Security Concepts: Definitions & Aspects of Warfare, Defense, Levels, Access Controls, & D, Quizzes of Introduction to Business Management

Download Security Concepts: Definitions & Aspects of Warfare, Defense, Levels, Access Controls, & D and more Quizzes Introduction to Business Management in PDF only on Docsity! TERM 1 security concepts DEFINITION 1 management, not technology issuetop to bottom commitmentasymmetrical warfaredefense in depthsecurity levels TERM 2 asymmetrical warfare DEFINITION 2 attacker only has to find one opening TERM 3 defense in depth DEFINITION 3 attacker must get past several defenses TERM 4 security levels DEFINITION 4 information, computer, network TERM 5 security: access levels DEFINITION 5 network and host access controlapplication access controldata access policies and controlsdata TERM 6 denial of service DEFINITION 6 -threats are those that render a system inoperative or limit its capability to operate, or make data unavailable-result from intentional acts, careless behavior, or even natural disasters- natural disasters cannot be prevented but can be planned for (backups, redundancy, etc)-careless behaviors, such as forgetting to perform proper backups of one's computer, not installing security updates to an operating system, or failing to update one's antivirus software TERM 7 virus DEFINITION 7 sent out to find any victim they canlines of code that make up a ______ can be embedded into other filessignature of the ____ is the particular bit patterns that can be recognized, which is how detection software knows your computer has contracted one TERM 8 malicious software (malware) DEFINITION 8 usually target of opportunity attackstypes:-viruses-trojan horse-worms-active content in web pages-blended threats- virus hoaxes-spyware TERM 9 viruses DEFINITION 9 infect files or system sectors on disk TERM 10 trojan horse DEFINITION 10 some part is legitimate TERM 21 non repudiation DEFINITION 21 refers to making sure one cannot renege on their obligations, for example by denying that they entered into a transaction with a web merchant TERM 22 preventive controls DEFINITION 22 stop or limit the security threat from happening in the first place (antivirus scans) TERM 23 corrective controls DEFINITION 23 repair damages after a security problem has occurred (anti virus quarantine) TERM 24 detective controls DEFINITION 24 find or discover where and when security threats occurred (audit logs) TERM 25 physical security DEFINITION 25 -locks for laptops-drive shredders to make sure that discarded disk drives cannot be read-wiring closets are locked properly-proper personnel have access to key info systems-building access-dumpster diving-computer locks- training security personnel and employees TERM 26 building access DEFINITION 26 single point of (normal) entry to buildingfire doors with closed circuit television and alarmsinterior doors: avoid piggybackingdata wiring security TERM 27 dumpster diving DEFINITION 27 drive shredding programs for discarded disk drives TERM 28 user profiles DEFINITION 28 users are assigned these and a set of privileges to access only what the needlevels of identification-possession- knowledge-traits TERM 29 possession DEFINITION 29 when an individual owns a form of identification (driver's license, student ID) TERM 30 knowledge DEFINITION 30 when an individual needs to know something to gain access (passwords) TERM 31 traits DEFINITION 31 requires recognition of physical or behavior human characteristics (biometrics) TERM 32 strong passwords DEFINITION 32 at least eight characters longdoesn't contain your username, real name, or company namedoesn't contain a complete wordsignificantly different from previous passwordscontains characters form each of following 4 categories:-uppercase- lowercase-numbers-symbols TERM 33 biometrics DEFINITION 33 physiologicalbehavioral TERM 34 physiological DEFINITION 34 fingerprintshandirisretinafacevoicednaodorothers TERM 35 behavioral DEFINITION 35 signaturekeystrokevoicegait TERM 46 wireless security DEFINITION 46 best protection is encryptionWired equivalent privacyWifi Protected Accessfurther protection for home wireless networks is to disable the broadcasting of the network's ID (SSID) TERM 47 wired equivalent privacy DEFINITION 47 is older encryption algorithm, which can be easily cracked within minutes today TERM 48 wifi protected access DEFINITION 48 more recent and powerful encryption algorithm widely available in most routersextension of this, wpa2 is the current standard TERM 49 social engineering defenses DEFINITION 49 policiestrainingenforcement through sanctions (punishment) TERM 50 security policies DEFINITION 50 describe what the general security guidelines are for an organizationprocedures describe how to implement these-all users must change their passwords every two monthsshould include a list of actions for the enforcement of procedureseducation and training are very important to success TERM 51 ipad security DEFINITION 51 1. enable passcode lock2. dont install untrustworthy apps3. disable bluetooth when not in use4. enable remote wipe and remote passcode lock (MobileMe)5. use a virtual private network TERM 52 information privacy DEFINITION 52 the confidentiality of the information collected by organizations about the individuals using their serviceseveryone is concerned about their own, but also about the privacy of customers, employees, business partners, students, parents, children, and more TERM 53 data collection DEFINITION 53 it has become easier and faster to collect ever increasing amounts of informationcan be collected without anyone's awareness, for example through the use of cookies-cookies- clickstream data-online forms TERM 54 cookies DEFINITION 54 text files that contain data TERM 55 clickstream data DEFINITION 55 tracks online browsing TERM 56 online forms DEFINITION 56 populates forms quickly TERM 57 identity theft DEFINITION 57 using someone else's personal info for your own personal gain2009 statistics-almost 10 million victims in 2008 (22% increase from 2007)-71% of fraud happens within a week of stealing victim's personal data-low tech methods for stealing personal info are still the most popular for identity thieves -stolen wallers and physical docs accounted for 43% of id theft -online methods accounted for only 11% TERM 58 protecting yourself DEFINITION 58 -watching for shoulder surfers who observe what you are typing- shred everything that has any data about you-destroy digital data by going beyond a simple delete-really check the statements you receive-limit the info provided on your checks-request your free annual credit report and check it!