hello quizlet
Home
Subjects
Expert solutions
Create
Study sets, textbooks, questions
Log in
Sign up
Upgrade to remove ads
Only $35.99/year
CIS 125 - Ch. 8
Flashcards
Learn
Test
Match
Flashcards
Learn
Test
Match
Terms in this set (68)
risk management
process of identifying, assessing and prioritizing information systems security risks
to devise the optimal risk mitigation strategy
What is the objective of risk management?
- accept
- migrate
- transfer
What is the response of risk management?
information security
Set of protections put in place to safeguard information systems and/or data from security threats
vulnerabilities
weaknesses in the organization's systems (including people), networks, and software
security threats
those persons or events that can potentially negatively affect the organization
risk management
____ __________ is about determining the potential risk that a threat will take advantage of a vulnerability
- legal and regulatory
- natural disasters
- pranksters
- criminals and terrorists
- viruses
- hackers
Examples of external security threats
- policies not followed
- data
- internal controls
- system development
- malicious employees
Examples of internal threats
- financial
- operational
- technological
- informational
What four types of risks are increased through security threats?
external threats + internal threats = increased risks
security threats equation
- management (not technology issue)
- asymmetrical warfare
- defense in depth
List the security concepts
management (not technology issue)
Top-to-Bottom Commitment in...
asymmetrical warfare
attacker only has to find one opening in...
defense in depth
Attacker must get past several defenses in...
- data
- data access policies and controls
- application access control
- network and host access control
List the access control levels of security. (from inner to outer)
- confidentiality
- integrity
- availability
(CIA)
List the three security goals.
confidentiality
information/data can only be accessed by individuals authorized to access them
integrity
data are consistent and complete
availability
system and/or data are available when they are needed
- authentication
- non-repudiation
List two other security goals
authentication
ensure that the parties involved are who they say they are
non-repudiation
making sure one cannot renege on their obligations
- confidentiality
- integrity
- availability
Security threats affect...
unauthorized access
illegal access to systems, applications, or data
unauthorized access
What is a prominent way in which a system's confidentiality can be compromised?
- password cracker - brute force attacks
- malware
- keystroke logger
- crypto-jacking
- sniffing
- software security holes
- web-based attacks
- creating false account information
- changing content of messages
- delay negotiations
List a few examples of hacking.
social engineering/phishing
tricking someone into giving out information or taking an action that reduces security or harms a system
- asking for a password claiming to be someone with rights to know it
- asking for a file to be sent to you
- listening to a lunch conversation
- opening a link to a dangerous website
- phishing emails from hackers pretending to be eBay.com, PayPal, Amazon.com, or even a bank
List a few examples of social engineering/phishing.
integrity
Hacking can also result in threats to...
availability
Damages done to the system are an attack on...
- careless behavior
- intentional
- natural disasters
List the threat vectors for Denial of Service (DoS)
Denial of Service
Legitimate users are denied access to a computer system, system shuts down
- flooding attacks, SYN flood attack
- smurfing attack
- logic attack
- distributed denial-of-service (DDOS)
List the denial-of-service attacks
malicious software (malware)
- usually target-of-opportunity attacks.
- Finds any weak system and any victim.
signature
particular bit patterns that can be recognized
- viruses
- trojan horses: some part is legitimate
- worms: propagate by themselves between hosts
- stealth: undetectable by virus scanners
- active content in web pages
- polymorphic: changes signature each time it is run
- macro virus
- spyware and ransomware
- spamming
List types of malware/malicious software
ransomware
installed on victim's computer via viruses, unauthorized access, or phishing
ransomware
attacks computer by encrypting data until an appropriate password is provided, given when a ransom is paid to the hacker
bitcoin
main currency used
cryptocurrency
- uses encryption
- relies on blockchain
blockchain
network where transactions do not require trust between parties. Individuals do not know who each other are (anonymous transactions)
- preventive
- corrective
- detective
Security controls are...
preventive
stop or limit security threat from happening in the first place (anti-virus scan)
corrective
repair damages after security problem has occurred (anti-virus quarantine)
detective
find or discover where and when security threats occurred (audit log)
- locks for laptops
- drive shredders to make sure that discarded disk drives cannot be read
- wiring closets are locked properly
- proper personnel have access to key information systems
Examples of physical security
- user profiles
- password concepts
- use principle of least privileges
List three components of logical security
- possession
- knowledge
- traits
User profiles have...
- directionary attacks
- password crackers
Password concepts have...
