Chapter 4 Quiz Guide - ITEC 2201

0.0(0)
Studied by 16 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/48

flashcard set

Earn XP

Description and Tags

ape together strong

Computer Information System

ITEC 2201

ITEC

University/Undergrad

Last updated 1:27 AM on 2/22/24
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

49 Terms

1
New cards

Information Security

protection of information/information systems from unauthorized use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.

2
New cards

NIST

National Institute of Standards and Technology

3
New cards

Information Systems Security (INFOSEC)

protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats

4
New cards

CIA

Confidentiality, Integrity, and Availability - defines the classic security concerns in an automated environment

<p><strong>Confidentiality</strong>, <strong>Integrity</strong>, and <strong>Availability </strong>- defines the classic security concerns in an automated environment</p>
5
New cards

ISO

International Organization for Standardization

6
New cards

Access Control

the practice of Identity Management, authentication, authorization, and accountability (grants access ONLY to authorized users)

7
New cards

Availability

objective that generates the requirement for protection against intentional or accidental attempts to

(1) perform unauthorized deletion of data or

(2) otherwise cause a denial of service or data

8
New cards

Confidentiality

objective that generates the requirement for protection from intentional or accidental attempts to perform unauthorized data reads.

covers data in storage, during processing, and while in transit

9
New cards

Integrity as an Objective

objective that generates the requirement for protection against either intentional or accidental attempts to violate data integrity or system integrity

10
New cards

Data Integrity

the property that data has not been altered in an unauthorized manner

11
New cards

System Integrity

the quality that a system has when it performs its intended function in an unimpaired manner, free from unauthorized manipulation

12
New cards

Access Control List (ACL)

mechanism that implements access control for a system resource by enumerating the identities of the system entities that are permitted to access the resources

13
New cards

Authentication

process that establishes the origin of information, or determines an entity’s identity.

In a general information security context: Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system

14
New cards

Authentication Factor

something you know, something you have, and something you are

15
New cards

Identity

The set of physical and behavioral characteristics by which an individual is uniquely recognizable

16
New cards

Identification

A unique, auditable representation of identity within the system usually in the form of a simple character string for each individual user, machine, software component or any other entity

17
New cards

Identity Management Systems

comprised of one or more systems or applications that manages the identity verification, validation and issuance process

18
New cards

Multi-factor Authentication (MFA)

using two or more different factors to achieve authentication. Factors include: something you know (e.g., password/PIN) something you have (e.g., cryptographic identification device, token) or something you are (e.g., biometric)"

19
New cards

Password

A secret that a Claimant memorizes and uses to authenticate his or her identity. Typically character strings

20
New cards

Role Based Access Control (RBAC)

model for controlling access to resources where permitted actions on resources are identified with roles rather than with individual subject identities

21
New cards

Access Control: DENY

deny everybody and everything you can

22
New cards

Access Control: AUTHORIZE

allow limited capability only AFTER proper authorization and authentication

23
New cards

Access Control: RECORD

record EVERYTHING

24
New cards

Access Control for Databases

used to create UNIQUE, SECURE usernames and passwords, change those passwords regularly, and create separate MySQL users for different types of activity

25
New cards

MySQL: PUBLIC

SELECT

26
New cards

MySQL: CUSTOMER

SELECT, INSERT, UPDATE

27
New cards

MySQL: ADMIN

SELECT, INSERT, UPDATE, DELETE

28
New cards

What should you avoid when managing Access Control for Databases?

avoid giving SHUTDOWN, GRANT, RELOAD, DROP, and CREATE privileges to any MySQL user that will be connecting from a website

29
New cards

What are some SECURITY CONCERNS for customers?

Professional in appearance, honest and transparent, and use of SSL and HTTPS

30
New cards

Secure Sockets Layer (SSL)

creates encrypted link between web server and web browser

31
New cards

Hypertext Transfer Protocol Secure (HTTPS)

encrypts communication over a computer network (widely used on internet)

32
New cards

Cryptography

transforms data into CIPHER TEXT readable only by sender and receiver

33
New cards

Cipher Text

Data in its encrypted form

34
New cards

Cipher

Series of transformations that converts plaintext to ciphertext using the Cipher Key

35
New cards

Cipher Key

parameter used in conjunction with a cryptographic algorithm that determines its operation in such a way that an entity with knowledge of the key can reproduce the operation, while an entity without knowledge of the key cannot

36
New cards

Plaintext

Data input to the Cipher or output from the Inverse Cipher

37
New cards

Symmetric Key Cryptography

sender and receiver use the SAME digital key to encrypt and decrypt messages - requires a different set of keys for every transaction

<p>sender and receiver use the <strong>SAME </strong>digital key to encrypt and decrypt messages - requires a different set of keys for every transaction</p>
38
New cards

Public Key Cryptography

uses TWO mathematically related digital keys (public and private). Both keys are used to encrypt and decrypt message and once they’re used, the same key cannot be used again.

<p>uses <strong>TWO </strong>mathematically related digital keys (public and private). Both keys are used to encrypt and decrypt message and once they’re used, the same key cannot be used again. </p>
39
New cards

Public Key

widely disseminated

40
New cards

Private Key

kept secret by owner

41
New cards

What does Integrity mean?

Data is not altered by unauthorized users

42
New cards

What does Confidentiality mean?

Data is kept secret

43
New cards

What ensures that an entity can be traced uniquely to that entity

Accountability

44
New cards

___________ refers to weakness in an information system, system security procedures, internal control

Vulnerability

45
New cards

a message is changed into a format that cannot be read by an unauthorized user

Encryption

46
New cards

In Cryptography, the original message that is scrambled is referred to as the _________.

Plain Text

47
New cards

The regulation that oversees the secure storage and transaction of customer credit data is called __________

PCI - Payment Card Industry

48
New cards

__________ encryption uses DIFFERENT keys for encryption and decryption

Public Key/Asymmetric key

49
New cards

_______ encryption uses the SAME key for encryption and decryption

Symmetric