SRA221 Chapter 1 – Flashcards
Unlock all answers in this set
Unlock answersquestion
attacks or attackers that can do harm.
answer
Threat
question
the types of attackers and attacks companies face.
answer
Threat environment
question
"Understanding the threat environment"
answer
is a fancy way of saying *** know your enemy***
question
any resources valuable to an organization to conduct its business
answer
Asset
question
Examples of Assets
answer
an asset could be a human resource too. assets can be data,hardware, information and etc
question
any weakness in you security system
answer
Vulnerability
question
when a threat succeeds in causing harm to a business, this is called an incident, breach, or compromise.
answer
Compromise
question
Synonyms for Compromise
answer
breach incident
question
tools used to thwart attacks (also called safeguards, protections, and controls)
answer
Countermeasures
question
ways to either reduce or remove the possibility of a threat getting materialized
answer
Countermeasures
question
Risk
answer
the possibility /probability of a threat getting materialized the consequence/damage done to the asset
question
Types of countermeasures
answer
Preventive Detective Corrective
question
help get the business process back on track after the attack has been successful <<the quicker they get back on track the better
answer
Corrective
question
identify when a threat is attacking and when they are succeeding // fast detection can minimize damage.
answer
Detective
question
keeps attacks from succeeding // most controls are preventative.
answer
Preventive
question
Threat Environments
answer
internal threats external threats
question
attack and attackers originating from the organization itself this could be both intentional or accidental
answer
internal threats
question
attacks and attackers originating from the outside of the organization terrorist Rogue nations Criminals
answer
external threats
question
means that people cannot read sensitive information, either while it is on a computer or while it is traveling across a network. computing resources/data/info only accessible to the authorized users
answer
Confidentiality
question
means that attackers cannot change or destroy information, either while it is on a computer or while it is traveling across a network. Or, at least, if information is changed or destroyed, then the receiver can detect the change or restore data. computing resources/data only modifiable or removable by the authorized users
answer
Integrity
question
means that people who are authorized to use information are not prevented from doing so. Computing resources/data/info accessible when needed by the authorized user
answer
Availability
question
Employees and ex-employees are very dangerous because they have extensive knowledge of systems, have the credentials needed to access sensitive parts of systems, often know how to avoid detection, and can benefit from the trust that usually is accorded to "our people."
answer
Insider threat
question
Forms of insider threats
answer
Sabotage Employee hacking // Authorization is key Employer financial theft and theft of intellectual property (IP) Employee Extortion Sexual or Racial Harassment of Other Employees Employee Computer and Internet Abuse Date Loss Other "Internal" Attackers
question
destruction of hardware, data, software, and the planting of time bomb or logic bomb
answer
Sabotage
question
embezzle money steal intellectual property trade secrets- pieces of sensitive information that a firm acts to keep secret.
answer
Employee hacking // Authorization is key
question
information owned by the company and protected by law. misappropriation of assets theft of money
answer
Employer financial theft and theft of intellectual property (IP)
question
threatening Against the victim's interest
answer
Employee Extortion
question
via email displaying pornographic material
answer
Sexual or Racial Harassment of Other Employees
question
Use policies Ethnic policies Legal consequence Infection Non-internet abuse **unauthorized access
answer
Employee Computer and Internet Abuse
question
Lost: laptops, storage media, usb, optical disks Average cost of data breach in 2010 ;; might not be lost could have just been changed as well 4,000,000
answer
Date Loss
question
Other "Internal" Attackers
answer
contract workers ;; the know everything that there and are able to leave
question
a generic term for evil software.
answer
Malware
question
require help from another program and a person (trigger) // programs that attach themselves to legitimate programs on the victim's machine.
answer
Viruses
question
can spread on their own // stand-alone programs that do not attach themselves to other programs
answer
Worms
question
many times viruses and worms are combined into a single program posting a bigger threat // propagate both as viruses and worms.
answer
Blended threats
question
the pieces of code that do damage. // malicious payloads can do extreme damage, for example, by randomly deleting files from the victim's hard disk drive or by installing some of the other types of malware described later in this section.
answer
Payloads
question
pretend to be one thing a programs that hides itself by deleting a systems file and taking on its name this makes it difficult to detect downloads -programs the download malicious malware spyware-program that collects sensitive information on a person's program rootkit-changes the OS
answer
Trojan horses
question
mobile refers to the portable program portable in turn means that the malicious code can be running on multiple platforms Alot of mobile codes are web based Javascript activeX
answer
Mobile Codes
question
Benign Advertisement Phishing Spear Phishing<< at a single group of people
answer
Spam
question
goal: find out weaknesses <<example robbing a house and finding the weaknesses hackers want to know what the target map looks like
answer
Probing
question
scripts that allows hackers to deface website
answer
Script kiddies
question
find host that are active Internet control message protocol ICMP waits for the echo to find that IP message
answer
IP address scanning
question
Responses syn/ack RST no response
answer
Port Scanning
question
80,<world wide web 21 22 23 25<<email
answer
Well known Port Number
question
More information about applications operating systems
answer
Fingerprinting
question
The exploit
answer
goal: weaknesses found and exploit or attack <<example attackers exploit vulnerability exploit (noun) exploit (verb) <<actually have control of the host Own
question
once exploit succeeds each packet carries a source IP address and is dangerous for hackers because it allows companies to find them. Spoofing allows some packets to avoid this by changing the IP address. using a fake IP address instead of the real one so the hacker does not get identifies objective is so the hacker is not found
answer
Spoofing
question
the clever manipulation of the natural human tendency to trust
answer
Social Engineering
question
Piggybacking
answer
someone has access
question
Shoulder Surfing
answer
actually watching someone type in their password
question
Pretexting
answer
pretending to be someone and try to get information
question
Attempts to make a server or network unusable to other legitimate servers or attacks on availability do this by flooding the system with attack packets
answer
Denial of Service (DoS) Attacks
question
What aspect of security control does DoS affect the most
answer
Servers and networks because the are flooded and legitimate users are not able to use it
question
How does DoS attacks work?
answer
attacker floods the server with TCP connection requests flooded requests
question
affect of DoS attack
answer
cpu and memory loss new functionalities cannot fix bugs increased spam unable to software update
question
Distributed DoS
answer
place programs called bots onto internet servers or host bot master sends message to all the bots to attack bots start to sending out attack packets to victim and flood them
question
Why is it important for firms to understand threat environment?
answer
So that firms are able to prepare for different attacks/threats. It is the idea of "knowing your enemy"
question
Name three common security goals ?
answer
Confidentiality, Integrity, and Availability
question
What is an incident?
answer
when a threat succeeds in causing harm to a firm or business
question
What are synonyms for incidents?
answer
breach or compromise
question
What are some synonyms for countermeasure?
answer
safeguards, protections, or controls