- password managers
- two-factor authentication (2FA)
List two password tools
password managers
- Applications users install on their devices to store and organize passwords
- Only remember one strong password to have access to database of their other passwords
- Encrypted (ensures strong passwords; might lead to vulnerability if database compromised)
two-factor authentication (2FA)
- Requires extra step to log into app or device
- First authentication factor: username, password
- Second authentication factor: app on trusted device (e.g., Google Auth or Duo), token, call, sms, or one-time verification codes
- antivirus software
- self-protection
List two types of virus protection
antivirus software
- signature-based (new viruses appear constantly
- behavioral-based protection tools
firewalls
Computer or a router that controls access in and out of the organization's or department's network, applications, or computers
- main firewall
- internal firewall
List the two types of firewalls
- asymmetric
- symmetric
(both can be used at the same time)
List the two types of encryption
asymmetric encryption
uses different keys to encrypt and decrypt messages
- public key encrypts messages (anyone can have it)
- private key decrypts messages (only owner has the private key)
symmetric encryption
same key is used to encrypt and decrypt data
- difficulty: how and with whom to share keys
- Virtual Private Network (VPN)
- web and credit card security
- strength of encryption is related to length of the key
How is encryption used in business?
- security certificates
- EMV chip card technology
- near field communications
How is web and credit card security carried out?
- larger keys are better
- commercially keys are > or = 256-bit
REMEMBER (regarding length of encryption keys)
- has encryption (WEP - wired equivalent privacy, WPA - Wi-Fi protected access, WPA-2)
- not broadcasting of network's ID (SSID)
- change default credentials
Wireless security...
security policies
describe what the general security guidelines are for an organization
security procedures
describe how to implement the security policies
- "All users must change their passwords every two months."
actions for the enforcement of procedures
A security policy should include a list of...
- education
- training
..... are very important to security policy success
Sets found in the same folder
CIS 125 - Ch. 1 Slides
29 terms
CIS 125 - Ch. 2 Slides
36 terms
CIS 125 - Ch. 3
34 terms
CIS 125 - Ch. 5
51 terms
Other sets by this creator
BLAW Ch. 5 - Moegle
56 terms
CIS 125 - Ch. 13
31 terms
CIS 125 - Ch. 9
35 terms
CIS 125 - Ch. 5, A&B, 7 Quizzes
30 terms
Verified questions
finance
Lakeland Company's payroll register has the following totals for the semimonthly pay period, May 1-15, of the current year. T accounts and a cash payments journal page are provided in the Working Papers. $$ \begin{matrix} \text{Total} & \text{Federal Income} & \text{Social Security} & \text{Medicare Tax}\\ \text{Earnings} & \text{Tax Withheld} & \text{Tax Withheld} & \text{Withheld}\\ \text{\$ 13,800.00} & \text{\$ 925.00} & \text{\$ 855.60} & \text{\$ 200.10}\\ \end{matrix} $$ Use the T accounts provided to analyze Lakeland's May 1-15 payroll.
economics
Tara wanted to start her own business. She knew that Thai food restaurants were very popular and she was an excellent cook of Thai food. She decided to start cooking dishes of Thai food and selling them to local people for dinner parties. She advertised in the local newspaper and used her own kitchen to prepare the food. Customers would ask her to cook a particular dish of their choice and she would cook it especially for them just how they wanted it. The food was extremely popular and soon she had many more orders for dinner parties than she could cope with and had to turn down customers. So Tara decided to rent a small factory unit in which she could put large cookers. She expanded and took on several employees to help her. The number of orders received continued to grow as her reputation for producing excellent food spread. Shops started to order large quantities of a particular dish and they would sell it to customers in smaller containers as a takeaway dinner which they could heat up at home. In the new premises Tara did things slightly differently. Now, instead of making one pan of a particular dish, she would make a large quantity in one go and then divide it into large containers ready to be sent out for sale. She would then make a large quantity of another dish, and so on. Still the popularity of the food grew! After about two years of expanding at the small factory unit, Tara decided she could afford to buy much larger premises and invest in new automated machinery to cook the food. The demand was there, the food sold to airlines, hotels and supermarkets, as well as the original shops. The new automated process would produce particular dishes in very large quantities, and would produce the same dish continually. Why do you think she changed production methods as her businesses expanded?
question
Markets have become interested in the potential of social networking sites. But they must understand the demographics of social networking users. Pew Research performed a survey in late 2012 that addressed these questions. (www.pewinternet.org/Reports/2013/Social-mediausers/Social-Networking-Site-Users) That survey found that 525 of 846 surveyed male Internet users use social networking. By contrast 679 of 956 female Internet users use social networking. 294 of the 409 respondents who reported earning less than $\$ 30,000$ per year said they were social networking users. At the other end of the income scale, 333 of the 504 respondents reporting earnings of $\$ 75,000$ or more were social networking users. d) Find a $95 \%$ confidence interval for the difference between these proportions.
economics
In the table in Problem 14, the production function for Patty's Pizza Parlor is provided. Although a pizza costs $\$ 2$ the hourly salary rate increases from $\$ 10$ to $\$ 15$. Determine the impact of this wage rate rise on Patty's demand for workers using a diagram.
Other Quizlet sets
HWH Final Essay Study Guide
11 terms
SOP Guidance
13 terms
Science research
11 terms