BTE 210 Exam 2 PT. 2

Factor Contributing to Vulnerability 1

today’s interconnected, interdependent, wirelessly networked business environment

Factor Contributing to Vulnerability 2

Smaller, faster, cheapter computers and storage devices

Factor Contributing to Vulnerability 3

decreasing skills necessary to be a computer hacker

Factor Contributing to Vulnerability 4

International organized crime is taking over cybercrime

Factor Contributing to Vulnerability 5

Lack of management support

Security

The degree of protection against criminal activity, danger, damage, and/or loss.

Information Security

all processes and policies to protect organizations info and info systems from unauthorized access

Greatest human error threat

Higher level employees

Human error two areas of significant threat

Human resources and information systems

Human error peripheral threats

contract labor, consultants, janitors, and guard

Carelessness with laptops

common human error

Carelessness with computing devices

common human error

Opening questionable e-mails

common human error

Careless internet surfing

common human errors

Poor password selection and use

common human error

Carelessness with one’s office

common human error

Carelessness with discarded equipment

common human error

careless monitoring of environmental hazards

common human error

Espionage or trespass

deliberate threats to information systems

Information extortion

deliberate threats to information systems

Sabotage or vandalism

deliberate threats to information systems

SCADA Attacks

used to monitor the chemical, physical, and transport ; deliberate threats to information systems

Cyberterrorism and cyberwarfare

often political ; deliberate threats to information systems

Software attacks requiring user action (4)

Virus, worm, phishing attack, spear phishing attack

Virus

segment of malicious code

Worm

segment of malicious code that self replicates

Phishing

Poses as legit organizations

Spear phishing

Target large groups of people; more targeted

Software attacks not needing user action (2)

Denial of Service attack, distributed denial of service attack

Denial of Service Attack

so many information requests that crashes the computer

Distributed denial of service attacj

Creates multiple computer bots and thus a botnet to target a single computer

Software attacks created by a programmer developing a system

Trojan horse, back door, logic bomb

Trojan Horse

hides in other computer programs and reveal their behavior once activated

Back Door

Attacker knows a password to access computer at will

Logic Bomb

Specific action at a time or date 

Alien Software

Adware, spyware

Adware

Generates pop-up ads

Spyware

Collects personal information without consent

Inside threats employees

application programmer, systems programmers, operations, users

Application programmer

program applications to function contrary to specifications

Systems Programmer

Bypass security, disable security, install non-secure systems

Operations

Duplicate records, initializing non-secure system, theft of material

Users

data entry errors, weak passwords, lack of training

Inside Threats (hardware)

Terminals, PCS, Databases

Terminals

Located in nonsecure environment

PCS

Fraud ID, illegal leakage, malware, theft

Databases

Unauthorized access, copying, theft

Outside threats (internets)

Malware, denial of service, unauthorized users

Corporate LAN defense mechanisms physical controls

Human guard, ID,

Corporate LAN defense mechanisms access controls

Authentication, password, personal ID

Corporate LAN defense mechanisms communications controls

Firewall

Access Control Types

Authentication, authorization

Authentication

User is, has, does, knows

Authorization

anti-malware, firewall, encryption (can only be read by the reader)

Comment for C++

//

Comment for Python

#