The Language of Composition: Reading, Writing, Rhetoric
2nd EditionLawrence Scanlon, Renee H. Shea, Robin Dissin Aufses
661 solutions
Ways of the World: A Global History
3rd EditionRobert W. Strayer
232 solutions
Tonal Harmony, Workbook
8th EditionByron Almen, Dorothy Payne, Stefan Kostka
1,387 solutions
U.S. History
1st EditionJohn Lund, Paul S. Vickery, P. Scott Corbett, Todd Pfannestiel, Volker Janssen
567 solutions
Upgrade to remove ads
Only ₩37,125/year
-
Flashcards
-
Learn
-
Test
-
Match
-
Flashcards
-
Learn
-
Test
-
Match
Terms in this set (73)
threat agent
the facilitator of an attack
threat
a category of objects, people, or other entities that represents a potential danger to an asset. They are always present
vulnerability
a weakness or fault in a system or protection mechanism that opens it to attack or damage
exposure
a condition or state of being exposed. this exists when a vulnerability is known to an attacker
What are the three components of the C.I.A. triangle?
confidentiality, integrity, availability
confidentiality
assurance that information is shared only among authorized people or organizations
integrity
assurance that the information is complete and uncorrupted
availability
assurance that information systems and the necessary data are available for use when needed
Why is the top-down approach to information security superior to the bottom-up approach?
has a higher probability of success; has strong upper management support, a dedicated champion, usually dedicated funding, a clear planning and implementation process, and the means of influencing organizational culture
Which members of an organization are involved in the security systems development life cycle? Who leads the process?
upper management-initiation and control
responsible managers, contractors, and employees execute
lead by senior executive (Champion)
Who is ultimately responsible for the security of information in the organization?
CISO
Who decides how and when data in an organization will be used or controlled? Who is responsible for seeing that these decisions are carried out?
data owners (responsible for security and use of information), data custodians (work directly with data owners and are responsible for the storage,maintenance, and protection of information), data users (end users who work with the information to perform their daily jobs and support the mission of the organization)
Why is data the most important asset an organization possesses?
Without data, an organization will lose its record of transactions and its ability to deliver value to customers.
information extortion
When an attacker can control access to an asset, it can be held hostage to the attacker's demands.
Why are employees one of the greatest threats to information security?
they are the people closest to the organization's data and they have access to it. Employee mistakes can easily lead to the revelation of classified data, entry of erroneous data, accidental data deletion or modification, storage of data in unprotected areas, and failure to protect information.
What is the difference between a skilled hacker and an unskilled hacker, other than skill levels?
expert hacker develops software scripts and codes to exploit relatively unknown vulnerabilities; master of several languages and OS
unskilled hackers uses scripts and code developed by skilled hackers; rarely write own hacks, unskilled in programming languages
What are the various types of malware?
viruses, worms, trojan horses, logic bombs, and back doors
How do worms differ from viruses?
virus- code that induces other programs to perform actions
worms- malicious programs that replicate themselves constantly without requiring another program to provide a safe environment for replication
Do Trojan horses carry viruses or worms?
once a trusting user executes a Trojan horse program, it unleashes viruses or worms to the local workstation and the network as a whole.
Why does polymorphism cause greater concern than traditional malware? How does it affect detection?
makes malicious code more difficult to detect; code changes overtime
How is technological obsolescence a threat to information security?
by management's potential lack of planning and failure to anticipate the technology needed for evolving business requirements. It occurs when infrastructure becomes outdated, and leads to unreliable and untrustworthy systems
What are the types of password attacks? What can a systems administrator do to protect against them?
password crack, brute force, dictionary
system
administrator can:
• Implement controls that limit the number of attempts allowed.
• Use a "disallow" list of passwords from a similar dictionary.
• Require use of additional numbers and special characters in passwords.
password crack
Attempting to reverse-calculate a password is called "cracking." This attack is used when a copy of the Security Account Manager (SAM) data file can be obtained. A possible password is taken from the SAM file and run through the hashing algorithm in an attempt to guess the actual password.
brute force
The application of computing and network resources to try every possible combination of options for a password.
dictionary
A form of brute force for guessing passwords. The dictionary attack selects specific accounts and uses a list of common passwords to make guesses.
What is the difference between a denial-of-service attack and a distributed denial-of-service attack? Which is more dangerous? Why?
