Chapter 4

avatar
Created by
Ava B

Cards (91)

  • security: the degree of protection against criminal activity, danger, damage, or loss
  • information security: all of the processes and policies designed to protect an organization's information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction
  • a threat to an information resource is any danger to which a system may be exposed
  • the exposure of an information resource is the harm, loss, or damage that can result if a threat compromises that resource
  • an information resource's vulnerability is the possibility that a threat will harm that resource
  • five factors contributing to increasing vulnerability of organization information resources:
    1. today's interconnected, interdependent, wirelessly netowrked business environment
    2. smaller, faster, inexpensive computers and storage devices
    3. decreasing skills necessary to be a computer hacker
    4. international organized crime taking over cybercrime
    5. lack of management support
  • trusted network: any network within your organization
  • untrusted network: any network external to your organization
  • cybercrime: illegal activities conducted over computer networks
  • unintentional threats are acts performed without malicious intent that nevertheless represent a serious threat to information security
  • social engineering: an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords
  • tailgating: a technique designed to allow the perpetrator to enter restricted areas that are controlled with locks or card entry. the perpetrator follows closely behind a legitimate employee and when the employee gains entry, the attacker asks them to hold the door
  • shoulder surfing: occurs when a perpetrator watches an employee's computer screen over the employee's shoulder
  • espionage or trespass occurs when an unauthorized individual attempts to gain illegal access to organizational information
  • competitive intelligence consists of legal information gathering techniques that are used to gather information about competitors and their business activities
  • industrial espionage crosses the legal boundary such as theft of confidential data
  • information extortion occurs when an attacker either threatens to steal, or actually steals, information from a company. the perpetrator demands payment for not stealing the information, for returning stolen information, or for agreeing not to disclose the information
  • sabotage and vandalism are deliberate acts that involve defacing an organization's website, potentially damaging the organization's image and causing its customers to lose faith in the organization
  • dumpster diving involves rummaging through commercial or residential trash to find discarded information
  • identity theft is the deliberate assumption of another person's identity, usually to gain access to their financial information or to frame them for a crime
    techniques for illegally obtaining personal information may include:
    • stealing mail or dumpster diving
    • stealing personal information in computer databases
    • infiltrating organization that store large amounts of personal information
    • impersonating a trusted organization in an electronic communication
  • intellectual property is the property created by the individuals or corporations that is protected under trade secret, patent, and copyright laws
  • trade secret is an intellectual work, such as a business plan, that is a company secret and is not based on public information
  • a patent is an official document that grants the holder exclusive rights on an invention or a process for 20 years
  • copyright is a statutory grant that provides the creators or owners of intellectual property with ownership of the property, for the life of the creator plus 50 years
  • piracy: the copying of a software program without making payment to the owner
  • malware: software that is designed to cause damage to a computer system or to steal private information
  • virus: segment of computer code that performs malicious actions by attaching to another computer program
  • worm: segment of computer code that performs malicious actions and will replicate, or spread, by itself
  • phishing attack: use deception to acquire sensitive personal information by masquerading as official looking emails or instant messages
  • spear phishing: targets large groups of people. the perpetrators find out as much information as they can about an individual, tailoring their phishing attacks to improve the chances they will obtain sensitive, personal information
  • denial of service attack: an attacker sends so many information requests to a target computer system that the target cannot handle them successfully and typically crashes
  • distributed denial of service attack: a attacker first takes over many computers, typically by using malicious software. these computers are called zombies or bots. the attacker uses these bots to deliver a coordinated stream of information requests to a target computer, causing it to crash
  • trojan horse: software programs that hide in other computer programs and reveal their designed behaviour only when they are activated
  • back door: typically a password, known only to the attacker, that allows them to access a computer system at will, without having to go through any security procedures
  • logic bomb: a segment of computer code that is embedded within an organization's existing computer programs and is designed to activate and perform a destructive action under specific conditions, such as a certain time or date
  • ransomware/digital extortion: blocks access to a computer system or encrypts an organization's data until the organization pays a sum of money
  • ransomware as a service: ransomware developers distribute ransomware to any hacker who wants to use it
  • alien software is clandestine software that is installed on your computer through duplicitous methods. it can enable other parties to track your web surfing habits and other personal behaviours
  • adware: software that causes pop up advertisements to appear on your screen
  • spyware is software that collects personal information about users without their consent
    keystroke loggers
    screen scrapers