Study sets, textbooks, questions
Upgrade to remove ads
Principles of Information Security 5th Edition Chapter 2
Terms in this set (85)
Commonly used as a surrogate for information security, data security is the focus of protecting data or information in its various states - at rest (in storage), in processing, and in transmission (over network).
Data that has been organized, structured, and presented to provide additional insight into its context, worth, and usefulness.
The focus of information security; information that has value to the organization, and the systems that store, process, and transmit the information.
Items of fact collected by an organization.
A subset of information security that focuses on the assessment and protection of information stored in data repositories like database management systems and storage media.
An ongoing act against an asset that could result in a loss of its value.
A vulnerability that can be used to cause a loss to an asset.
A potential risk of an asset's loss of value.
A person or other entity that may cause a loss in an asset's value.
A potential weakness in an asset or its defensive control system(s).
intellectual property (IP)
The creation, ownership, and control of original ideas as well as the representation of those ideas.
the unauthorized duplication, installation, or distribution of copyrighted computer software, which is a violation of intellectual property.
An interruption in service, usually from a service provider, which causes an adverse event within an organization.
The percentage of time a particular service is not available.
service level agreement (SLA)
A document or part of a document that specifies the expected level of service form a service provider.
The percentage of time a particular service is available.
A long-term interruption (outage) in electrical power availability.
A long-term decrease in electrical power availability.
A short-term interruption in electrical power availability.
the presence of additional and disruptive signals in network communications or electrical power delivery.
A short-term decrease in electrical power availability.
A short-term increase in electrical power availability, also known as a swell.
A long-term increase in electrical power availability.
The collection and analysis of information about an organization's business competitors through legal and ethical means to gain business intelligence and competitive advantage.
The collection and analysis of information about an organization's business competitors, often through illegal or unethical means, to gain an unfair competitive advantage.
The direct, covert observation of individual information or system use.
A hacker who uses extensive knowledge of the inner workings of computer hardware and software to gain unauthorized access to systems and information.
A person who accesses systems and information without authorization and often illegally.
Escalating privileges to gain administrator-level control over a smartphone operating system.
A relatively unskilled hacker who uses the work of expert hackers to perform attacks.
A script kiddie who uses automated exploits to engage in denial-of-service attacks.
An information security professional with authorization to attempt to gain system access in an effort to identify and recommend resolutions for vulnerabilities in those systems.
The unauthorized modification of an authorized or unauthorized system user account to gain advanced access and control over system resources.
A hacker who conducts attacks for personal financial benefit or for a crime organization or foreign government.
Escalating privileges to gain administrator-level control over a computer system. Typically associated with Android OS smartphones.
A hacker of limited skill who uses expertly written software to attack a system.
Unauthorized entry into the real or virtual property of another party.
A hacker who intentionally removes or bypasses software copyright protection designed to prevent unauthorized duplication or use.
A hacker who manipulates the public telephone system to make free calls or disrupt services.
10.3 password rule
An industry recommendation for password structure and strength that specifies passwords should be at least 10 characters long and contain at least one uppercase letter, one lowercase letter, one number, and one special character.
brute force password attack
An attempt to guess a password by attempting every possible combination or characters and numbers in it.
Attempting to reverse-engineer, remove, or bypass a password or other access control protection, such as the copyright protection on software.
dictionary password attack
A variation of the brute force password attack that attempts to narrow the range of possible passwords guessed by using a list of common passwords and possibly including attempts based on the target's personal information.
A table of hash values and their corresponding plain text values that can be used to look up password values if an attacker is able to steal a system's encrypted password file.
advance-fee fraud (AFF)
A form of social engineering, typically conducted via e-mail, in which an organization or some third party indicates that the recipient is due an exorbitant amount of money and needs only a small advance fee or personal banking information to facilitate the transfer.
A form of social engineering in which the attacker provides what appears to be a legitimate communication (usually e-mail), but it contains hidden or embedded code that redirects the reply to a third-party site in an effort to extract personal or confidential information.
A form of social engineering in which the attacker pretends to be an authority figure who needs information to confirm the target's identity, but the real object is to trick the target into revealing confidential information.
The process of using social skills to convince people to reveal access credentials of other valuable information to an attacker.
Any highly targeted phishing attack.
The act of an attacker or trusted insider who steals information from a computer system and demands compensation for its return or for an agreement not to disclose the information.
A hacker who attacks systems to conduct terrorist activities via networks or Internet pathways.
Formally sanctioned offensive operations conducted by a government or state against information or systems of another government or state.
A hacker who seeks to interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.
malware intended to provide undesired marketing and advertising, including popups and banners on a user's screen.
A type of virus that targets the boot sector or Master Boot Record (MBR) of a computer system's hard drive or removable storage media.
