Chapters 1-3
Help!
|
|
||||
|---|---|---|---|---|---|
| show | first widely recognized published document to identify the role of management and policy issues in computer security
🗑
|
||||
| Multiplexed Information and Computing Service (MULTICS) | show 🗑
|
||||
| show | In the late 1970s, the _____ brought the personal computer and a new age of computing. The PC became the workhorse of modern computing, thereby moving it out of the data center.
🗑
|
||||
| show | In general, _____ is “the quality or state of being secure—to be free from danger.” In other words, protection against adversaries—from those who would do harm, intentionally or otherwise—is the objective.
🗑
|
||||
| show | _____ protects physical items, objects, or areas from unauthorized access and misuse
🗑
|
||||
| show | _____ protects the individual or group of individuals who are authorized to access the organization and its operations
🗑
|
||||
| show | _____ protects the details of a particular operation or series of activities
🗑
|
||||
| show | _____ protects networking components, connections, and contents
🗑
|
||||
| show | _____ protects the confidentiality, integrity and availability of information assets, whether in storage, processing, or transmission. It is achieved via the application of policy, education, training and awareness, and technology
🗑
|
||||
| information security | show 🗑
|
||||
| show | Three characteristics of information that give it value to organizations:
🗑
|
||||
| access | show 🗑
|
||||
| show | An intentional or unintentional act that can cause damage to or otherwise compromise information and/or the systems that support it
🗑
|
||||
| show | Security mechanisms, policies, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve the security within an organization
🗑
|
||||
| show | An attempt on a system or other information asset by using it illegally for their personal gain or a documented process to take advantage of a vulnerability or exposure, usually in software
🗑
|
||||
| show | In information security, _____exists when a vulnerability known to an attacker is present.
🗑
|
||||
| loss | show 🗑
|
||||
| show | The entire set of controls and safeguards, including policy, education, training and awareness, and technology, that the organization implements (or fails to implement) to protect the asset
🗑
|
||||
| risk | show 🗑
|
||||
| show | A computer can be either the _____ (subject or object) of an attack—an agent entity used to conduct the attack—or the _____ (subject or object) of an attack—the target entity
🗑
|
||||
| threat | show 🗑
|
||||
| threat agent | show 🗑
|
||||
| show | A weaknesses or fault in a system or protection mechanism that opens it to attack or damage.
🗑
|
||||
| show | Critical Characteristics of Information: the value of information comes from the 7 characteristics it possesses:
🗑
|
||||
| show | _____ enables authorized users—persons or computer systems—to access information without interference or obstruction and to receive it in the required format
🗑
|
||||
| accuracy | show 🗑
|
||||
| authenticity | show 🗑
|
||||
| email spoofing | show 🗑
|
||||
| show | Pretending to be someone you are not is sometimes called _____ when it is undertaken by law enforcement agents or private investigators.
🗑
|
||||
| show | ____ is when an attacker attempts to obtain personal or financial information using fraudulent means, most often by posing as another individual or organization.
🗑
|
||||
| integrity | show 🗑
|
||||
| show | when a file is read by a special algorithm that uses the value of the bits in the file to compute a single large number
🗑
|
||||
| utility | show 🗑
|
||||
| show | The _____ of information is the quality or state of ownership or control. Information is said to be this if one obtains it, independent of format or other characteristics
🗑
|
||||
| information system (IS) | show 🗑
|
||||
| show | Six components of an Information System are:
🗑
|
||||
| hardware | show 🗑
|
||||
| show | _____ stored, processed, and transmitted by a computer system must be protected. _____ is often the most valuable asset possessed by an organization and it is the main target of intentional attacks
🗑
|
||||
| people | show 🗑
|
||||
| procedures | show 🗑
|
||||
| networking | show 🗑
|
||||
| show | To achieve balance and to operate an information system that satisfies the user and the security professional, the security level must allow _____, yet protect against threats
🗑
|
||||
| show | Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems. This is often referred to as a _____ approach.
