05 IT risk and security

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/43

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

44 Terms

1
New cards

information security

protecting information systems from unauthorized access, disruption, or destruction

2
New cards

confidentiality

keeping data private

3
New cards

integrity

making sure data isn’t altered

4
New cards

availability

ensuring systems and data are accessible when needed

5
New cards

IT Risk

potential for loss or damage to IT systems/data

6
New cards

operational IT risk

system failure and human error

7
New cards

security IT risk

unauthorized access, hacking

8
New cards

compliance IT risk

violating laws or regulations

9
New cards

reputational IT risk

data breach leading to loss of trust

10
New cards

natural threats

floods and tornados

11
New cards

unintentional threats

employee mistakenly accessing the wrong information

12
New cards

intentional threats

spyware, malware, adware companies, or the actions of disgruntled employees

13
New cards

vulnerability

known weaknesses that can be exploited by an attacker

14
New cards

how can develop a strategy for vulnerability

identifying weak points

15
New cards

managing threats

team members stay informed of current trends in cybersecurity, perform regular risk assessments, and conduct penetration testing

16
New cards

Red team

attacks/hacks the infrastructure

17
New cards

Blue team

defenders against attacks

18
New cards

ransomware attacks

protect against ransomware through robust backup strategies, employee awareness training, and regular security patching

19
New cards

five ways to avoid falling victim to phishing scams

note email addresses, be suspicious of ask for sensitive information, never respond to request for personal information, beware of phone phishing scams, never follow the links in an email if you suspect they might be phishing

20
New cards

how to prevent supply chain attacks

vendor vetting, regular security assessments, and robust incident response reports

21
New cards

APTs

sophisticated, long-term cyber-attacks targeting specific entities, such as governments or large organizations

22
New cards

how to mitigate APTs

strong access controls, regular security assessments, and advance threat detection and response technologies

23
New cards

mitigate IoT vulnerabilities by having

strong passwords regular firmware updates, and network segregation

24
New cards

denial of service (DOS) attacks

make system unusable so denies access/disrupts workflow

25
New cards

how to combat social engineering and phishing attacks

cybersecurity awareness training, two-factor authentication, and cautious information sharing

26
New cards

cybercriminals leverage

artificial intelligence to orchestrate sophisticated attacks

27
New cards

how to counteract malicious AI

adopt AI based security solutions and invest in AI driven defense mechanisms

28
New cards

significant concerns of cloud security risks

misconfigurations, data breaches, and unauthorized access to cloud environments

29
New cards

cloud security risk minimization strategies

prioritize secure cloud configurations, strong authentication and encryption, ad continuous monitoring of cloud environments

30
New cards

how to protect mobile malware and vulnerabilities

reputable security apps, regular operating system updates, and continuous app downloads

31
New cards

how to prevent insider threats

strict access controls, employee activity monitoring, and regular cybersecurity training

32
New cards

data breach

information is accesses and extracted without authorization

33
New cards

data leak

data located where it is not supposed to be. confidential info open to the public, sold on the black market or held for ransom

34
New cards

best practices to prevent data breaches

investing in the right security infrastructure, vulnerability assessment, policy for equipment use, staff training

35
New cards

backup (business continuity plan)

provides an exact copy of a systems information

36
New cards

recovery

able to get a system up and running after a crash

37
New cards

disaster recovery

able to recover information or system in the event of a catastrophic disaster such as a fire or flood

38
New cards

business continuity plan

backup and recovery, disaster recovery, and business continuity planning

39
New cards

business continuity planning

creates a way for a company to recover and restore partially or completely interrupted critical functions within a predetermined time after a disaster or extended disruption

40
New cards

first step to managing risk

understanding your vulnerability

41
New cards

point of access =

key to everything

42
New cards

access management

multi-factor authentication, known device, role-based access management

43
New cards

be cybersafe

update your software, create a passphrase for all passwords, review phishing scams, tweak your settings

44
New cards

cybersecurity best practices

strong, unique passwords, two-factor authentication, think before you click, backups, keep system updated