Scheduled maintenance: Saturday, September 10 from 11PM to 12AM PDT
Home
Subjects
Solutions
Create
Log in
Sign up
Upgrade to remove ads
Only ₩37,125/year
-
Flashcards
-
Learn
-
Test
-
Match
-
Flashcards
-
Learn
-
Test
-
Match
Terms in this set (47)
subject
a computer is the __________ of an attack when it is used to conduct an attack against another computer.
- allow reasonable access
- protect against threats
to achieve balance - that is, to operate an information system that satisfies the user & the security professional - the security level must ____ ______ _____, yet ____ _____ ______.
- threat: a potential risk of an asset's loss of value.
- threat agent: a person or other entity that may cause a loss in an asset's value.
what is the difference between a threat agent & a threat?
availability
enables authorized users - persons or computer systems - to access information without interference or obstruction & to receive it in the required format.
- data custodians
- data users
- data owners
three valid type of roles when it comes to data ownership.
top-down approach
of the two approaches to information security implementation, the _____ approach has a higher probability of success.
worm
a malicious program that replicates itself constantly, without requiring another program environment.
DoS
a mail bomb is a form of ___ attack.
distributed denial-of-service
an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.
vulnerability
a potential weakness in an asset or its defensive control(s).
attack
an act against an asset that could result in a loss.
social engineering
in the context of information security, ____ is the process of using social skills to convince people to reveal access credentials or other valuable information to the attackers.
man-in-the-middle
in the well-known ____ attack, an attacker monitors (or sniffs) packets from the network, modifies them, & inserts them back into the network.
computer fraud & abuse act
the national information infrastructure protection act of 1996 modified which act.
USA patriot act
defines stiffer penalties for prosecution of terrorist crimes.
unacceptable defense
the difference between a policy & a law is that ignorance of a law is an _____ ___.
privacy
the right of individuals or groups to protect themselves & their information from unauthorized access, providing confidentially.
- laws
- policies
- associated penalties
____, ____, & their ____ ____ only provide deterrence if offenders fear the penalty, expect to be caught, & expect the penalty to be applied if they are caught.
individuals with authorization & privileges to manage information
___ ____ ___ ___ ___ ___ ___ ___ within the organization are most likely to cause harm or damage by accident.
due care & due diligence
___ ___ ___ ___ ___ require than an organization makes a valid effort to protect others & continually maintain this level of effort, ensuring these actions are effective.
long arm jurisdiction
refers to the long arm of the law reaching across the country or around the world to draw an accused individual into its court systems whenever it can establish jurisdiction.
technology obsolescence
a threat where a hacker tries to steal sensitive technology.
a master of several programming languages, networking protocols, & operating systems, & exhibits a mastery of the technical environment of the chosen targeted system.
describe what a skilled hacker looks like.
cold
a __ site provides only rudimentary services & facilities.
EISP
based on & directly supports the mission, vision, & direction of the organization & sets the strategic direction, scope, & tone for all security efforts.
policy
a plan or course of action that conveys instructions from an organization's senior management to those who made decisions, take actions, & perform other duties.
incident
an adverse event that could result in a loss of an information asset or assets, but does not currently threaten the viability of the entire organization.
business continuity plan
ensures that critical business functions continue if a catastrophic incident or disaster occurs & the organization is forced to move operations off-site.
hot site
a site that is a fully configure computer facility, with all services, communications links, & physical plant operations including heating & air conditioning.
incident response plan
the set of activities taken to plan for, detect, & correct the impact of an incident on information assets.
disaster recovery plan
a plan that shows the organization's intended efforts to restore operations at the original site in the aftermath of a disaster.
defense-in-depth
...
issue specific policy
addresses specific areas of technology; requires frequent updates and contains statement on the organization's position on
specific issue.
disaster recovery
___ ___ personnel must know their roles without supporting documentation, which is a
function of preparation, training and rehearsal.
risk identification
first phase of risk management.
risk
equals the probability of a successful attack times the expected loss from a
successful attack plus an element of uncertainty.
benchmarking
the process of comparing other organizations' activities against the practices
used in one's
own organization to produce results it would like to duplicate.
likelihood
the probability that a specific vulnerability within an organization will be the target
of an attack.
weighted factor analysis
assets or threats can be prioritized by identifying criteria with differing
levels of importance and ranking the
importance to equal 100 then, assigning a score for each
of the criteria and then summing and ranking those scores.
risk appetite
defines the quantity and nature of risk that organizations are willing to accept as
they evaluate the tradeoffs between perfect security and unlimited accessibility.
defense control strategy
attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls & safeguards.
transfer control strategy
attempts to shift risk to other assets, other processes, or other organizations.
single loss expectancy
the calculation of the value associated with the most likely loss from an attack
risk management program
involves three major undertakings: risk identification, risk assessment, & risk control.
must structure the IT and information security functions
to defend the organization's information assets
upper management of an organization must
give consideration to the value incurred from the cost of protecting the information.
When it is necessary to calculate, estimate, or derive values for information assets, you might
CBA
formal decision making process used when considering the economic feasibility of
implementing information security controls and safeguards
Information Security Midterms
101 terms
Tim_Dejeron
Info Security Test 1
73 terms
kbeard12
Intrusion Detection Chapter 1 Quiz, IS 621
64 terms
Chelsie002
Security chapter 1
56 terms
vhsbwilson
Sets found in the same folderInformation Security Chapter 2
75 terms
divyae
Chapter - 12
57 terms
inkool
Ch 3 - Relevant U.S Laws
27 terms
Electrorganic
Management of Information Security 3rd Edition Cha…
77 terms
Wellalright
Other sets by this creatorCySA+ Threat Management
105 terms
vickibangs95
CISSP
13 terms
vickibangs95
Earth Science Final
2 terms
vickibangs95
BUS495
73 terms
vickibangs95
Other Quizlet setsChapter 12
19 terms
josediaz1842
Sec + terms unknown
34 terms
wt34038
Information Security
221 terms
Kierra1974
Released 039 Emerging Technologies
25 terms
hcps-tadivk
Related questionsQUESTION
Restitution theories believe that when a crime is committed a victim should
15 answers
QUESTION
Reason forms the greater part of each man's makeup and is naturally insatiable.
2 answers
QUESTION
Quadrant in Potter Box that usually needs closest scutiny and why?
3 answers
QUESTION
what are the four steps in ethical decision-making?
15 answers