🗑
|
||||
| show | The _____ approach—in which the project is initiated by upper-level managers who issue policy, procedures and processes, dictate the goals and expected outcomes, and determine accountability for each required action, has a high probability of success.
🗑
|
||||
| show | The _____ of the information security implementation must be documented and integrated into the organizational culture. They must be adopted and promoted by the organization’s management.
🗑
|
||||
| show | The _____ is a methodology for the design and implementation of an information system.
🗑
|
||||
| Investigation, Analysis, Logical Design, Physical Design, Implementation, Maintenance | show 🗑
|
||||
| show | The _____ phase begins with an examination of the event or plan that initiates the process. During the _____ phase, the objectives, constraints, and scope of the project are specified.
🗑
|
||||
| show | The _____ phase begins with the information gained during the investigation phase. This phase consists primarily of assessments of the organization, its current systems, and its capability to support the proposed systems.
🗑
|
||||
| logical design | show 🗑
|
||||
| show | During the _____ phase, specific technologies are selected to support the alternatives identified and evaluated in the logical design. This phase integrates various components and technologies.
🗑
|
||||
| show | In the _____ phase, any needed software is created. Components are ordered, received, and tested.
🗑
|
||||
| maintenance | show 🗑
|
||||
| show | The primary mission of an information security program is to ensure that systems and their contents _____ _____ _____.
🗑
|
||||
| 1. Protecting the organization’s ability to function 2. Enabling the safe operation of applications running on the organization’s IT systems 3. Protecting the data the organization collects and uses 4. Safeguarding the organization’s technology assets | show 🗑
|
||||
| show | Managing information security has more to do with _____ and its enforcement than with the technology of its implementation.
🗑
|
||||
| show | Even when transactions are not online, information systems and the data they process enable the creation and movement of _____. Therefore, protecting data in motion and data at rest are both critical aspects of information security.
🗑
|
||||
| size and scope | show 🗑
|
||||
| public key infrastructure (PKI) | show 🗑
|
||||
| firewall | show 🗑
|
||||
| show | _____ is an object, person, or other entity that presents an ongoing danger to an asset.
🗑
|
||||
| show | _____ is defined as “the ownership of ideas and control over the tangible or virtual representation of those ideas. _____ can be trade secrets, copyrights, trademarks, and patents.
🗑
|
||||
| show | unlawful use or duplication of software-based intellectual property.
🗑
|
||||
| show | Deliberate software attacks occur when an individual or group designs and deploys software to attack a system. Most of this software is referred to as _____. They damage, destroy, or deny service to the target systems.
🗑
|
||||
| virus | show 🗑
|
||||
| macro virus | show 🗑
|
||||
| worm | show 🗑
|
||||
| trojan horse | show 🗑
|
||||
| back door or trap door | show 🗑
|
||||
| show | A _____ threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures.
🗑
|
||||
| show | _____ are irregularities in Internet service, communications, and power supplies that can dramatically affect the accessibility of information and systems.
🗑
|
||||
| show | A momentary low voltage or sag, or a more prolonged drop in voltage, known as a _____, can cause systems to shut down or reset, or otherwise disrupt availability.
🗑
|
||||
| show | _____ is a well-known and broad category of electronic and human activities that can breach the confidentiality of information.
🗑
|
||||
| show | Some information gathering techniques are quite legal, for example, using a Web browser to perform market research. These legal techniques are called, collectively, _____.
🗑
|
||||
| hacker | show 🗑
|
||||
| script kiddies | show 🗑
|
||||
| packet monkeys | show 🗑
|
||||
| show | The term _____ is now commonly associated with an individual who cracks or removes software protection that is designed to prevent unauthorized duplication.
🗑
|
||||
| show | A _____ hacks the public telephone network to make free calls or disrupt services.
🗑
|
||||
| show | ______ are from inexperience, improper training, and incorrect assumptions by users of a system. These are the weakest links in a system.
🗑
|
||||
| show | _____ occurs when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. This is common in credit card number theft.
