2.7 Managing Is & Privacy
Terms in this set (11)
What are the three sources of security threats?
1. Human error & mistakes
2. Malicious human activity
3. Natural events & disasters
What is unauthorized data disclosure?
Can occur by human error when someone inadvertently releases data in violation of policy.
What is "pretexting"?
Pretexting occurs when someone deceives by pretending to be someone else (ie. someone calls and pretends to be from credit card company and is checking on card)
What is "phishing"?
Similar to pretexting - phiser pretends to be an legitimate compandy and sends email requesting confidential data
What is "spoofing"?
Spoofing is another term for someone pretending to be someone else. Email spoofing is synonymn with phishing
What is "sniffing"?
Techinique for intercepting computer communications - usually wireless
What is "usurpation"?
When an unauthorized program invades a computer system and replaces legitimate programs
What is DOS?
Denial of Service
What are the three components of a security program for an organization?
1. Senior Mgmt must establish the security policy
2. Organization's response to security threats (Senior Mgmt must way cost vs risk)
3. Organizations planned response to security incidents
What is a "key escrow"
Security safety procedure - where a trusted party has a copy of the encryption key for secure data
What does security enforcement consist of? 3 independent factors?
1. Responsibility - define what security responsibilites are for each position
2. Accoutability - design to hold employees accountable
3. Compliance - regularly monitor for compliance for the policies