-do not use your social security number unless it is absolutely needed TERM 59 cookies and cookie managers DEFINITION 59 small text files located on your computer, to store info about you, your accounts, and your computerinfo not typed in can also be stored in these (IP address, domain name)when accessing some sites, browsers transmit info contained in stored TERM 60 cookie and cookie managers DEFINITION 60 privacy settings within a web browser can help protect datacan be available to delete unwanted or dangerous ____ TERM 71 IT and new business models DEFINITION 71 online retailing (e.g. staples.com)infomediaries (e.g. kayak.com)content providers (e.g. britannica.com)online communities (e.g. yahoo answers)exchanges (e.g. buyerzone.com)infrastructure providers (e.g. paypal) TERM 72 B2c enablers and requirements DEFINITION 72 improvements and convergence in technologiesinteroperabilitycritical mass------>network economics TERM 73 business to consumer enablers DEFINITION 73 easy to navigate websitenetwork bandwidthinteroperabilitycritical mass TERM 74 e commerce effects DEFINITION 74 e channel compression(disintermediation)e channel expansion(adding brokering functionality) TERM 75 search engine optimization DEFINITION 75 series of practices an org can use to improve their visibility, or optimize, how their web pages or website show up on the search engine result pagesnot one time effortinclude key words in prominent placesage of website domain TERM 76 search engine optimization DEFINITION 76 1. keywords2. organic optimization-content, language, layout, tags, meta data, etc-software optimizer ($100-2500)- consultants-link building (social media)3. pay per click (keyboard bidding)4. analytics and reporting (keep track of traffic) TERM 77 information security threats DEFINITION 77 exploits that need to be prevent which results in the loss of the accuracy of the data held by an organization or the outright loss or damage to data or technological resources TERM 78 defense in depth DEFINITION 78 an information assurance concept in which multiple layers of security controls (defense) are placed throughout an information technology systemsits intent is to provide redundancy in the event a security control fails or a vulnerability is exploited TERM 79 malware DEFINITION 79 any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems TERM 80 denial of service DEFINITION 80 these attacks involve blocking the communication channels used by a company TERM 81 viruses DEFINITION 81 malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive; when this replication success; the affected areas are then said to be "infected" TERM 82 trojan horses DEFINITION 82 when a malicious program is disguised as something normal or desirable, users may unwittingly install it TERM 83 worms DEFINITION 83 standalone malware computer program that replicates itself in order to spread to other computers TERM 84 blended threats DEFINITION 84 software exploit which in turn involves a combination of attacks against vulnerabilitiescombination of worms, trojans, virus, and other kinds of malware TERM 85 virus hoaxes DEFINITION 85 message warning the recipient of non existent computer virus threatthe message is usually a chain email that tells the recipient to forward it to everyone they know TERM 96 audit logs DEFINITION 96 security relevant chronological record, set of records, and/or records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event TERM 97 entrapment servers (honeypot) DEFINITION 97 trap set to detect, deflect, or in some manner, counteract attempts at unauthorized use of information systems TERM 98 firewalls DEFINITION 98 software or hardware based network security system that controls the incoming and outgoing network traffic based on applied rule set.est a barrier between a trusted, secure internal network and another network that is not assumed to be sure and trusted TERM 99 encryption DEFINITION 99 the process of encoding messages or information in such a way that only authorized parties can read itin particular symmetric key and public key TERM 100 wireless security DEFINITION 100 prevention of unauthorized access or damage to computers using wireless networks TERM 101 security policies DEFINITION 101 definition of what it means to be secure for a system, organization or other entityfor an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls TERM 102 information privacy DEFINITION 102 confidentiality of the info collected by the org about the individuals using their services TERM 103 identity theft DEFINITION 103 using another person;s identity to carry out acts that range from sending libelous email to making fraudulent purposes TERM 104 cookies DEFINITION 104 small text files located on your computer, to store information about you, your accounts or to making fraudulent purposes TERM 105 privacy policy DEFINITION 105 statement that describes what the organization's practices are TERM 106 privacy seals DEFINITION 106 attempt by companies at self regulation regarding privacy of consumers