ITS CHAPTER 5 - Digital Security

true

T or F: Today, people rely on technology to create, store, and manage their critical information.

false

T or F: It is NOT important that users take measures to protect or safeguard their computers, mobile devices,, data, and programs from loss, damage, and misuse.

digital security risk

_____________ is any event or action that could cause a loss of or damage to a computer or mobile device hardware, software, data, information, or processing capability.

digital security risks

Computers and mobile devices, along with the data and programs they store, are exposed to several types of _________________.

true

T or F: While some breaches to digital security are accidental, many are intentional.

true

T or F: Other intruders indicate some evidence of their presence either by leaving a message or by deliberately altering or damaging data.

computer crime

Any illegal act involving the use of a computer or related devices generally is referred to as a ______________.

cybercrime

____________ is an online or internet-based illegal act

crimeware

Software used by cybercriminals sometimes is called ______________.

hacker

The term________ originally a complimentary word for a computer enthusiast, now has a derogatory meaning and refers to someone who accesses a computer or network illegally.

computer enthusiasts

The term hacker is originally a complimentary word for a _______________

true

T or F: Some hackers claim the intent of their security breaches is to improve security

cracker

___________ is also someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious actions.

false

T or F: Both hackers and crackers do not have computer and network skills

script kiddie

_________ has the same intent as a cracker but does not have the technical skills and knowledge

true

T or F: Script kiddies often use prewritten hacking and cracking programs to break into computers and networks

corporate spies

Some ___________ have excellent computer and networking skills and are hired to break into a specific computer and steal its proprietary data and information, or to help identify security risks in their own organization

corporate espionage

Unscrupulous companies hire corporate spies, a practice known as _____________, to gain a competitive advantage

unethical employees

____________ may break into their employers’ computers for a variety of reaons

cyberextortionist

_______________ is someone who demands payment to stop an attack on an organization’s technology infrastructure

cyberextortionist

These perpetrators threaten to expose confidential information, exploit a security flaw, or launch an attack that will compromise the organization’s network if they are not paid a sum of money

cyberterrorist

_____________ is someone who uses the internet or network to destroy or damage computers for political reasons

cyberterrorist

___________ might target the nation’s air traffic control system, electricity-generating companies, or a telecommunications infrastructures.

cyberwarfare

__________ describes an attack whose goal ranges from disabling a government’s computer network to crippling a country

cyberterrorism and cyberwarfare

_____________ and ___________ usually require a team of highly skilled individuals, millions of dollars and several years of planning

false

T or F: Information kept on an organization’s premises has a higher degree of security risk than information transmitted over networks

network administrators

In an organization, ______________ usually take measures to protect a network from security risks.

malware

_________ short for malicious software, consists of programs that act without a user’s knowledge and deliberately alter the operations of computers and mobile devices

malicious software

Malware stands for __________

payload

___________ a destructive event or prank on a computer or mobile device delivered in a variety of ways

email attachments

A common way that computers and mobile devices become infected with viruses and other malware is through users opening infected _________

adware

A program that display an online advertisement in a banner, pop-up window, or pop-under window on webpages, email messages, or other internet services.

ransomware

A program that blocks or limits access to a computer, phone, or file until the user pays a specified amount of money

rootkit

A program that hides in a computer or mobile device and allows someone from a remote location to take full control of the computer or device

spyware

A program places on a computer or mobile device without the user’s knowledge that secretly collects information about the user and then communicates the information it collects to some outside source while the user is online.

trojan horse

A program that hides within or looks like a legitimate program. Unlike a virus or worm, a trojan horse does not replicate itself to other computers or devices.

virus

A potentially damaging program that affects, or infects, a computer or mobile device negatively by altering the way the computer or device works without user’s knowledge or permission

worm

A program that copies itself repeatedly, for example in memory or on a network, using up resources and possibly shutting down the computer, device, or network

true

T or F: In extreme cases, in order to remove malware from a computer or mobile device, you may need to erase, or reformat, an infected computer’s hard drive, or reset a mobile device to its factory settings.

false

T or F: Viruses, worms, and malware cannot be hidden in downloaded game files, mobile apps, email message attachments, and messaging software.

botnet

A _________ is a group of compromised computers or mobile devices connected to a network

zombie

A compromised computer or device is known as __________

zombie army

Botnet is also known as _____________

bot

________ is a program that performs a repetitive task on a network

true

T or F: You device may be a zombie if you notice an unusually high drive activity, a slower than normal internet connection, or connected devices becoming increasingly unresponsive

true

T or F: The chances of your computer or devices becoming part of a botnet greatly increase if your devices are not protected by an effective firewall

denial of service attack or DoS attack

_____________ disrupts computer access to an internet service

distributed DoS attack or DDoS attack

A more devastating type of DoS attack is the ___________, in which a zombie army is used to attack computers or computer networks.

true

T or F: DDoS attacks have been able to stop operations temporarily at numerous websites

hactivists

__________ those who disagree with the beliefs or actions of a particular organization, claim political anger motivates their attacks

back door

_________ is a program or set of instructions in a program that allow users to bypass security controls

back door

________ allows perpetrators to continue to access the computer remotely without the user’s knowledge

true

T or F: Programmers and computer repair technicians can install and build back doors during system development and troubleshooting

spoofing

_________ is a technique intruders use to make their network or internet transmission appear legitimate

IP spoofing and email spoofing

What are the two common types of spoofing schemes?

