web sites

21

The “bad guys”— people who want to steal information from or wreak havoc on computers systems—have also identified that the aver- age user is a ____.

weak link in the security chain

22

As companies began investing more money in perimeter defenses, attackers look to _____

the path of least resistance.

23

They send malware as attachments to email, ____

asking recipients to open the attachment.

24

Despite being told not to open attachments from unknown senders or simply not to open attachments at all, _____. The “I Love You Virus” spread very rapidly in this manner.

employees consistently violate this policy, wreaking havoc on their networks

25

Computers Created ____

Without a Thought to Security

26

Computers Created Without a Thought to Security

During the development of personal computers (PCs), _________ They were developed almost as curiosities.

no thought was put into security.

27

Even as they became more advanced and complex, all effort was focused on developing greater sophistication and capabilities; _____

no one thought they would have security issues.

28

_____ was not an issue back then

Security

29

The develop-ment of computers was focused on _____

what they could do, not how they could be attacked.