🗑
|
||||
| show | Missing, inadequate, or incomplete organizational _____ makes an organization vulnerable to loss, damage, or disclosure of information assets when other threats lead to attacks.
🗑
|
||||
| controls | show 🗑
|
||||
| sabotage / vandalism | show 🗑
|
||||
| show | _____ operations interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.
🗑
|
||||
| show | is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data which result in violence against noncombatant targets by subnational groups or clandestine agents
🗑
|
||||
| show | _____ is the illegal taking of anothers property, which can be physical, electronic, or intellectual
🗑
|
||||
| show | Shortcut access routes into programs that bypass security checks are called _____ and can cause serious security breaches.
🗑
|
||||
| show | A _____ attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information.
🗑
|
||||
| show | A ____ is an automated software program that executes certain commands when it receives a specific input.
🗑
|
||||
| show | _____ is “any technology that aids in gathering information about a person or organization without their knowledge. Spyware is placed on a computer to secretly gather information about the user and report it.
🗑
|
||||
| adware | show 🗑
|
||||
| brute force | show 🗑
|
||||
| dictionary | show 🗑
|
||||
| denial-of-service (DoS) | show 🗑
|
||||
| show | A _____ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.
🗑
|
||||
| show | _____ is a technique used to gain unauthorized access to computers, wherein the intruder sends messages with a source IP address that has been forged to indicate that the messages are coming from a trusted host.
🗑
|
||||
| man-in-the-middle / hijacking | show 🗑
|
||||
| show | _____is unsolicited commercial e-mail.
🗑
|
||||
| show | A _____is when an attacker routes large quantities of e-mail to the target.
🗑
|
||||
| show | A _____ is a program or device that can monitor data traveling over a network.
🗑
|
||||
| show | _____ is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker.
🗑
|
||||
| URL manipulation, web site forgery, and phone phishing | show 🗑
|
||||
| pharming | show 🗑
|
||||
| timing | show 🗑
|
||||
| software assurance | show 🗑
|
||||
| show | Commonplace security principle that says:
Keep the design as simple and small as possible
🗑
|
||||
| fail-safe defaults | show 🗑
|
||||
| open design | show 🗑
|
||||
| show | Commonplace security principle that says:
where feasible a protection mechanism should require two keys to unlock, rather than one
🗑
|
||||
| least privilege | show 🗑
|
||||
| least common mechanism | show 🗑
|
||||
| show | Commonplace security principle that says:
it is essential that the human interface be designed for ease of use so protection mechanisms be applied properly
🗑
|
||||
| show | Commonplace security principle that says:
every access to every object must be checked for authority
🗑
|
||||
| show | A _____ are used to manage mismatches in the processing rates between two entities involved in a communication process.
🗑
|
||||
| show | A buffer _____ is an application error that occurs when more data is sent to a program buffer than it is designed to handle.
🗑
|
||||
| command injection | show 🗑
|
||||
| cross site scripting (or XSS) | show 🗑
|
||||
| show | _____ are responsible for integrating access controls into, and keeping secret information out of, programs.
🗑
|
||||
| random number generators | show 🗑
|
||||
| show | Control Developers use a process known as _____ to ensure that the working system delivered to users represents the intent of the developers.
🗑
|
||||
| show | When an attacker changes the expected location of a file by intercepting and modifying a program code call, the attacker can force a program to use files other than the ones the program is supposed to use. This is called ______.
🗑
|
||||
| secure sockets layer | show 🗑
|
||||
| show | _____ is one of the most common methods of obtaining inside and classified information is directly or indirectly from an individual, usually an employee.
🗑
|
||||
| race condition | show 🗑
|
||||
| show | _____ occurs when developers fail to properly validate user input before using it to query a relational database.
🗑
|
||||
| unauthenticated key exchange | show 🗑
|
||||
| laws | show 🗑
|
||||
| ethics | show 🗑
|
||||
| liability | show 🗑
|
||||
| due care | show 🗑
|
||||
| show | _____ requires that an organization make a valid effort to protect others and continually maintains this level of effort.