IP spoofing

_________ occurs when an intruder computer fools a network into believing its IP address is associated with a trusted source

true

T or F: Perpetrators of IP spoofing trick their victims into interacting with the phony website

email spoofing

________ occurs when the sender’s address or other components of an email header are altered so that it appears that the email message originated from a different sended

email spoofing

____________ commonly is used in virus hoaxes, spam, and phishing scams

online security service

__________ is a web app that evaluates your computer or mobile device to check for internet and email vulnerabilities

Computer Emergency Response Team Coordination Center or CERT/CC

____________ is a federally funded internet security research and development center

firewall

__________is hardware and/or software that protects a network’s resources from intrusion

true

T or F: Organizations use firewalls to protect network resources from outsiders and to restrict employees access to sensitive data such as payroll or personnel records

proxy server

Larger organizations often route all their communications through a ___________

proxy server

__________ is a server outside the organization’s network that controls which communications pass in and out of the organization’s network

personal firewall

Home and small/home office users often protect their computers with a _______________

personal firewall

_____________ is a software firewall that detects and protects a personal computer an its data from unauthorized intrusions

false

T or F: Both Windows and Mac operating systems do not include firewall capabilities.

true

T or F: Hardware firewalls stop malicious intrusions before they attempt to affect your computer or network

unauthorized access

__________ is the use of a computer or network without permission

unauthorized use

____________ is the use of a computer or its data for unapproved or possibly illegal activities

acceptable use policy or AUP

_________ outlines the activities for which the computer and network may and may not be used

disable file and printer sharing

To protect your personal computer from unauthorized intrusions, you should _________________

access controls

Many organizations use _________ to minimize the chance that a perpetrator intentionally may access or an employee accidentally may access confidential information on a computer, mobile device, or network

access control

_____________ defines who can access a computer, device, or network; when they can access it; and what actions they can take while accessing it

audit trail

The computer, device, or network should maintain an ____________

audit trail

__________ that records in a file both successful and unsuccessful access attempts

user name

_____________ is a unique combination of characters, such as letters of the alphabet or numbers, that identifies one specific user

password

_________ is a private combination of characters associated with the user name that allows access to certain computer resources.

user ID

user name is also called __________

false

T or F: One password is sufficient protection for all vital online accounts,

password manager or organizer

__________ is a convenient service that stores all your account information securely

passphrase

___________ is a private combination of words, often containing mixed capitalization and punctuation, associated with a user name that allows access to certain computer resources.

true

T or F: Instead of passwords, some organizations use passphrases to authenticate users.

personal identification number or PIN/passcode

_________ is a numeric password, either assigned by a company or selected by a user.

possessed object

____________ is any item that you must possess, or carry with you, in order to gain access to a computer or computer facility.

CAPTCHA

_______ is a program developed at Carnegie Mellon University that displays an image containing a series of distorted characters for a user to identify and enter in order to verify that user input is from humans and not computer programs

biometric device

___________ authenticates a person’s identity by translating a personal characteristic, such as a fingerprint, into a digital code that is compared with a digital code stored in a computer or mobile device verifying a physical or behavioral characteristic.

fingerprint reader or scanner

__________ captures curves and indentations of a fingerprint

lock screen

_________ screen that restricts access to a computer or mobile device until a user performs a certain action

face recognition system

_____________ captures a live face image and compares it with a stored image to determine if the person is a legitimate user

hand geometry system

___________ verifies identity based on the shape and size of a person’s hand

voice verification system

___________ compares a person’s live speech with their stored voice pattern.

signature verification system

_______________ recognizes the shape of your handwritten signature, as well as measures the pressure exerted and the motion used to write the signature.

iris recognition system

___________ uses iris recognition technology to read patterns in the iris of the eye

biometric payment

________ customer’s fingerprint is read by a fingerprint reader that is linked to a payment method

two-step verification

___________ uses two separate methods, one after the next, to verify the identity of a user.

digital forensics or cyberforensics

___________ is the discovery, collection, and analysis of evidence found on computers and networks.

law enforcement

criminal prosecutors

military intelligence

insurance agencies

information security departments

5 Areas that use digital forensics

software theft

__________ occurs when someone steals software media, intentionally erases programs, illegally registers and/or activates a program, or illegally copies a program.