Cyberattacks and Cybersecurity - Chapter 3 (Original by LSUWaRRIOR)

Please don't credit me. Original is by LSUWaRRIOR (https://quizlet.com/567656221/cyberattacks-and-cybersecurity-chapter-3-flash-cards/)

Making decisions regarding IT security involves weighing these three complex trade-offs:

#How much effort and money should be spent to safeguard against computer crime?

#What should be done if recommended IT security safeguards make conducting business more difficult, resulting in lost sales and increased costs?

#If a firm is a victim of a cybercrime, should it pursue prosecution of the criminals, maintain a low profile to avoid negative publicity, inform affected customers, or take some other action?

Why are computer incidents so prevalent?

#As more devices are added, the number of network entry points grows, increase security risks

#Expanding and changing systems introduce new risks, IT orgs must: keep up with tech. change, perform ongoing security assessments, and implement approaches for dealing with new risks

#Bring your own device (BYOD) policies

#Growing reliance on commercial software with known vulnerabilities

#Increasing sophistication of those who would do harm

Exploit

An attack on an info. system that takes advantage of a particular system vulnerability

Zero-day attack

Takes place before the security community or software developer becomes aware of and repairs a vulnerability

Black hat hacker

Someone who violates computer or Internet security maliciously or for illegal personal gain

Cracker

An individual who causes problems, steals data, and corrupts systems

Malicious insider

An employee or contractor who attempts to gain financially and/or disrupt a company's information systems and business operations

Industrial spy

An individual who captures trade secrets and attempts to gain an unfair competitive advantage

Cybercriminal

Someone who attacks a computer system or network for financial gain

Hacktivist

An individual whose goal is to promote a political ideology

Cyberterrorist

Someone who attempts to destroy government infrastructure, financial institutions, and other corps, utilities, and emergency response units

Ransomware

Malware that stops you from using your computer or accessing your data until you meet certain demands such as paying a ransom or sending photos to the attacker

Virus

a piece of programming code inserted into other programming to cause some unexpected and, for the victim, usually undesirable event

Worm

a harmful program that resides in the active memory of the computer and duplicates itself

Trojan horse

A program in which malicious code is hidden inside a seemingly harmless program.

Logic bomb

executes when it is triggered by a specific event.

Blended threat

An attack that combines the features of a virus, worm, Trojan horse, and other malicious code into a single payload

Spam

The use of email systems to send unsolicited email to large numbers of people

Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act

Makes spam legal with certain restrictions--the email must include: a real return address, a label specifying that it is an ad or solicitation, and a way for recipients to opt out of future emails

CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart)

Software that generates and grades tests that humans can pass but computer programs cannot

distributed denial-of-service (DDoS) attack

an attack that takes over computers via the Internet, causing them to flood a target site with demands for data and other small tasks

Rootkit

A set of programs that enables its user to gain administrator level access to a computer without the end user's consent or knowledge.

Advanced Persistent Threat (APT)

an attack in which an intruder gains access to a network and stays there--undetected--with the intention of stealing data over a period of weeks or months

Phishing

The act of fraudulently using email to try to get the recipient to reveal personal data.

Spear phishing

A variation of phishing in which the phisher sends fraudulent emails to a certain organization's employees.

Smishing

A variation of phishing in which victims receive a legitimate-looking SMS text message on their phone telling them to call a specific phone number or to log on to a Web site.

Vishing

A variation of phishing in which victims receive a voice mail telling them to call a specific phone number or log on to access a specific Web site.

Cyberespionage

The deployment of malware that secretly steals data in the computer systems of organizations, such as government agencies, military contractors, political organizations, and manufacturing firms.

Cyberterrorism

the intimidation of a government or a civilian population by using IT to disable critical national infrastructure

Department of Homeland Security (DHS)

a federal agency whose goal is to provide for a safe, more secure America, resilient against terrorism and other potential threats

U.S. Computer Emergency Readiness Team (US-CERT)

A DHS and public/private sector partnership; serves as a clearinghouse for information on new security threats

Computer Fraud and Abuse Act

Addresses fraud and related activities in association with computers including:

#Accessing a computer w/o authorization

#Transmitting code that causes harm to a computer

#Trafficking of computer passwords

#Threatening to cause damage to a protected computer

Stored Wire and Electronic Communications and Transactional Records Access Statutes

Focuses on unlawful access to stored communications to obtain, alter, or prevent authorized access to a wire or electronic communication while it is in electronic storage

USA Patriot Act

Defines cyberterrorism and associated penalties

CIA security triad

Confidentiality, Integrity, Availability of systems and data

Mission-critical processes

Business processes that are more pivotal to continued operations and goal attainment than others

Bank Secrecy Law of 1970

Requires financial institutions in the United States to assist U.S. government agencies in detecting and preventing money laundering

Federal Information Security Management Act

Requires every federal agency to provide information security for the date and information system that support the agency's operations and assets

Health Insurance Portability and Accountability Act

Regulates the use and disclosure of an individual's health information

Security dashboard software

#Provides a display of all key performance indicators including: threats, exposures, policy compliance, incident alert

Authentication methods

#Username and password

#Smart card and a PIN

#Fingerprint

#Voice pattern sample

#Retina scan

Multifactor authentication schemes

#Biometrics

#One-time passwords

#Hardware tokens that plug into a USB port and generate a password

Firewall

a system of software and/or hardware that stands guard between an org's internal network and the Internet

Next-generation firewall (NGFW)

a hardware- or software-based network security system that blocks attacks by filtering network traffic based on packet contents

Routers allow you to:

#Create a secure network by assigning it a passphrase

#Specify a unique media access control (MAC) address for each legitimate device connected to the network and prevent access by any other device

Encryption

the process of scrambling messages or data in such a way that only authorized parties can read it

Encryption key

a value that is applied to unencrypted text to produce encrypted text that is unreadable by those without the encryption key == two types of encryption algorithms: symmetric and asymmetric

Transport Layer Security (TLS)

#a communications protocol that ensures privacy between communicating applications and their users on the Internet

#TLS enables a client (e.g., a web browser) to initiate a temporary private conversation with a server

Intrusion detection system (IDS)

#Knowledge-based: contains info about specific attacks and system vulnerabilities and watches for attempts to exploit these vulnerabilites (e.g., repeated failed login attempts

#Behavior-based: models normal behavior of a system and its users based on reference info; compares current activity to this model, looking for deviations (e.g., unusual traffic at odd hours)

CIA at the Application Level

#Authentication methods

#User roles and accounts

#Data encryption

CIA at the End-User-Level

#Security education

#Authentication methods

#Antivirus software

#Data encryption

Response to Cyberattack

#An org should be prepared for the worst

#Primary goal must to be regain control and limit damage, not attempt to monitor or catch an intruder

#A well-developed response plan helps keep an incident under technical and emotional control

Eradication

Before the IT security group begins eradication efforts, it must collect and log all possible criminal evidence and then verify all backups are current, complete, and free of malware

Managed security service provider (MSSP)

A company that monitors, manages, and maintains computer and network security for other organizations.

Computer forensics

Combines all the elements of law and computer science to collect, examine, and preserve data from computer devices and networks in a manner that preserves the integrity of the data gathered so it is admissible as evidence in court