Information Security

Cards (100)

  • The more intangible costs of a breach include the loss of business from increased customer turnover - called customer churn - and decreases in customer trust.
  • _ can be defined as the degree of protection against criminal activity, danger, damage, and/or loss.
    security
  • _ refers to all of the processes and policies designed to protect an organization's information and information systems (IS) from unauthorized access, use, disclosure, disruption, modification, or destruction.
    Information Security
  • A _ to an information resource is any danger to which a system may be exposed.
    threat
  • The _ of an information resource is the harm, loss, or damage that can result if a threat compromises that resource.
    Exposure
  • An information resource's _ is the possibility that the system will be harmed by a threat.
    Vulnerability
  • These are the five key factors that are contributing to the increasing vulnerability of organizational information resources, making it much more difficult to secure them:
    1. Today's interconnected, interdependent, wirelessly networked business environment;
    2. Smaller, faster, cheaper computers and storage decides;
    3. Decreasing skills necessary to be a computer hacker;
    4. International organized crime taking over cybercrime; and
    5. Lack of management support
  • A/an _ is any network within your organization.
    Trusted Network
  • A/an _ is any network external to your organization.
    Untrusted Network
  • The reason is that the internet contains information and computer programs called _ that users with few skills can download and use to attack any information system connected to the internet.
    scripts
  • _ refers to illegal activities conducted over computer networks, particularly the internet.
    cybercrime
  • _ are acts performed without malicious intent that nevertheless represent a serious threat to information security.
    Unintentional Threats
  • _ is an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords.
    social engineering
  • _ is a technique designed to allow the perpetrator to enter restricted areas that are controlled with locks or card entry. The perpetrator follows closely behind a legitimate employee and, when the employee gains entry, the attacker asks him or her to "hold the door".
    tailgating
  • _ occurs when a perpetrator watches an employee's computer screen over the employee's shoulder. This technique is particularly successful in public areas such as in airports and on commuter trains and airplanes
    shoulder surfing
  • _ occurs when an unauthorized individual attempts to gain illegal access to organizational information.
    espionage or trespass
  • _ occurs when an attacker either threatens to steal or actually steals, information from a company. The perpetrator demands payment for not stealing the information, for returning stolen information, or for agreeing not to disclose the information.
    information extortion
  • _ are deliberate acts that involve defacing an organization's Web site, potentially damaging the organization's image and causing it customers to lose faith.
    Sabotage and Vandalism
  • One form of theft, known as ), involves rummaging through commercial or residential trash to find discarded information.
    dumpster diving
  • _ is the deliberate assumption of another person's identity, usually to gain access to his or her financial information or to frame him or her for a crime.
    identity theft
  • _ is the property created by individuals or corporations that is protected under trade secret, patent, and copyright laws.
    intellectual property
  • A _ is an intellectual work, such as a business plan, that is a company secret and is not based on public information.
    trade secret
  • A _ is an official document that grants the holder exclusive rights on an invention or a process for a specified period of time.
    patent
  • _ is a statutory grant that provides the creators or owners of intellectual property with ownership of the property, also for a designated period.
    copyright
  • segment of computer code that performs malicious actions by attaching to another computer program
    virus
  • segment of computer code that performs malicious actions and will replicate, or spread, by itself (without requiring another computer)
    worm
  • _ use deception to acquire sensitive personal information by masquerading as official-looking e-mails or instant messages.
    phishing attack
  • In _, attack the perpetrators find out as much information about an individual as possible to improve their changes that phishing techniques will obtain sensitive, personal information.
    spear phishing
  • An attacker sends so many information requests to a target computer system that the target cannot handle them successfully and typically crashes (ceases to function).
    denial-of-service attack
  • An attacker first takes over many computers, typically by using malicious software, These computers are called zombies or bots. The attacker uses these bots - which for a botnet - to deliver a coordinated stream of information requests to a target computer, causing it to crash.
    distributed denial-of-service attack
  • software programs that hide in other computer programs and reveal their designed behavior only when they are activated.
    trojan horse
  • typically a password, known only to the attacker, that allows him or her to access a computer system at will, without having to go through any security procedures (also called a trap door)
    back door
  • a segment of computer code that is embedded within an organization's existing computer programs and is designed to activate and perform a destructive action at a certain time or date.
    logic bomb
  • _ is a clandestine software that is installed on your computer through duplicitous methods.
    alien software
  • a software that causes pop-up advertisements to appear on your screen
    adware
  • _ is a software that collects personal information about users without their consent
    spyware
  • _, also known as keyloggers, record both your individual keystrokes and your internet web browsing history.

    keystroke loggers
  • _ is pestware that uses your computer as a launch pad for spammers.
    spamware
  • _ is an unsolicited e-mail, usually advertising for products and services.
    spam
  • _ are small amounts of information that Web sites store on your computer, temporarily or more or less permanently.
    cookies