Studied by 0 people
Looks like no one added any tags here yet for you.
What are the key measures for securing information systems?
Security prevents unauthorized access/damage, and controls protect assets and ensure accuracy.
What are the major vulnerabilities in information systems?
Network Accessibility (open networks).2. Hardware/Software Issues (breakdowns, errors).3. Disasters/Device Theft (unexpected data loss).
Name two major areas of security challenges and examples for each.
Internet Vulnerabilities: Open networks, unencrypted data, malicious emails.
Wireless Security: Rogue access points, war driving, unauthorized access, radio frequency bands easy to scan
What are examples of malicious software (malware)?
Viruses, worms, Trojans, spyware, ransomware, SQL injection, and keyloggers.
what are viruses and worms
Malicious programs that attach to legitimate files or programs and spread when those are executed.
Standalone malware that replicates itself to spread across networks, often exploiting security vulnerabilities, without needing a host file or user action.
How do worms and viruses spread?
Through downloads, email attachments, and social networks.
Differentiate hackers and crackers.
Hackers: Skilled individuals who explore and improve systems.
Crackers: Break into systems and bypass security for malicious purposes.
both can intrude on systems and damage them
Name common computer crimes
Identity theft, phishing, cyberterrorism, DoS attacks.
What are examples of Software vulnerability
bugs, flawa, zero day vulnerabilities, and patches
Why are employees a significant security risk?
They may have insider knowledge, fall victim to social engineering, or lack security training.
What is the impact of a security breach on a business?
Loss of business functions, legal liability, and decreased market value.
What are key regulations for securing information systems?
HIPAA: Medical data security.
Gramm-Leach-Bliley Act: Customer financial data.
Sarbanes-Oxley Act: Financial accuracy.
Define electronic evidence and computer forensics
Digital data for legal cases usually white collar crimes, saves money
Analyzing data for legal purposes, recovering for ambient data
Differentiate between general and application controls.
General Controls: Hardware, software, data security, govern design
Input, processing, and output controls for applications.
What is the purpose of risk assessment?
To evaluate risks if certain activities aren't controlled.
What are examples of security policies?
Ranks risks and sets goals.
AUP: Defines appropriate resource use.
Identity Management: Controls user access.
What is the difference between disaster recovery and business continuity?
Disaster Recovery: Restores disrupted services.
Business Continuity: Ensures operations continue after a disaster.
What is the purpose of security audits?
To test disaster response and identify control weaknesses.
Name key tools for securing information systems.
Identity management software, firewalls, intrusion detection, antivirus, UTM (unified threat mamagement).
Compare WEP and WPA2.
WEP: Basic encryption, vulnerable to attacks.
WPA2: Stronger, dynamic encryption, replaces WEP.
What are the types of encryption?
Symmetric Key: Shared key for encryption and decryption
Public Key: Key pair for secure exchanges.
What ensures 100% system availability?
Fault-tolerant systems with redundant components, online reansaction processing
What are key security measures for the cloud and mobile platforms?
Data protection, legal compliance, device management, and encryption.
How is software quality maintained?
Through metrics, early testing, and debugging.
