Week 1

avatar
Created by
Daniel Shogun

Cards (48)

  • Threat Environment - It consists of the types of attackers and attacks that companies face.
  • Confidentiality - The people cannot read sensitive information, either while it is on a computer or while it is travelling across a network.
  • Integrity - The attackers cannot change or destroy information, either while it is on computer or while it is travelling across a network.
  • Availability - The people who are authorized to use infromation are not prevented from doing so.
  • Compromises - When a threat succeeds in causing harm to a business. Successful attacks are called an incident or breach.
  • Countermeasures - These are the tools used to thwart attacks. it is also called safeguard and controls.
  • Preventive - A countermeasure keep attacks from succeeding
  • Detective - These countermeasures identify when a threat is attacking and especially when it is succeeding.
  • Corrective - These countermeasures get the business process back on track after a compromise.
  • Employee Sabotage - It is the destruction of hardware, software, or data. It can also have a financial motives or plant logic bomb on computer.
  • Employee Hacking - It is intentionally accessing a computer resource without authorization or in excess of authorization.
  • Employee Financial Theft - Misappropriation of assets / theft of money
  • Theft of Intellectual Property - Copyrights and patents, Trade secrets.
  • Employee Extortion - The perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim's interest.
  • Sexual or Racial Harassment of Other Employees - Displaying pornographic material via e-mail etc.
  • Employee Computer and Internet Abuse - Downloading pornography, which can lead to sexual harrassment lawsuits and viruses and also downloading pirated software, music etc. that lead to copyright violation penalties and excessive use of the internet at work
  • Non-internet Computer Abuse - It is the access to the sensitive personal information motivated by curiosity
  • Data Loss - Loss of laptops and storage media
  • Other Internal Attackers - Contract workers
  • Fraud - The attacker deceives the victim into doing something against the victims financial self-interest.
  • Corporate Identity Theft - Theft of a corporation's identity.
  • Public Information Gathering - Company website and public documents such as facebook pages of employees.
  • Trade Secret Espionage - It may only be litigated if a company has provided reasonable protection for those secrets
  • Trade Secret Theft - Bribing or hiring ex-employee or solicit or accept trade secrets
  • Cyberwar - It is based attacks by national governments
  • Cyberterror - It attacks by terrorists or terrorist groups
  • Unclassified Information - it is a designation to mark information that does not have potention to damage national security.
  • Controlled Unclassified Information - it is a government information must be handled using safeguarding or dissemination controls.
  • Personally Identifiable Information - It is an information that can be used to distinguish or trace an individual's identity, either alone or when combined with information is linked or linkable to a specific individual.
  • Classified Data - These are designated by the original classification authority as information that could reasonably be expected to cause a given level of damage to national security.
  • Spillage - It occurs when information is spilled from a higher classification or protection level to a lower classification or protection level.
  • Compromise - It occurs when a person who does not have the required clearance or access caveats comes into possession of SCI in any manner
  • Sensitive Compartmented Information - It is a program that segregates various types of classified information into distinct compartments for added protection and dissemination or distribution control.
  • Physical Security - it protects the facility and the information systems/infrastructure both inside and outside the building
  • Collateral Classified Spaces - Follow your organization's policy on mobile devices and peripherals within secure spaces where classified information is processed, handled, or discussed.
  • Identity Authentication - Moving toward using two factor authentication wherever possible.
  • Malicious Code - It can do damage by corrupting files, encrypting or erasing your hard drive, and/or allowing hackers access.
  • Social Engineering - It use telephone surveys, e-mail, messages, websites, text messages, automated phone calls, and in person interviews.
  • Internet Hoaxes - Clog networks, slow down internet, and be part of DDoS
  • Cookie - It is a text file that a web server stores on your hard drive.