module 1

avatar
Created by
zen

Cards (50)

  • Cybersecurity is a practice organizations use to protect their vulnerable technology
  • Informationsecurity is a practice organizations use to keep their sensitive data safe
  • Format Both information security and cybersecurity can include digital formats, but information security may also include non-digital formats.
  • Professional organizations may hire different professionals to manage their information security and cybersecurity.
  • Examples of Professionals
    System Administrator
    Cybersecurity Analyst
    Chief Information Officers
    IT Technicians
    Software Engineers
  • Procedure The primary similarity in procedures for information security and cybersecurity is that they're focused on keeping the organization safe. Organizations may maintain a list of best practices for both that employees can follow, such as only sending internal files through official company emails.
  • Confidentiality Sensitive data is accessible only to authorized personnel
  • Integrity sensitive data and the platform an organization uses to store it are up to date and well maintained.
  • Availability authorized personnel can reliably access the data when they need it
  • Equipment Because information security and cybersecurity occasionally have digital overlap, organizations can use computers to manage both.
  • Equipment that can use
    Servers
    Mobile devices
    Cloud storage
    Antivirus software
    Encryption tools
    Network security management tools
    Public key infrastructure
  • Access many organizations grant at least some access to the technologies they use to all employees, while reserving access to some controls for authorized personnel and IT professionals.
  • Priority most organizations highly prioritize information security and cybersecurity because it keeps their valuable assetssafe.
  • Expense the costs of managing information security and cybersecurity may vary, depending on how much an organization relies on technology or what format they use to store data.
  • Information Security Policy (ISP) is a set of rules that guide individuals when using IT assets.
  • Security threat A malicious act aimed at corrupting, stealing data, or disrupting systems.
  • Security event An occurrence where company data or network may have been exposed
  • Security incident An event leading to a data or network breach.
  • Inside Threat occur when individuals withauthorizedaccessto an organization's network misuse that access, whether in tentionally or unintentionally.
  • Viruses and Worms are types of malicious software(malware) targeting an organization's systems, data, and network.
  • Viruses and Worms computer virus replicates by copying itself to another program, system, or host file and remains dormant until activated.
  • Botnets comprises Internet-connected devices infected and remotely controlled by malware.
  • Threat Actors often cybercriminals, aim to infect numerous devices to utilize their computing power for hidden automated tasks.
  • Botnets are used for various malicious activities, including email spam, click fraud campaigns, and distributeddenial-of-service attacks.
  • . Drive-by download attacks malicious code is downloaded from a website without user permission or knowledge.
  • Drive-by download can inject banking Trojans, steal personal information, and introduce exploit kits or there malware to endpoints.
  • Phishing attacks utilize social engineering to trick users into divulging confidential information.
  • Phishing attacks Attackers send fake emails resembling legitimate sources, inducing users to take recommended actions like clicking links or opening attachments.
  • Phishing attacks These actions can lead users to fraudulent websites requesting personal information or installing malware on their devices.
  • Phishing attacks Malware installed through email attachments may store sensitive information, send out emails, or provide remote access to devices.
  • Distributed denial-of-service (DDoS) attacks multiple compromised machines collectively target a server, website, or network resource.
  • Distributed denial-of-service (DDoS) The attack floods the target with connection requests, incoming messages, or malformed packets.
  • Distributed denial-of-service (DDoS) The overwhelming volume of traffic causes the target system to slow down, crash, or shut down completely
  • Distributed denial-of-service (DDoS) This denial of service prevents legitimate users or systems from accessing the targeted resource.
  • Ransomware the victim's computer is locked through encryption, preventing access to the device or its data.
  • Ransomware spreads through malicious email attachments, infected software apps, compromised websites, and infected external storage devices.
  • Exploit kits is a tool allowing non-coders to create, customize, and distribute malware.
  • Exploit kits is referred to as infection kits, crimeware kits, DIY attack kits, or malware toolkits.
  • Exploit kits Cybercriminals use these kits to exploit system vulnerabilities, distributing malware or engaging in malicious activities like data theft, DDoS attacks, or bot net creation.
  • Advanced persistent threat is targeted cyberattack where an unauthorized intruder infiltrates a network and remains undetected for an extended period.