Shared Flashcard Set

Details

Security+ Exam (SY0-301)
Flash cards for Security+ Exam using the SY0-301 book
26
Computer Networking
Not Applicable
08/15/2011

Additional Computer Networking Flashcards

 


 

Cards

Term
Information Security
Definition
the protection of available information or information resources from unauthorized access, attacks, thefts or data damage.
Term
As an information security professional, what do you need to protect?
Definition
Data and resources
Term
Data refers to what (in terms of protecting data)
Definition
*to the information assets of a person, customer or organization
*files in the computer system/network
Term
Resources refers to what (in terms of protecting resources)
Definition
*any virtual or physical components of a system that have limited availability
*any device connected directly to a computer system/network
*a virtual resource - files, memory location or network connection
Term
collateral damage
Definition
*compromised reputation
*loss of goodwill
*reduced investor confidence
*loss of customers
*various financial losses
Term
Three primary goals of security
Definition
Prevention
Detection
Recovery
Term
Vulnerabilities
Definition
any condition that leaves a system open to attack
Term
What are some vulnerabilites?
Definition
*improperly configured or installed hardware or software
*bugs in software or operating systems
*the misuse of software or communication protocols
*poorly designed networks
*poor physical security
*Insecure passwords
*Design flaws in software or operating systems
*unchecked user input
Term
Threat
Definition
any event or action that could potentially result in the violation of a security requirement, policy or procedure.
Term
Potential threats to computer and network security include:
Definition
*unintentional or unauthorized access or changes to data
*the interruption of services
*the interruption of access to assets
*damage to hardware
*unauthorized access or damage to facilities
Term
attack
Definition
is a technique that is used to exploit a vulnerability in any application on a computer system without the authorization to do so.
Term
attacks on computer system and network security include:
Definition
*physical attacks
*network-based attacks including wireless networks
*software-based attacks
*social engineering attacks
*web application-based attacks
Term
intrusion
Definition
when an attacker accesses your computer system without the authorization to do so
Term
intrusions can occur when?
Definition
when the system is vulnerable to attacks
Term
intrusions can include
Definition
*physical intrusions
*Host-based intrusions
*network-based intrutions
Term
risk
(as applied to information systems)
Definition
*is a concept that indicates exposure to the chance of damage or loss
*signifies the likelihood of a hazard or dangerous threat occurring
Term
risk
(as applied to information technology)
Definition
*associated with the loss of a system, power or network, and other physical losses
*also affects people, practices and processes
Term
controls
Definition
the countermeasures that yo need to put in place to avoid, mitigate or counteract security risks due to threats or attacks
Term
types of controls
Definition
*prevention
*detection
*correction
Term
Prevention controls
Definition
these help to prevent a threat or attack from exposing a vulnerability in the computer system
Term
Detection controls
Definition
these help to discover if a threat or vulnerability has entered into the computer system
Term
Correction controls
Definition
there help mitigate the consequences of a threat or attach from adversely affecting the computer system
Term
Security Management process can include:
Definition
*identifying,
*implementing, and
*monitoring security controls
Term
Identification
Definition
involves detecting problems and determining how best to protect a system
Term
Implementation
Definition
this involves installing control mechanisms to prevent problems in a system
Term
Monitoring
Definition
involves detecting and solving any security issues that arise after security controls are implemented
Supporting users have an ad free experience!