Only $35.99/year

Terms in this set (29)

● Information classification
● Secure document storage
● Application of general security policies
● Education of information custodians and end users
● Data owners are those responsible for the security and use of a particular set of information. They are usually members of senior management and could be CIOs.● Data custodians work directly with data owners and are responsible for the storage, maintenance, and protection of the information. Depending on the size of the organization, the custodian may be a dedicated position, such as the CISO, or it may be an additional responsibility of a systems administrator or other technology manager.
The duties of a data custodian often include overseeing data storage and backups, implementing the specific procedures and policies laid out in the security policies and plans, and reporting to the data owner.
● Data users are end users who work with the information to perform their daily jobs supporting the mission of the organization, and who therefore share the responsibility for data security.
● Integrity means that information remains whole, complete, and uncorrupted. The integrity of information is threatened when the information is exposed to corruption, damage, destruction, or other disruption of its authentic state.
● Utility is the quality or state of having value for some purpose or end. To have utility, information must be in a format meaningful to the end user. For example, U.S.
Census data can be overwhelming and difficult to understand; however, the data, when properly interpreted, reveals information about the voters in a district; which political parties they belong to; their race, gender, and age; and so on.
● Possession is the ownership or control of some object or item. Information is said to be in one's possession if one obtains it, independent of format or other characteristics.
Privacy means that information is used in accordance with the legal requirements mandated for employees, partners, and customers. In the rush to protect data from theft or mischief, organizations often trample the rights of individuals. For example, customers may not want a company to use their names and personal information for marketing purposes. A comprehensive security strategy should take into account these privacy concerns.
● Cracker—An individual who "cracks" or removes software protection that is
designed to prevent unauthorized duplication or use
● Cyberterrorist—An individual or group that hacks systems to conduct terrorist
activities through a network or Internet pathway
● Hackers—Individuals who gain access to information or systems without explicit
authorization, often illegally
● Hacktivist or cyberactivist—Individuals who interfere with or disrupt systems to protest
the operations, policies, or actions of an organization or government agency
● Malicious code (malcode) or malicious software (malware) —Software components
or programs designed to damage, destroy, or deny service to the target systems.
Includes viruses, worms, Trojan horses, and an expanding taxonomy of other
malicious software, such as:
● Computer viruses—Segments of code that perform malicious actions, including
the following:
● Macro virus —One that is embedded in the automatically executing macro code
common in word processors, spread sheets, and database applications
● Boot virus —One that infects the key operating system files located in a computer's boot sector
● Worms—Malicious programs that replicate themselves constantly without
requiring another program to provide a safe environment for replication
(named for the tapeworms in John Brunner's novel The Shockwave Rider)
● Trojan horses—Software programs that reveal their designed behavior only when
activated, often appearing benign until that time
● Backdoor, trap door, or maintenance hook—A component in a system that
allows the attacker to access the system at will, bypassing standard login
controls
● Rootkit—Malicious software designed to operate with administrative access while
hiding itself from the operating system and monitoring tools
● Packet monkeys—Script kiddies who use automated tools to inundate a Web site
with a barrage of network traffic, usually resulting in a denial of service
● Phreaker—An individual who hacks the public telephone network to make free calls
or disrupt services
● Script kiddies—Hackers of limited skill who use expertly written software to attack a
system
● Shoulder surfing—Observing others' passwords by watching system login activities
● Software piracy—The most common IP breach, the unlawful use or duplication of
software-based intellectual property