Shared Flashcard Set

Details

Intro to Info Sec Ch 1 & 2
Study for test
90
Computer Networking
Undergraduate 1
09/08/2013

Additional Computer Networking Flashcards

 


 

Cards

Term
Exploit
Definition
a technique used to compromise a system.
Term
exposure
Definition
a condition or state of being exposed. In information security, it exists when a vulnerability known to an attacker is present.
Term
loss
Definition
a single instance of an information asset suffering damage or unintended or unauthorized modification or disclosure.
Term
protection profile or security posture
Definition
the entire set of controls and safguards, including policy, education, training and awareness, and technology, that the organization implements to protect the asset.
Term
risk
Definition
the probability that somethign unwanted will happen. Orgs. must minimize this to match their risk appetite.
Term
risk appetite
Definition
the quantity and nature of risk the organization is willing to accept.
Term
threat
Definition
a category fo objects, persons, or other entities that presents a danger to an asset. They are always present and can be purposeful or undirected.
Term
threat agent
Definition
the specific instance or a component of a threat.
Term
vulnerability
Definition
a weaknesses or fault in a system or protection mechanism that opens it to attack or damage.
Term
availability
Definition
enables authorized users to access information without interference or obstruction and to receive it in the required format.
Term
accuracy
Definition
information has ____ when it is free from mistakes or errors and it has the value that the end user expects. If information has been intentionally or unintentionally modified, it no longer is accurate
Term
Authenticity
Definition
the quality or state of being genuine or original, rahter than a reproduction or fabrication.
Term
E-mail spoofing
Definition
the act of sending an e-mail message with a modified field, is a problem for many people today, because often the modified field is the address fo the originator.
Term
phishing
Definition
when an attacker attempts to obtain personal or financial information using fraudulent means, most often by posing as another individual or organization.
Term
confidentiality
Definition
when information is protected from disclosure or exposure to unauthorized individuals or systems. It ensures that only those with the rights and privileges to access information are able to do so.
Term
salami theft
Definition
taking bits and pieces of information instead of all the required information to avoid detection.
Term
integrity
Definition
information has this when it is whole, complete, and uncorrupted. It is threatened with the information is exposed to corruption, damage, destruction, or other disruption of its authentic state.
Term
file hashing
Definition
a file is read by a special algorithm that uses the value of the bits in the file to compute a single large number called a hash value.
Term
utility
Definition
the quality or state of having value for some purpose or end.
Term
possession
Definition
the quality or state of ownership or control.
Term
bottom-up approach
Definition
information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems. This is often referred to as a ____.
Term
top-down approach.
Definition
in which the project is initiated by upper-level managers who issue policy, procedures and processes, dictate the goals and expected outcomes, and determine accountability of reach required action
Term
Systems development life cycle
Definition
a methodology for the design and implementation of an information system.
Term
Methodology
Definition
a formal approach to solving a problem by means of a structured sequence of procedures.
Term
Waterfall model
Definition
illustrates that each phase of SDLC begins with the results and information gained from the previous phase.
Term
Investigation; Analysis; Logical Design; Physical Design; Implementation; Maintenance and Change
Definition
What are the six phases of Systems development life cycle (SDLC)
Term
Investigation
Definition
the most important phases of SDLC
Term
Analysis
Definition
This phase of SDLC consists primarily of assessments of the organization, the status of current systems, and the capability to support the proposed systems.
Term
Logical Design
Definition
In this phase of SDLC, the information gained from the analysis phase is used to begin creating a solution system for a business problem.
Term
Physical Design
Definition
During this phase of SDLC, specific technologies are selected to support the alternatives identified and evaluated in the logical phase
Term
Implementation
Definition
During this phase of SDLC, any needed software is created or purchased.
Term
Maintenance and Change
Definition
During this phase of SDLC, consists fo tasks necessary to support and modify the system for the remainder of its useful life cycle.
Term
The Security Systems Development Life Cycle. (SecSDLC)
Definition
This is used to identify specific threats and creating controls to counter them.
Term
Intellectual property
Definition
the ownership of ideas and control over the tangible or virtual representation of those ideas. Use of another person's intellectual property may or may not involve royalty payments or permissions, but should always include proper credit to the source.
Term
Software Piracy
Definition
the unlawful use or duplication of software-based intellectual property
Term
Deliberate Software Attacks
Definition
Occurs when an individual or group designs and deploys software to attack a system
Term
Malicious code, malicious software, Malware
Definition
Software components or programs are designed to damage, destroy, or deny service to the target systems
Term
Virus
Definition
segments of code that attaches itself to an existing program and takes control of that program's access to the targeted computer
Term
Macro Virus
Definition
Virus which is embedded in automatically executing macro code used by word processors, spread sheets, and database applications.
Term
Boot Virus
Definition
Virus which infects the key operating system files located in a computer's boot sector.
Term
Worm
Definition
A malicious program that replicates itself constantly, without requiring another program environment.
Term
Trojan Horses
Definition
Software programs that hide their true nature and reveal their designed behavior only when activated.
Term
Back Door / Trap Door
Definition
Allows the attacker to access the system at will with special privileges
