Flashcards in Part 9 Deck (35)
No computer system is ____ or can be considered entirely secure.
immune from attacks
There are several reasons it is difficult to defend against today’s attacks. These reasons include the fact that virtually all devices are connected to the _____, the speed of the ____, greater sophistication of attacks, the availability and ____ of attack tools, faster detection of ____ by attackers, delays in ____, weak patch distribution, distributed attacks coming from multiple sources, and user ____.
Information security may be defined as that which protects the ( 3 items) of information on the devices that store, manipulate, and transmit the information through (3 items)
integrity, confidentiality, and availability
products, people, and procedures.
A ___ is an event or action that represents a danger to information assets, which is something that has value.
A ____ is a person or element that has the power to carry out a threat, usually by exploiting a vulnerability, which is a flaw or weakness.
A ___ is the likelihood that a threat agent will exploit the vulnerability.
The main goals of ___ are to prevent data theft, thwart identify theft, avoid the legal consequences of not securing information, maintain productivity, and foil cyberterrorism.
____ do their work by downloading automated attack software from Web sites and then using it to break into computers.
A ____ is a person who has been hired to break into a computer and steal information.
One of the largest information security threats to a business actually comes from its ____.
A new breed of computer attackers is known as ____, who are a loose-knit network of attackers, identity thieves, and financial fraudsters.
____ are motivated by their principles and beliefs, and turn their attacks to the network and computer infrastructure to cause panic among citizens.
There are a variety of types of attacks. Five general steps make up an attack:
probe for information, penetrate any defenses, modify security settings, circulate to other systems, and paralyze networks and devices.
Although multiple defenses may be necessary to withstand the steps of an attack, these defenses should be based on five fundamental security principles:
layering, limiting, diversity, obscurity, and simplicity.
The ability that provides tracking of events.
An item that has value.
The act of ensuring that an individual or element is genuine.
The steps that ensure that the individual is who they claim to be.
Security actions that ensure that data is accessible to authorized users.
Security actions that ensure only authorized parties can view the information.
Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information.
A premeditated, politically motivated attack against information, computer
systems, computer programs, and data that results in violence.
The act of taking advantage of a vulnerability.
A law that requires banks and financial institutions to
alert customers of their policies and practices in disclosing customer information.
Gramm-Leach-Bliley Act (GLBA)
A law designed to guard protected health information and implement policies and procedures to safeguard it.
Health Insurance Portability and Accountability Act (HIPAA)
Stealing another person’s personal information, such as a Social Security
number, and then using the information to impersonate the victim, generally for financial gain.
The tasks of securing information that is in a digital format.
Security actions that ensure that the information is correct and no unauthorized person or malicious software has altered the data.
The likelihood that a threat agent will exploit the vulnerability.