Upgrade to remove ads
Terms in this set (56)
Managing the access to a computer system/network. It includes procedures such as account administration, account maintenance, account monitoring and the revocation of an account.
A software security method performed by operating system software that locks any account when a user fails a login attempt more than a set number of times. For example, system software can be set up to lock an account for several hours if the user fails the login three consecutive times in a set time frame.
Software designed to prevent, detect and eradicate malicious software, such as a virus or a worm
Software that is designed to detect computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous.
Something that is of value to a person, an organisation or a state, e.g. data, finance and secrets that should be secured against cyber security incidents.
Individuals or organisations that target computer systems/networks illegally.
A record of activities on a computer system/network, for example, a record of modifications to data or access to parts of a system/network.
Data/information stored on a computer system/network must be available to authorised users and organisations and be protected from unauthorised deletion.
Access to a computer system/network using technologies that measure and analyse human body characteristics for authentication purposes, such as DNA, fingerprints, retinas, voice patterns, facial patterns and hand measurements.
A network of computers infected with malicious software and controlled without the owners' knowledge, for example, to send spam or hoax emails.
Business continuity plan
A plan to continue operations that an organisation will follow if it is affected by a cyber security incident
Information stored on a computer system/network must be protected against unintended or unauthorised access. Data confidentiality is a measure of the ability of a system to protect its data.
An individual who commits illegal activities using computers and the Internet.
Illegal activities dependent on the use of computers and the Internet, such as hacking or the distribution of malware on a network.
Illegal activities that could be undertaken without the use of computers, such as fraud but that are enabled by the use of computers, such as fraudulently obtaining money for goods online.
Refers to technologies, processes and practices designed to protect computers, networks, software and data from attack, damage or unauthorised access and aims to protect data confidentiality, integrity and availability.
Cyber security incident
An unwanted/unexpected event, such as an intrusion into a computer system/network, such as the spread of malware.
Cyber security incident report
A report that documents the details of a cyber security incident, such as the type of incident, when it occurred, how it was performed, etc.
Denial of service
An attempt to disrupt a network/business/organisation by issuing more requests than a system is able to cope with, it can be performed with malicious intent or as a protest.
Disaster recovery plan
A plan that documents a set of procedures for an organisation to follow in order to recover and protect a computer system and its data in the event of a cyber security incident.
A method that is used to attempt to ensure data security by use of encrypted (secret) code. In order to read the contents of an encrypted message or file, someone must have access to a secret key or password that will enable them to decrypt the message or file.
Escalation of privileges
Exploiting a weakness or weaknesses in an operating system or software application, such as a bug, design flaw or configuration oversight and gaining elevated access to resources that are normally protected.
An individual who attempts to penetrate a computer system/network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit. He or she is also known as a white hat hacker. He or she can also work alone.
Software that is designed to protect a computer system/network from unauthorised access and intrusion.
A method that is used to test the security of software.
A method of gaining unauthorised access to a computer system/network.
An individual who gains unauthorised access to a computer system/network.
An individual who gains unauthorised access to computer system/network for social or political purposes.
Usually an email message warning recipients of a non-existent threat, usually forging quotes supposedly from authorities such as Microsoft and IBM.
Decoy servers or computer systems that are set up to gather information on intruders or attackers of computer systems/networks.
Software that runs on a single host computer that restricts incoming and outgoing network activity for that host computer only. It can be used to prevent a host computer from becoming infected and stop infected host computers from spreading malware to other hosts computers.
An individual working inside an organisation, a trusted employee, who performs an illegal action, such as hacking.
Integrity of data aims to protect data from unauthorised modification.
Intrusion detection system
Software that monitors network or system activities for unexpected or malicious activities.
Intrusion prevention system
Software that examines network traffic flows to detect and prevent vulnerability exploits.
Software that is designed to cause disruption or damage to data and/a computer system/network.
To lessen an impact, for example, the impact of a cyber security incident or a risk.
Acquiring, testing and installing code changes or patches to software on a computer system/network.
A software tool that tests a computer system/network to find vulnerabilities that could be exploited by an attacker.
An individual that attempts to acquire personal information, often for malicious reasons, such as fraud, by pretending to be a known and trusted individual or organisation.
The act of attempting to acquire personal information, often for malicious reasons, such as fraud, by pretending to be a known and trusted individual or organisation.
Ensures that an individual cannot deny the authenticity of their signature on a document or the sending of a message that they sent.
A threat to a computer system/network can result in a risk, for example, if a hacker gains access to a person's computer, there is a risk that data will be stolen.
This involves analysing a computer system or a set of procedures and assessing whether a system is at risk from a cyber incident due to weaknesses or vulnerabilities in software, hardware or procedures.
This refers to ensuring that risks are monitored carefully and mitigated against or eliminated from a computer system/network.
This is a security method for separating running programs on a computer system/network. It is often used to run untested code, or untrusted programs from unknown sources such as suppliers, untrusted users and untrusted websites.
An individual who attempts to gain, for example, money from another person by fraudulent means enabled by the use of computers and the Internet.
An individual who uses existing computer scripts or codes to hack into computer systems. They do not have the expertise to write their own code.
A digital signature is code that is attached to an electronically transmitted document to verify its contents and the sender's identity.
Hackers use this non-technical method to access computer systems/networks without authorisation. It involves fooling people into breaking normal security procedures, such as guarding their passwords and relies on manipulating the good nature of individuals.
Malware software that is designed to obtain covert information about someone else's computer activities by transmitting data covertly, from their hard drive, for example key logging software.
An action that when performed on a computer system/network can cause destruction or disruption, for example, a hack or malware.
Gaining access into a computer system/network illegally.
Malicious software which is capable of copying itself and corrupting computer systems/networks or destroying data.
Is a weakness in a computer system/network that can be exploited by a threat, for example, out of date anti-malware software can result in the threat of a malware attack. If a computer system/network's vulnerabilities can be found and dealt with, this will help to minimize threats and risks.
An individual who exploits a vulnerability or weakness in a computer system/network for gain, for example, a hacker.
THIS SET IS OFTEN IN FOLDERS WITH...
1.1 Holders of information - categories
BPA Computer Security
YOU MIGHT ALSO LIKE...
1.6 System Security
OTHER SETS BY THIS CREATOR
2.1 Threats to cyber security - key terms
Types of cyber attackers
OTHER QUIZLET SETS
Other fungi - Unit 2
Philosophy Final Review
A&P 1 Lab: 4
BUSFIN 3220 Exam 2 Conceptual 2