DoS-occurs when an attacker sends a large number of connection or information requests to a target
DDoS-occurs when a coordinated stream of requests is launched against a target from many locations at
the same time
DDoS is more dangerous b/c more difficult to defend against with no controls any org can apply
What is a buffer overflow, and how is it used against a Web server?
when more data is sent to a buffer than it can handle; used when there is a mismatch in the processing rates between the two communicating entities
What is the difference between law and ethics?
laws- rules that mandate or prohibit certain behavior in society (have a governing authority, ethics do not)
ethics- define socially acceptable behavior
Which law amended the Computer Fraud and Abuse Act of 1986, and what did it change?
National Information Infrastructure Protection Act of 1986 ; modified several sections of the CFA and increased the penalties for selected crimes
What is privacy in an information security context?
a "state of being free from unsanctioned intrusion"
What is the primary purpose of the USA PATRIOT Act?
in 2001, modified a wide range of existing laws to provide law enforcement agencies with broader latitude to combat terrorism-related activities
How has thePATRIOT Act been revised since its original passage?
in 2011,the PATRIOT Sunset Extension Act of 2011 was signed into law to extend certain provisions of the USA PATRIOT Act. These provisions covered wiretaps, searching of business records, and surveillance of people with suspected ties to terrorism.
What is due care? Why should an organization make sure to exercise due care in its usual course of operations?
has been taken when an organization makes sure that every employee knows what is acceptable or unacceptable behavior, and knows the consequences of illegal or unethical actions.; The more active an organization is in exercising due care, the less likely it will be held liable for its employees' illegal or unethical actions.
How is due diligence different from due care? Why are both important?
Due diligence requires that an organization make a valid effort to protect others and continually maintain this level of effort; important to decrease its chances of being found liable if an incident occurs
What is a policy? How is it different from a law?
A policy is a formalized body of expectations that describe acceptable and unacceptable employee behavior in the workplace. The difference between a policy and a law is that ignorance of a policy is an acceptable defense
How can a security framework assist in the design and implementation of a security infrastructure? What is information security governance? Who in the organization should plan for it?
pg 5 ch 4 1
Briefly describe management, operational, and technical controls
• Management controls cover security processes that are designed by strategic planners and implemented by an organization's security administration.
• Operational controls deal with the functionality of security in the organization, including disaster recovery and incident response planning.
• Technical controls address tactical and technical issues related to designing and implementing security in the organization,
as well as issues related to examining and selecting appropriate technologies for protecting information.
What are the differences between a policy, a standard, and a practice? What are the three types of security policies?
• A policy is a plan or course of action intended to influence and determine decisions, actions, and other matters. Policies function like laws within an organization because they dictate
acceptable and unacceptable behavior within the context of the organization's culture.
• A standard has the same requirement for compliance as a policy, but a standard provides more detail for what must be done to comply with policy. The level of acceptance for standards may be informal, as for de facto standards, or formal (as for de jure standards).
• Practices, procedures, and guidelines effectively explain how to comply with policy.
Who is ultimately responsible for managing a technology?
senior management
Contingency planning
all planning conducted by the organization to prepare for, react to, and recover from events that threaten its security of information and information assets
three types: incident response plans, disaster recovery plans, and business continuity plans
When is IR plan used?
covers the identification, classification, response to, and recovery from an incident. The plan should be used when an incident in progress is first detected by an organization.
When is DR plan used?
addresses preparations for and recovery from a disaster, whether natural or man-made. The plan is used before a disaster in preparation for its occurrence, and then afterward to rebuild and recover the organization's functionality.
When is the BC plan used?
will be needed if a disaster has rendered the current location of the business unusable for continued operation. BCP outlines the reestablishment of critical business operations during a disaster that affects operations at the primary site.
How do you determine when to use the IR, DR, and BC plans?
An incident response plan is used as soon as an incident in progress has been identified. An attack is identified as an incident if:
1. It is directed against information assets.
2. It has a realistic chance of success.
3. It could threaten the confidentiality, integrity, or availability of information resources.
A disaster recovery plan is used if an incident escalates or is disastrous. The plan typically focuses on restoring systems at the original site after a disaster occurs.
A business continuity plan is used concurrently with the disaster recovery plan when the damage is major, creates long-term consequences, or requires more than simple restoration of information and information resources.
