Cybersecurity Final version 2

studied byStudied by 0 people
0.0(0)
get a hint
hint

Risk

1 / 119

encourage image

There's no tags or description

Looks like no one added any tags here yet for you.

120 Terms

1

Risk

Likelihood that something bad will happen to an asset

New cards
2

Threat

Any action that could damage an asset

New cards
3

Vulnerability

A weakness that allows a threat to be realized or to have an effect on an asset

New cards
4

Cryptography

Practice of hiding data and keeping it away from unauthorized users

New cards
5

Encryption

The process of transforming data from cleartext into ciphertext

New cards
6

Ciphertext

The scrambled data that is the result of encrypting cleartext

New cards
7

Cleartext

Regular

New cards
8

Integrity

Maintain valid

New cards
9

Availabioolity

The amount of time users can use a system

New cards
10

Uptime

Measure of how long a computer system has been operating without restarting.

New cards
11

Downtime

Refers to a period of time when a system is unavailable

New cards
12

Availability formula

A = (Total Uptime)/(Total Uptime + Total Downtime)

New cards
13

Mean time to failure (MTTF)

The expected time until the first failure of a piece of equipment

New cards
14

Mean Time to Repair (MTTR)

The average time required to repair a system or piece of equipment

New cards
15

Mean Time Between Failures (MTBF)

the average length of time between failures of a product or component

New cards
16

Recovery Time Objective (RTO)

The overall length of time an information system's components can be in the recovery phase before negatively impacting the organization's mission or processes

New cards
17

Recovery Point Objective (RPO)

Maximum amount of data that can be lost without substantial impact

New cards
18

What is the weakest link in the security of an IT Infrastructure

The user

New cards
19

Policy

A short written statement that defines a course of action that applies to entire organization

New cards
20

Standard

A detailed written definition of how software and hardware are to be used

New cards
21

Procedures

Written instructions for how to use policies and standards

New cards
22

Guidelines

Suggested course of action for using policy

New cards
23

Private data

Classification standard: Data about people that must be kept private

New cards
24

Confidential

Classification standard: Information or data owned by the organization

New cards
25

Internal use only

Classification standard: Information or data shared internally by an organization

New cards
26

Public domain data

Classification standard: Information or data shared with the public

New cards
27

Minimum level of classification levels

Three

New cards
28

Real-time

Occurs instantaneously

New cards
29

Store-and-forward

Acceptable delay in transmitting communication

New cards
30

E-commerce

Sale of goods and services on the internet

New cards
31

Business-to-consumer (B2C)

Customers purchase goods and services directly from their website

New cards
32

Business-to-business (B2B)

Businesses conduct sales with other businesses

New cards
33

Payment Card Industry Data Security Standard (PCI DSS)

Protects private customer data

New cards
34

Black-hat

A hacker who attacks systems and exposes vulnerabilities with malicious intent most often for monetary gain

New cards
35

White-hat

A hacker who exposes security flaws in applications and operating systems so manufacturers can fix them before they become widespread problems.

New cards
36

Gray-hat

A skilled hacker who falls in the middle of white hat and black hat hackers. The gray hat may cross the line of what is ethical

New cards
37

Crackers

A type of hacker who specializes in breaching copy protection on software allowing it to be pirated

New cards
38

What is a Security Breach?

Any event that results in a violation of any of the CIA security tenets

New cards
39

Denial of Service Attack

A coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks

New cards
40

Unacceptable Web Browsing

Defined in an acceptable use policy (AUP)

New cards
41

Backdoors

Hidden access included by developers

New cards
42

Disclosure threats

Sabotage

New cards
43

Alteration threats

Unauthorized changes

New cards
44

Denial or destruction threats

DoS attack

New cards
45

Virus

-Attaches itself to or copies itself into another program on a computer -Tricks the computer into following instructions not intended by the original program developer -Infects a host program any may cause that host program to replicate itself to other computers -User who runs infected program authenticates the virus

New cards
46

Worm

-A self-contained program that replicates and sends copies of itself to other computers without user input or action -Does not need a host program to infect -Is a standalone program

New cards
47

Trojan Horse

-Malware that masquerades as a useful program -Trojans can: -Hide programs that collect sensitive information -Open backdoors into computers -Actively upload and download files

New cards
48

Logic Bomb

Malware which wats for a particular condition to exist (e.g. no input for a certain time period

New cards
49

a certain time and date

etc.) and then does something malicious.