Term
Polymorphic threat
Definition
A treat that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures.
Term
Availability disruption
Definition
Damage to the physical materials used to send and recieve data can cause ____
Term
Intellectual property
Definition
the ownership of ideas and control over the tangible or virtual representation of those ideas. Use of another person's intellectual property may or may not involve royalty payments or permissions, but should always include proper credit to the source.
Term
Software Piracy
Definition
the unlawful use or duplication of software-based intellectual property
Term
Deliberate Software Attacks
Definition
Occurs when an individual or group designs and deploys software to attack a system
Term
Malicious code, malicious software, Malware
Definition
Software components or programs are designed to damage, destroy, or deny service to the target systems
Term
Virus
Definition
segments of code that attaches itself to an existing program and takes control of that program's access to the targeted computer
Term
Macro Virus
Definition
Virus which is embedded in automatically executing macro code used by word processors, spread sheets, and database applications.
Term
Boot Virus
Definition
Virus which infects the key operating system files located in a computer's boot sector.
Term
Worm
Definition
A malicious program that replicates itself constantly, without requiring another program environment.
Term
Trojan Horses
Definition
Software programs that hide their true nature and reveal their designed behavior only when activated.
Term
Back Door / Trap Door
Definition
Allows the attacker to access the system at will with special privileges
Term
Polymorphic threat
Definition
A treat that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures.
Term
Availability disruption
Definition
Damage to the physical materials used to send and recieve data can cause ____
Term
Service Level Agreement
Definition
agreement between web hosting services that provide minimum service levels
Term
Spike
Definition
experince a momentary increase in power levels
Term
surge
Definition
experience a prolonged increase
Term
sag
Definition
experience a momentary low in power level
Term
brownout
Definition
experience a prolonged decrease in voltage
Term
fault
Definition
complete loss of power
Term
blackout
Definition
prolonged loss of power
Term
competitive intelligence
Definition
legal techniques used to access the information about a company and/or clients
Term
industrial espionage
Definition
when information gatherers employ techniques that cross the threshold of what is legal or ethical.
Term
hackers
Definition
people who use and create computer software to gain access to information illegally.
Term
trepass
Definition
unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter.
Term
expert hacker/elite hacker
Definition
They develop software scripts and program exploits used by those in the second category, the notice hacker.
Term
back doors
Definition
using a known or previously unknown and newly discovered access mechanism, an attacker can gain access to a system or network resource.
Term
password crack
Definition
attempting to reverse calculte a password
Term
brute force
Definition
the application of computing and network resources to try every possible combination of options a password
Term
dictionary
Definition
the type of password attack narrows the field by selecting specific accounts to attack and uses a list of commonly used passwords to guess with
Term
Denial-of-Service (DoS)
Definition
the attacker send a large number of connection or information requests to a target. So many requests are made that the target system cannot handle them successfully along with other, legitimate requests for service. This may result in a system crash or merely an inability to perform ordinary functions.
Term
Distributed Denial-of-Service (DDoS)
Definition
an attack in which a coordinated stream of requests is launched against a target from many locations at the same time
Term
spoofing
Definition
a technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is comng from a trusted host.
Term
Man-in-the-Middle
Definition
TCPhijacking attack, an attacker sniffs packets from the network, modifies them, and inserts them back into the network
Term
spam
Definition
unsolicited commercial e-mail. while many consider it a nuisance rather than an attack, it is emerging as a vector for some attacks
Term
mail bombing
Definition
another form of email attack that is also a DoS, in which an attacker routes large quantities of email to the target.
Term
sniffers
Definition
a program and/or device that can monitor data travelling over a network. They can be used both for legitimate network management funcitons and for stealing information form a network
Term
phishing
Definition
an attempt to gain personal or financial information from and individual, usually by posing as a legitimate entity
Term
pharming
Definition
the redirection of legitimate web traffic to an illegitimate site for the purpose of obtaining private information
Term
social engineering
Definition
with the context of information security, the process of using social skills to convince people to reveal credentials or other valuableinformation to the hacker
Term
timing attack
Definition
works by exploring the contents of a web browser's cache. This could allow the designer to collect information to access to passwork-protected sites. another attack by the same name involves attempting to intercept cryptographic elements to determine keys and encryption algorithms.
Term
Secure Software Assurance (SwA) Common Body of Knowledge (CBK)
Definition
serves a strongly recommended guide to developing more secure applications.
Term
1)Protects organizations's ability to function
2)Enables safe operations of applications implemented on organization's IT systems
3) Protects date the organization collects and uses
4) Safeguards the technology assets in use at the organization
Definition
Information security performs four important functions:
Term
Threat
Definition
object, person, or other entity representing a constant danger to an asset
Term
Policy, education, training, and technology controls
Definition
management effectively protects its information through:
Term
Attack
Definition
a deliberate act that exploits vulnerability
Term
secure software
Definition
secure systems require ____ ____.
Supporting users have an ad free experience!