Final essay question
Cards (17)
- ISO/IEC 27002provides organizations with best practice recommendations on information security management and directs its recommendations to management and security personnel responsible for information security management systems
- How is ISO/IEC 27002 different from the previous ISO/IEC?ISO/IEC 27002 expands on its predecessor by adding two new sections and reorganizing several others. The ISO divides the new standard into 12 major sections
- Risk AssessmentFormal methods of identifying and classifying risks
- Security PolicyA statement of management direction
- Organization of Information SecurityGovernance of information security or how information security should be enforced
- Asset ManagementProcedures to acquire, classify, and manage information assets
- Human Resources SecuritySecurity guidelines for personnel joining, leaving, or moving within an organization
- Physical and Environmental SecurityProtection of computer facilities
- ComplianceEnsuring conformance with information security policies, standards, laws, and regulations
- What is PII?Personally Identifiable Information; personal data that most people consider sensitive, and could allow organizations (and others) to identify a person
- Examples of PII-First, middle, and last name-Home mailing address-Social Security numbers-Driver's license numbers-Financial account data, such as account numbers or personal identification numbers (PINs)-Health data and biometric data-Authentication credentials, such as logon or usernames and passwords
- Identity theftCybercriminals attack different websites or databases to find identifying information for individuals. Once they can find information, they can sell it to other criminals. Criminals of all types can use the credentials to impersonate others to take out loans; submit charges on credit cards; and even request ID cards to use for voting, benefits claims, and financial transactions.
- Cyberstalking /harassmentThe art of using online media and assets to harass individuals. Cyberbullies either threaten to soil an individual's online reputation or actually follow through with attacks with the intent of ruining another person. Cyberstalking and cyberbullying result in real-life consequences. Therefore, laws to confront cyberbullies save lives.
- Online fraudFraud crimes focus on extracting revenue from victims. To carry out fraud crimes, cybercriminals engage in a wide variety of activities to either impersonate victims or to convince victims to carry out transactions that benefit the criminals. Regardless of the tactics used, cybercriminals use the victim's assets for their own gains, to the detriment of the victim. In other words, cybercriminals always reduce their victims' position to enhance their own.
- Nonaccess computerA cybercriminal succeeds at crashing a target's critical functionality or otherwise stopping normal business from occurring can successfully interrupt normal (revenue-creating) processes from occurring or create a disruptive break. Stopping revenue-generating functions is punitive. If you can stop an organization from making money you've made a point.
- CyberterrorismTargets government and state actor targets. In recent history, many of the world's leading nations have been involved directly in operations to either deflect other nations' attacks or to offensively launch attacks on other entities. Regardless of the intent and origin, nation-state cyberattacks are the most pervasive and well-funded of all types of cybercrime
- Which of the following is least likely to be needed when rebuilding systems that were damaged during a disaster?Updating operating systems and applications with the most current patchesEnsuring there are adequate operating system licensesRestoring data to the recovery point objective (RPO)Activating access control rules, directories, and remote access systems to permit users to get on the new systemsEnsuring there are adequate operating system licenses