Information Security: Barbarians at the Gateway

A set of flashcards designed for students to review key concepts from a lecture on Information Security, focusing on threats, motivations, and solutions related to cybersecurity.

What key factors amplify a firm's vulnerability to security breaches?

Personnel issues, technology problems, procedural factors, and operational issues.

What significant event did hackers inflict on Equifax?

Hackers stole data on 143 million consumers, including sensitive information like Social Security numbers.

What was a notable consequence of the Target data breach?

Target faced its largest decline in transactions and profits, numerous lawsuits, and CEO ouster.

What motivates cybercriminals to initiate security attacks?

Account theft, illegal funds transfer, data theft, extortion, and corporate espionage.

What is ransomware?

Malware that encrypts an organization's data and demands ransom for the decryption key.

What are white hat hackers?

Individuals who uncover system vulnerabilities without exploiting them, contributing to system security.

What is the purpose of social engineering in a security breach?

To trick employees into revealing sensitive information or performing actions that compromise security.

How does phishing differ from spear phishing?

Phishing is a generic attempt to obtain sensitive information, while spear phishing targets specific organizations or individuals.

What is encryption?

The process of scrambling data using a code to hide it from unauthorized users.

How does a brute-force attack work?

It exhausts all possible password combinations to break into an account.

What is the role of multi-factor authentication in security?

To require two or more forms of identification before granting access to an account.

What is a potential risk of user-generated passwords?

Users often create weak or easily compromised passwords, leading to security vulnerabilities.

What are the primary goals of malware?

To gain unauthorized access to systems for various malicious purposes, including data theft and disruption.

What is a DDoS attack?

An attack where a firm's systems are flooded with requests, slowing down or shutting down services.

What does the term 'botnet' refer to?

A network of compromised computers that are controlled remotely to perform malicious activities.

What are two critical features of modern credit card security like those used by Apple Pay?

Multi-factor authentication and encryption.

What is a passkey and how does it enhance security?

A passkey eliminates the need for traditional passwords by using biometric identification for secure access.

What is a typical consequence when organizations ignore cybersecurity warnings?

They may suffer significant breaches, leading to financial losses, legal consequences, and damage to reputation.

What is the purpose of a security audit within organizations?

To monitor usage, ensure compliance with policies, and identify vulnerabilities.

What should organizations avoid in their cybersecurity strategy?

Spending excessively on unlikely exploits while underinvesting in common infiltration prevention methods.

What role does AI play in cybersecurity?

AI can improve threat detection, vulnerability audits, and adapt to emerging cyber threats.