🗑
|
||||
| show | Any court can assert its authority over an individual or organization if it can establish _____. That is, the court’s right to hear a case if a wrong is committed in its territory or involves its citizenry.
🗑
|
||||
| show | A _____ is a guideline that describes acceptable and unacceptable employee behaviors in the workplace. These function as organizational laws, complete with penalties, judicial practices, and sanctions to require compliance.
🗑
|
||||
| show | The difference between a policy and a law is that ignorance of a _____ is an acceptable defense.
🗑
|
||||
| 1. dissemination (distribution), 2. review (reading), 3. comprehension (understanding), 4. compliance (agreement), 5. uniform enforcement | show 🗑
|
||||
| show | _____ is when an organization must be able to demonstrate that the relevant policy has been made readily available for review by the employee.
🗑
|
||||
| show | _____ is when an organization must be able to demonstrate that it disseminated the document in an intelligible form such as alternate languages
🗑
|
||||
| comprehension | show 🗑
|
||||
| compliance | show 🗑
|
||||
| uniform enforcement | show 🗑
|
||||
| civil law | show 🗑
|
||||
| criminal law | show 🗑
|
||||
| private law | show 🗑
|
||||
| The Computer Fraud and Abuse Act of 1986 (CFA Act) | show 🗑
|
||||
| USA Patriot Act of 2001 | show 🗑
|
||||
| Computer Security Act of 1987 | show 🗑
|
||||
| The Federal Privacy Act of 1974 | show 🗑
|
||||
| Electronic Communications Privacy Act of 1986 | show 🗑
|
||||
| The Fourth Amendment of the U.S. Constitution | show 🗑
|
||||
| show | _____ protects the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data interchange.
🗑
|
||||
| show | _____ focuses on facilitating affiliation among banks, securities firms, and insurance companies. Specifically, this act requires all financial institutions to disclose their privacy policies on the sharing of nonpublic personal information.
🗑
|
||||
| show | _____ criminalizes creation, reproduction, transfer, possession, or use of unauthorized or false identification documents or document-making equipment.
🗑
|
||||
| Economic Espionage Act in 1996 | show 🗑
|
||||
| show | _____ provides guidance on the use of encryption and provides protection from government intervention.
🗑
|
||||
| show | _____ affects the executive management of publicly traded corporations and public accounting firms. This law seeks to improve the reliability and accuracy of financial reporting.
🗑
|
||||
| show | _____ allows any person to request access to federal agency records or information not determined to be a matter of national security.
🗑
|
||||
| show | _____ created an international task force to oversee a range of security functions associated with Internet activities for standardized technology laws across international borders.
🗑
|
||||
| show | _____ introduced intellectual property rules into the multilateral trade system. It is the first significant international effort to protect intellectual property rights.
🗑
|
||||
| show | _____ reduces the impact of copyright, trademark, and privacy infringement, especially when accomplished via the removal of technological copyright protection measures.
🗑
|
||||
| severity of the penalty | show 🗑
|
||||
| show | _____ is not absolute freedom from observation, but rather is a more precise “state of being free from unsanctioned intrusion.”
🗑
|
||||
| show | _____ is created by combining pieces of non private data—often collected during software updates and via cookies—that when combined may violate privacy.
🗑
|
||||
| identity theft | show 🗑
|
||||
| fair use | show 🗑
|
||||
| ignorance, accident, and intent | show 🗑
|
||||
| fear, probability of apprehension, probability of penalty administration | show 🗑
|
||||
| show | The _____ was created in 2003 by the Homeland Security Act of 2002, which was passed in response to the events of September 11, 2001.
🗑
|
||||
| show | Established in January 2001, the _____ began as a cooperative effort between the FBI’s Cleveland Field Office and local technology professionals.
🗑
|
||||
| the Secret Service | show 🗑
|
Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Created by:
kimberjingle
Popular Computers sets