Containment
the process of determining which systems have been attacked and removing their ability to attack uncompromised systems.
hot site
fully configured computer facility with all services, communications links, and physical plant operations, including heating and air conditioning.
warm site
provides many of the same services and options as a hot site. However, it typically does not include the actual applications the company needs, or the applications may not yet be installed and configured.
cold site
provides only rudimentary services and facilities. No computer hardware or peripherals are provided. All communications services must be installed after the site is occupied.
time-share
is a hot, warm, or cold site that is leased in conjunction with a business partner or sister organization. The time-share allows the organization to maintain a disaster recovery and business continuity option at a reduced overall cost. The time-share has the same advantages as the type of site selected (hot, warm, or cold). The primary disadvantage is the possibility that more than one organization involved in the time-share may need the facility simultaneously
service bureau
an agency that provides a service for a fee. In the case of disaster recovery and continuity planning, the service is the agreement to provide physical facilities during and after a disaster. These types of agencies also frequently provide off-site data storage for a fee. Contracts can be carefully created with service bureaus to specify exactly what the organization needs without having to reserve dedicated facilities.
mutual agreement
is a contract between two or more organizations that specifies how each will assist the other in the event of a disaster. It stipulates that each organization is obligated to provide necessary facilities, resources, and services until the receiving organization can recover from the disaster.
risk management
the process of identifying vulnerabilities in an organization's information systems and taking carefully reasoned steps to ensure the confidentiality, integrity, and availability of all the components in those systems.
Who is responsible for risk management in an organization? Which community of interest usually takes the lead in information security risk management?
community of interest; the information security community
What are vulnerabilities? How do you identify them?
specific avenues that threat agents can exploit to attack an information asset. they are a flaw or weakness in an information asset
What five strategies for controlling risk
• The defense control strategy attempts to prevent the exploitation of vulnerabilities.
• The transfer control strategy attempts to shift risk to other
assets, other processes, or other organizations.
• The mitigation control strategy attempts to reduce the impact of exploited vulnerabilities through planning and preparation.
• The acceptance control strategy is the choice to do nothing to protect against a vulnerability and accept the outcome of its exploitation.
• The termination control strategy directs the organization to avoid business activities that introduce uncontrollable risks.
Describe the defense strategy for controlling risk. List and describe the three common methods.
attempts to prevent the exploitation of vulnerabilities
• Application of policy
• Education and training
• Application of technology
Describe the transfer strategy for controlling risk.
the control approach that attempts to shift risk to other assets, other processes, or other organizations. These controls may be accomplished by rethinking how services are offered, revising deployment models, outsourcing to other organizations, purchasing insurance, or implementing service contracts with providers.
Describe the mitigation strategy for controlling risk.
the control approach that attempts to reduce the impact of exploited vulnerabilities through planning and preparation. Mitigation
begins with the early detection of an attack in progress and the organization's ability to respond quickly, efficiently, and effectively.
(IR, DR, BC)
How is an incident response plan different from a disaster recovery plan?
The disaster recovery plan focuses on preparations completed before a disaster or escalated incident and actions taken afterward to reestablish operations at the primary site. The incident response plan focuses on intelligence gathering, information analysis, coordinated decision making, and urgent, concrete actions taken while an incident is occurring.
risk appetite
defines the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility.
cost-benefit analysis
the formal decision-making process an organization uses to evaluate whether the benefit gained from a given project is worth the expense.
single loss expectancy
the value associated with the most likely loss from an attack. It is a calculation based on an asset's value and the expected percentage of loss from one occurrence of a particular attack.
residual risk
When vulnerabilities have been controlled as much as possible, any remaining risk that has not been removed, shifted, or planned for
What is the typical relationship among the untrusted network, the firewall, and the trusted network?
The untrusted network is usually the Internet or another segment of a public access network, while the trusted network is typically a privately owned network. The firewall serves as a mechanism to filter traffic from the untrusted network into the trusted network to foster assurance that the traffic is legitimate.
How is an application layer firewall different from a packet-filtering firewall?
The application layer firewall takes into consideration the nature of the applications that are being run, including the type and timing of the network connection requests as well as the type and nature of the traffic that is generated. The packet-filtering firewall simply looks at the packets as they are transferred.
How is static filtering different from dynamic filtering of packets?