A type of virus written in a specific macro language to target applications that use the language.
Computer software specifically designed to perform malicious or unwanted actions.
A virus that is capable of installing itself in a computer's operating system, starting when the computer is activated, and residing in the system's memory even after the host application is terminated.
A virus that terminates after it has been activated, infected its host system, and replicated itself.
Malware (a virus or worm) that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures.
Any technology that aids in gathering information about people or organizations without their knowledge.
A malware program that hides its true nature and reveals its designed behavior only when activated.
A type of malware that is attached to other executable programs. When activated, it replicates and propagates itself to multiple systems, spreading by multiple communications vectors.
A message that reports the presence of a nonexistent virus or work and wastes valuable time as employees share the message.
A type of malware that is capable of activation and replication without being attached to an existing program.
An automated software program that executes certain commands when it receives a specific input.
denial-of-service (DoS) attack
An attack that attempts to overwhelm a computer target's ability to handle incoming communications, prohibiting legitimate users from accessing those systems.
distributed denial-of-service (DDoS) attack
A DoS attack in which a coordinated stream of requests is launched against a target from many locations at the same time using bots or zombies.
An attack designed to overwhelm the receiver with excessive quantities of e-mail.
Undesired e-mail, typically commercial advertising transmitted in bulk.
Domain Name System (DNS) cache poisoning
The intentional hacking and modification of a DNS database to redirect legitimate traffic to illegitimate locations.
A group of attacks whereby a person intercepts a communications stream and inserts himself in the conversation to convince each of the legitimate parties that he is the other communications partner.
A software program or hardware appliance that can intercept, copy, and interpret network traffic.
The redirection of legitimate user Web traffic to illegitimate Web sites with the intent to collect personal information.
A technique for gaining unauthorized access to computers using a forged or modified source IP address to give the perception that messages are coming form a trusted host.
A form of man-in-the-middle attack whereby the attacker inserts himself into TCP/IP-based communications.
mean time between failure (MTBF)
The average amount of time between hardware failures, calculated as the total amount of operation time for a specified number of units divided by the total number of failures.
mean time to diagnose (MTTD)
The average amount of time a computer repair technician needs to determine the cause of a failure.
mean time to failure (MTTF)
The average amount of time until the next hardware failure.
mean time to repair (MTTR)
The average amount of time a computer repair technician needs to resolve the cause of a failure through replacement or repair of a faulty unit.
buffer overrun (or buffer overflow)
An application error that occurs when more data is sent to a program buffer than it is designed to handle.
An application error that occurs when user input is passed directly to a compiler or interpreter without screening for content that may disrupt or compromise the intended function.
cross-site scripting (XSS)
A Web application fault that occurs when an application running on a Web server inserts commands into a user's browser session and causes information to be sent to a hostile server.
A class of computational error caused by methods that computers use to store and manipulate integer numbers; this bug can be exploited by attackers.
The illegal taking of another's property, which can be physical, electronic, or intellectual.
Pascal seemed to think what Descartes could help him with his medical problems, but [while] this two-day visit, the two argued about the vacuum which Descartes did not believe in.
When cyber criminals are engaged in war driving, what are they looking for?
In the Gilbert-Kahl model of class structure, which of the social classes is most likely to be university educated?
The definition of disability as defined by the ADA (3)
Sets found in the same folder
Principles of Information Security, 5th Edition, C…
Principles of Information Security, 5th Edition Ch…
Principles of Information Security, 5th Edition Ch…
Principles of Information Security, 5th Edition, C…
Sets with similar terms
Chp02 INFO SYS TERMS
Chapter 2 Review
Ch 2 Set
Other Quizlet sets
HESI A2 - Critical Thinking
Carta 41 week 4 study guide Section 2
Orgo Lab 1
CJUS Criminal Procedure 3111
Match terms a-e with statements. a. population b. representative sample c. random sample d. sample e. survey. All those people with the characteristics the researcher wants to study within the context of a particular research question.
Think of an example of real and ideal culture in your school. Should the aspect of ideal culture be abandoned? Why or why not?
Summarize the five main characteristic of a minority.
Survival rates and loss of life pursuant to the famous Titanic sinking can be said to provide insight into social classes. Among first-class passengers, only 3 percent of women died and no children lost their lives. Among third-class passengers, 45 percent of the women died and 70 percent of children lost their lives. In total, 76 percent of the third class passengers died and 40 percent of first class passengers dies. Based on these passengers, what implications would you draw regarding the impact of social classes? Is it a relevant factor that third-class passengers were restricted to lower decks so they were farther away from the lifeboats than the first-class passengers were? Explain. Support your responses with information from the chapter?