Study sets, textbooks, questions
Upgrade to remove ads
Computer Security and Reliability
AIS Ch14 Terms
Terms in this set (43)
Confidentiality, Integrity, Availability
CIA of Information
a self-replicating program that runs and spreads by modifying other programs or files
A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.
a non-self-replicating program that seems to have a useful purpose in appearance, but in reality has a different, malicious purpose
sending unsolicited bulk information
a collection of software robots that overruns computers to act automatically in response to the bot-herder's control inputs through the internet
Denial of Service (DoS)
The prevention of authorized access to resources (such as servers) or the delaying of time-critical operations.
software that is secretly installed into an information system to gather information on individuals or organizations without their knowledge; a type of malicious code
sending a network packet that appears to come from a source other than its actual source
manipulating someone to take certain action that may not be in that person's best interest, such as revealing confidential information or granting access to physical assets, networks, or information
Using algorithmic schemes to encode plaintext into nonreadable form. Preventive control providing confidentiality and privacy for data transmission and storage
Main factors of encryption
key length, encryption algorithm, key management
Both the sender and the receiver use the same key to encrypt and decrypt messages. Fast and suitable for encrypting large data sets or messages. Key distribution and key management are problematic because both the sender and the receiver use the same key to encrypt and decrypt messages.
To transmit confidential information, the sender uses the receiver's public key to encrypt the message; the receiver uses his or her own private key for decryption upon receiving the message. Also known as public-key encryption or two-key encryption. Slow and not appropriate for encrypting large data sets. The sender uses the receiver's public key to encrypt the message; the receiver uses his or her own private key for decryption upon receiving the message
A string of bits created with the private key and widely distributed and available to other users.
A string of bits kept secret and known only to the owner of the key.
A process that establishes the origin of information or determines the identity of a user, process, or device.
A symmetric key that is valid for a certain timeframe only.
A message digest of a document (or data file) that is encrypted using the document creator's private key.
Message digest (MD)
A short code, such as one 256 bits long, resulting from hashing a plaintext message using an algorithm.
A process to run an original document or data through an algorithm to generate a message digest.
Maintaining and assuring the accuracy and consistency of data during transmission and at storage.
Certificate Authority (CA)
A trusted entity that issues and revokes digital certificates.
A digital document issued and digitally signed by the private key of a Certificate Authority that binds the name of a subscriber to a public key.
A set of policies, processes, server platforms, software, and workstations used for the purpose of administering certificates and public-/private-key pairs, including the ability to issue, maintain, and revoke public-key certificates.
Three conditions exist for a fraud to be perpetrated: incentive, opportunity, and rationalization.
Provides a reason to commit fraud
Absence of controls, ineffective controls, or the ability of management to override controls
Attitude of fraudster
Acceptable use policy
Examples of Vulnerabilities within a Physical IT Environment
Excessive heat or humidity
Examples of Vulnerabilities within an Information System
logical access control failure
interruption of a system
Examples of Vulnerabilities within the Processes of IT operations
unintentional disclosure of sensitive information by employee
intentional destruction of information
inappropriate end-user computing
Main components of vulnerability management and assessment
uninterruptible power supply
A device using battery power to enable a system to operate long enough to back up critical data and shut down properly during the loss of power.
Redundant units providing a system with the ability to continue functioning when part of the system fails.
Using various techniques and methods to create a virtual (rather than actual) version of a hardware platform, storage device, or network resources.
Using redundant servers in multiple locations to host virtual machines.
Focuses on the impact of the cloud provider's controls on the user company's financial statements
SOC 1, SOC 2
provide evaluations on a broader set of controls relevant to the security, availability, processing integrity, confidentiality, or privacy implemented by the service provider
disaster recovery planning (DRP)
A process that identifies significant events that may threaten a firm's operations and outlines the procedures to ensure that the firm will resume operations when the events occur.
business continuity management (BCM)
The activities required to keep a firm running during a period of displacement or interruption of normal operations.
Both are important to firms because they are about whether the firms can continue their business or not
Other sets by this creator
Inverse Trig Graphs and Hyperbolic Funct…
AIS Ch 13-15 Terms
AIS Ch15 Terms
AIS Ch 13 Terms
Other Quizlet sets
chem exam 3
Chapter 6 - Calls for Service