Forensic

avatar
Created by
Khin Htet Htet Htar

Cards (47)

  • Computer security refers to the protection of computer systems and the information a user stores or processes.
  • Security awareness training helps employees understand the importance of cyber security and teaches them how to identify potential threats and respond appropriately.
  • The term used initially for computer security was 'Computer Security', which then evolved into 'Information security' to include data and networks, and is now referred to as 'Cyber Security'.
  • Security awareness training helps protect the organization's data, systems, and networks from malicious attacks and cyber threats.
  • Information security means protecting information and information systems from unauthorized access, disruption, modification, or destruction in order to provide integrity, confidentiality, and availability.
  • Cyber Security is the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, theft, damage, modification or unauthorized access.
  • The term 'cyber security' refers to techniques and practices designed to protect digital data.
  • Cyber attacks can be extremely expensive for businesses to endure.
  • In addition to financial damage suffered by the business, a data breach can also inflict untold reputational damage.
  • Cyber-attacks these days are becoming progressively destructive.
  • Cybercriminals are using more sophisticated ways to initiate cyber attacks.
  • NIST standard lists confidentiality, integrity, and availability as the three security objectives for information and for information systems.
  • To be secured, information needs to be hidden from unauthorized access (confidentiality), protected from unauthorized change (integrity), can’t modify (availability).
  • Brute force is a type of attack which uses a trial and error method, generating a large number of guesses and validating them to obtain actual data like user password and personal identification number.
  • Man in the middle attacks allow an attacker to intercept the connection between client and server and act as a bridge between them, reading, inserting and modifying the data in the intercepted connection.
  • System-based attacks are intended to compromise a computer or a computer network, with examples including virus, worm, Trojan horse, backdoors, and bots.
  • Phishing is the act of fooling a computer user into submitting personal information by creating a counterfeit it website that looks like a real and trusted site.
  • Dictionary attacks store the list of a commonly used password and validate them to get original password.
  • URL Interpretation is a type of attack where certain parts of a URL are changed, making a web server deliver web pages for which the user is not authorized to browse.
  • Denial of Service is an attack which aims to make a server or network resource unavailable to the users, flooding the target with traffic or sending it information that triggers a crash.
  • Ransomware is a malware designed to deny a user or organization access to files on their computer by encrypting these files and demanding a ransom payment for the decryption key.
  • Cybercriminals use three primary phishing techniques to steal information: malicious web links, malicious attachments, and fraudulent data-entry forms.
  • Low level of Security Awareness, default computer and application settings, no or very little investment in security systems, not following any standard security policies or guidelines, increasing online activities, etc. are factors that make a system vulnerable.
  • Personal Identification Information, passwords, emails, intellectual property, business databases, contact information, working files, legal documents & contracts in electronic type are valuable items to protect.
  • Audit files, confidential files, hardware & software, credit and debit cards (ATM cards), privacy information are valuable items to protect.
  • Cyber-attacks can be classified into the following categories: web-based attacks and system-based attacks.
  • Web-based attacks are the attacks which occur on a website or web applications.
  • Injection attacks are a type of web-based attack in which some data is injected into a web application to manipulate the application and fetch the required information.
  • DNS Spoofing is a type of computer security hacking whereby a data is introduced into a DNS resolver's cache causing the name server to return an incorrect IP address, diverting traffic to the attackers computer or any other computer.
  • Cryptography, a word with Greek origin, means “secret writing”.
  • Steganography, with origins in Greek, means “covered writing”.
  • Network security protects networking infrastructure from data theft, unauthorized access, and manipulation.
  • Applications security includes the processes, practices, and tools used to identify, repair, and protect against vulnerabilities in applications, throughout the software development life cycle (SDLC).
  • Network segmentation for security involves dividing your network into regions by using firewalls as borders.
  • Access control includes authentication, authorization and audit.
  • Strong security architecture leads to fewer security breaches.
  • Access control is a data security process that enables organizations to manage who is authorized to access corporate data and resources.
  • Computer architecture, operating system, system architecture, security architecture, security models, cryptography, steganography, network security, network segmentation, applications security, legal regulations, compliance and investigations, digital forensics, physical and environmental security, business continuity planning, and best practices are all aspects of security architecture and design.
  • Secure access control uses policies that verify users are who they claim to be and ensures appropriate control access levels are granted to users.
  • Physical and environmental security are used to protect data and information, hardware, and human resource assets.