Part 9 Flashcards Preview

Information Security Fundamentals > Part 9 > Flashcards

Flashcards in Part 9 Deck (35)
Loading flashcards...
0

No computer system is ____ or can be considered entirely secure.

immune from attacks

1

There are several reasons it is difficult to defend against today’s attacks. These reasons include the fact that virtually all devices are connected to the _____, the speed of the ____, greater sophistication of attacks, the availability and ____ of attack tools, faster detection of ____ by attackers, delays in ____, weak patch distribution, distributed attacks coming from multiple sources, and user ____.

Internet
attacks
simplicity
vulnerabilities
patching
confusion

2

Information security may be defined as that which protects the ( 3 items) of information on the devices that store, manipulate, and transmit the information through (3 items)

integrity, confidentiality, and availability
products, people, and procedures.

3

A ___ is an event or action that represents a danger to information assets, which is something that has value.

threat

4

A ____ is a person or element that has the power to carry out a threat, usually by exploiting a vulnerability, which is a flaw or weakness.

threat agent

5

A ___ is the likelihood that a threat agent will exploit the vulnerability.

risk

6

The main goals of ___ are to prevent data theft, thwart identify theft, avoid the legal consequences of not securing information, maintain productivity, and foil cyberterrorism.

information security

7

____ do their work by downloading automated attack software from Web sites and then using it to break into computers.

Script kiddies

8

A ____ is a person who has been hired to break into a computer and steal information.

computer spy

9

One of the largest information security threats to a business actually comes from its ____.

employees

10

A new breed of computer attackers is known as ____, who are a loose-knit network of attackers, identity thieves, and financial fraudsters.

cybercriminals

11

____ are motivated by their principles and beliefs, and turn their attacks to the network and computer infrastructure to cause panic among citizens.

Cyberterrorists

12

There are a variety of types of attacks. Five general steps make up an attack:

probe for information, penetrate any defenses, modify security settings, circulate to other systems, and paralyze networks and devices.

13

Although multiple defenses may be necessary to withstand the steps of an attack, these defenses should be based on five fundamental security principles:

layering, limiting, diversity, obscurity, and simplicity.

14

The ability that provides tracking of events.

accounting

15

An item that has value.

asset

16

The act of ensuring that an individual or element is genuine.

authorization

17

The steps that ensure that the individual is who they claim to be.

authentication

18

Security actions that ensure that data is accessible to authorized users.

availability

19

Security actions that ensure only authorized parties can view the information.

confidentiality

20

Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information.

cybercrime

21

A premeditated, politically motivated attack against information, computer
systems, computer programs, and data that results in violence.

cyberterrorism

22

The act of taking advantage of a vulnerability.

exploiting

23

A law that requires banks and financial institutions to
alert customers of their policies and practices in disclosing customer information.

Gramm-Leach-Bliley Act (GLBA)

24

A law designed to guard protected health information and implement policies and procedures to safeguard it.

Health Insurance Portability and Accountability Act (HIPAA)

25

Stealing another person’s personal information, such as a Social Security
number, and then using the information to impersonate the victim, generally for financial gain.

identity theft

26

The tasks of securing information that is in a digital format.

information security

27

Security actions that ensure that the information is correct and no unauthorized person or malicious software has altered the data.

integrity

28

The likelihood that a threat agent will exploit the vulnerability.

risk

29

A law designed to fight corporate corruption.

Sarbanes-Oxley Act (Sarbox)