Static filtering requires that the firewall's packet filtering rules are developed and installed with the firewall. This type of filtering is common in network routers and gateways. Dynamic filtering allows the firewall to react to an emergent event and update or create rules to deal with it. This reaction could be positive, as in allowing an internal user to engage in a specific activity upon request, or it could be negative, as in dropping all packets from a particular address when the system detects an increased presence of a particular type of malformed packet.
What is stateful inspection?
keep track of each network connection between internal and external systems using a state table.
What special function does a cache server perform? Why is this useful for larger organizations?
These types of servers can store the most recently accessed Web pages in their internal cache memory, and thus can provide content for heavily accessed pages without the level of traffic required when pages are not cached. Larger organizations often find that just a few Web sites account for a large quantity of their traffic and that they can lower total network traffic measurably by using a cache server.
What is a sacrificial host? What is a bastion host?
They are synonyms. Because the bastion host stands as a sole defender on the network perimeter, it is also commonly referred to as the sacrificial host. To its advantage, this configuration requires the external attack to compromise two separate systems before it can access internal data.
What is a DMZ
is the network segment that may be engineered between the external access to a network and the internal areas.
What questions must be addressed when selecting a firewall for a specific organization?
• What type of firewall technology offers the right balance between protection and cost for the organization's needs?
• What features are included in the base price? What features are available at extra cost? Are all cost factors known?
• How easy is it to set up and configure the firewall? How accessible are the staff technicians who can competently configure the firewall?
• Can the candidate firewall adapt to the
growing network in the target
What is a content filter?
a software filter—technically not a firewall—that allows administrators to restrict access to content from within a network.
What is a VPN?
a private and secure network connection between systems that uses the data communication capability of an unsecured and public network.
Students also viewedSecurity - Chapter 02 - Review*
20 terms
ogsaw1
Info Security Exam 1
23 terms
spaceoranges
Chapter 5 Planning for Security
11 terms
cherokee5301
Principles of Information Security, 4th Edition. C…
20 terms
cherokee5301
Sets found in the same folderCIS 322 Final Review
116 terms
bmuncy
Chapter 1 Quiz Question Bank - CIST1601 - Informat…
34 terms
bwheele6791
CP3302_Chap3
28 terms
Marksy_010
ISA3060-01-Chapter6
25 terms
cfarsee
Other sets by this creatorIntegrated Business Exam 1 (Ch2-3 & 5)
46 terms
kbeard12
Info Sec Quiz #2
43 terms
kbeard12
Quiz #3 for BUS 494
21 terms
kbeard12
Quiz #2 for BUS 494
19 terms
kbeard12
Verified questions
algebra
Use the real estate amortizationtable to find the monthly payment for the following loans. (See the Example discussed before .) $$ \begin{array}{ccccc} \begin{array}{}\text{Amount }\\\text{of Loan}\end{array}& \begin{array}{}\text{Interest}\\\text{Rate}\end{array}& \begin{array}{}\text{Term of}\\\text{Loan}\end{array}& \begin{array}{}\text{Monthly}\\\text{Payment}\end{array}\\ \$112,800& 8\frac{1}{2}\% & 15\text{years}& \underline{\qquad\qquad} \end{array} $$
Verified answer
management
Describe how Goldman Sachs' resilience training might influence different parts of the stress process as it is described in this chapter.
Verified answer
question
Suppose that a company's sales were $\$ 5,000,000$ three years ago. Since that time sales have grown at annual rates of $10$ percent, $-10$ percent, and $25$ percent. Find the ending value of sales after this three-year period.
Verified answer
psychology
Researchers believe that one important function of sleep is to facilitate learning and memory. How does knowing this help you in your college studies? What changes could you make to your study and sleep habits to maximize your mastery of the material covered in class?
Verified answer
Recommended textbook solutionsOperations Management: Sustainability and Supply Chain Management
12th EditionBarry Render, Chuck Munson, Jay Heizer
1,698 solutions
Service Management: Operations, Strategy, and Information Technology
7th EditionJames Fitzsimmons, Mona Fitzsimmons
103 solutions
Human Resource Management
15th EditionJohn David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine
249 solutions
Information Technology Project Management: Providing Measurable Organizational Value
5th EditionJack T. Marchewka
346 solutions
Other Quizlet setsCWPC 14C Highlighted SOBs
65 terms
shawn_sullivan60
DLP4-Exercise 1.1
68 terms
Nabeel_Hashim
ACCT 201 EXAM 2
53 terms
rvandermuss421
chapter 5 class 10
17 terms
madelinemchugh2