FBIM words 11

Wireless networks in many locations do not have basic protections against ___, in which eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic.

war driving

__ refers to the policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.

security

___ computer systems contain redundant hardware, software, and power supply components that create an environment that provides continuous, uninterrupted service. Such computers use special software routines or self-checking logic built into their circuitry to detect hardware failures and automatically switch to a backup device.

fault tolerant

To help businesses reduce costs and improve manageability, security vendors have combined into a single appliance various security tools, including firewalls, virtual private networks, intrusion detection systems, and web content filtering and anti-spam software. These comprehensive security management products are called ___ systems.

unified threat management (UTM)

___ systems feature full-time monitoring tools placed at the most vulnerable points or hot spots of corporate networks to detect and deter intruders continually.

intrusion detection

___ is a state-sponsored activity designed to cripple and defeat another state or nation by penetrating its computers or networks to cause damage and disruption.

cyberwarfare

A ___ tries to extort money from users by taking control of their computers, blocking access to files, or displaying annoying pop-up messages.

ransomware

A ___ is an individual who intends to gain unauthorized access to a computer system. They gain unauthorized access by finding weaknesses in the security protections websites and computer systems employ.

hacker

___ audit the systems development process at various points to ensure that the process is properly controlled and managed.

implementation controls

___ record every keystroke made on a computer to steal serial numbers for software, to launch Internet attacks, to gain access to email accounts, to obtain passwords to protected computer systems, or to pick up personal information such as credit card or bank account numbers.

keyloggers

___ devises plans for the restoration of disrupted computing and communications services. It focuses primarily on the technical issues involved in keeping systems up and running, such as which files to back up and the maintenance of backup computer systems or services.

disaster recovery planning

___ are independent computer programs that copy themselves from one computer to other computers over a network. They can operate on their own without attaching to other computer program files and rely less on human behavior to spread rapidly from computer to computer. They destroy data and programs as well as disrupt or even halt the operation of computer networks.

worms

___ govern the design, security, and use of computer programs and the security of data files in general throughout the organization's information technology infrastructure. On the whole, they apply to all computerized applications and consist of a combination of hardware, software, and manual procedures that create an overall control environment.

general controls

__ software automates the process of keeping track of all these users and their system privileges, assigning each user a unique digital identity for accessing each system. It also includes tools for authenticating users, protecting user identities, and controlling access to system resources.

identity management

__ software automates the process of keeping track of all these users and their system privileges, assigning each user a unique digital identity for accessing each system. It also includes tools for authenticating users, protecting user identities, and controlling access to system resources.

identity management

__ refers to periods of time in which a system is not operational.

downtime

An ___ defines acceptable uses of the firm's information resources and computing equipment, including desktop and laptop computers, mobile devices, telephones, and the Internet. A good ___ defines unacceptable and acceptable actions for every user and specifies consequences for noncompliance.

acceptable use policy

A ___ is a physical device, similar to an identification card, that is designed to prove the identity of a single user. They are small gadgets that typically fit on key rings and display passcodes that change frequently

token

___ monitor the use of system software and prevent unauthorized access and use of software programs, system software, and computer programs

software controls

___ uses systems that read and interpret individual human traits, such as fingerprints, irises, and voices to grant or deny access. It is based on the measurement of a physical or behavioral trait that makes each individual unique. It compares a person's unique characteristics, such as the fingerprints, face, voice, or retinal image, against a stored profile of these characteristics to determine any differences between these characteristics and the stored profile. If the two profiles match, access is granted.

biometric authentication

A ___ is a type of eavesdropping program that monitors information traveling over a network. When used legitimately, they help identify potential network trouble spots or criminal activity on networks, but when used for criminal purposes, they can be damaging and very difficult to detect. They enable hackers to steal proprietary information from anywhere on a network, including email messages, company files, and confidential reports.

sniffer

___ injection attacks exploit vulnerabilities in poorly coded web application software to introduce malicious program code into a company's systems and networks. These vulnerabilities occur when a web application fails to validate properly or filter data a user enters on a web page, which might occur when ordering something online. An attacker uses this input validation error to send a rogue _ query to the underlying database to access the database, plant malicious code, or access other systems on the network.

SQL

___ involves setting up fake websites or sending email messages that look like those of legitimate businesses to ask users for confidential personal data. The email message instructs recipients to update or confirm records by providing social security numbers, bank and credit card information, and other confidential data, either by responding to the email message, by entering the information at a bogus website, or by calling a telephone number.

Pishing

click fraud

___ occurs when an individual or computer program fraudulently clicks an online ad without any intention of learning more about the advertiser or making a purchase. It has become a serious problem at Google and other websites that feature pay-per-click online advertising.

social engineering

"Cyberattacks do not have to be high-tech; they can instead rely on phone calls, human greed, and ___ methods to target those who might not be particularly digitally savvy, and who therefore assumed they would be safe. "