New cards
50

Rootkit

-Modifies or replaces one or more existing programs to hide traces of attacks -Many different types of rootkits -Conceals its existence one installed -Is difficult to detect and remove

New cards
51

Spyware

A type of malware that specifically threatens the confidentiality of information

New cards
52

Firewall

-Program or dedicated hardware device -Inspects network traffic passing through it -Denies or permits traffic based on a set of rules

New cards
53

Business Impact Analysis (BIA)

An analysis of an organization's functions and activities that classifies them as critical or noncritical

New cards
54

Business Continuity Plan (BCP)

A written plan for a structured response to any events that result in an interruption to critical business activities or functions

New cards
55

Disaster

An event that affects multiple business processes for an extended period

New cards
56

Disaster Recovery Plan (DRP)

A written plan including specific steps and procedures to recover from a disaster

New cards
57

Hot site

Has environmental utilities

New cards
58

Warm site

Has environmental utilities and basic computer hardware

New cards
59

Cold site

Has basic environmental utilities but no infrastructure components

New cards
60

Mobile site

Trailer with necessary environmental utilities

New cards
61

Security gap

Difference between the security controls in place and controls you need to address vulnerabilities

New cards
62

Gap analysis

Comparison of the security controls in place and the controls you need to address all identified threats

New cards
63

Sarbanes-Oxley Act (SOX)

requires all financial reports to include an internal controls report

New cards
64

Health Insurance Portability and Accountability Act (HIPAA)

a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed with the patient's consent or knowledge

New cards
65

Gramm-Leach-Bliley Act (GLBA)

Requires organizations to explain their information-sharing practices to their customers and to safeguard sensitive data

New cards
66

Federal Information Security Modernization Act (FISMA)

Requires stricter guidelines for how data is handled in order to reduce risk of a cyberattack

New cards
67

Government Information Security Reform Act (Security Reform Act) of 2000

a federal law requiring offices of the U.S. government to develop a security program to assess its risk to security threats and ways to protect from them

New cards
68

Authentication

verifying the identity of the person or device attempting to access the system

New cards
69

Authorization

Controlling what the user is allowed to do on a system

New cards
70

Physical Access Control

Controls entry into buildings

New cards
71

Logical Access Controls

Controls access to a computer system or network

New cards
72

Intrusion Detection System (IDS)

A program responsible for identifying attacks

New cards
73

Network-Based Intrusion Detection System (NIDS)

A system for examining network traffic to identify suspicious

New cards
74

host-based intrusion detection system (HIDS)

Software processes or services designed to run on server computers

New cards
75

Demilitarized zone (DMZ)

A physical or logical subnetwork which contains and exposes an organization's external-facing services to an untrusted

New cards
76

MAC (Media Access Control) address

Unique 48-bit address assigned to each network card. IEEE assigns blocks of possible addresses to various NIC manufacturers to help ensure that the address is always unique. The Data Link layer of the OSI model uses MAC addresses to locate machines.

New cards
77

Black-box testing

Uses test methods that aren't based directly on knowledge of a program's architecture or design

New cards
78

White-box testing

Is based on knowledge of the application's design and source code

New cards
79

Gray-box testing

Lies somewhere in between black-box and white-box testing

New cards
80

Event

A measurable occurrence that has an impact on the business

New cards
81

Incident

Any event that violates or threatens to violate your security policy

New cards
82

Control

Includes both safeguards and countermeasures

New cards
83

Countermeasure

Counters or addresses a specific threat

New cards
84

Single Loss Expectancy (SLE)

The expected monetary loss every time a risk occurs.

New cards
85

Annualized Rate of Occurrence (ARO)

The number of incidents per year

New cards
86

Annualized Loss Expectancy (ALE)

How much monetary loss is expected every year

New cards
87

Critical Business Functions (CBF)

Activities that are vital to your organization's survival and to the resumption of business operations.

New cards
88

Maximum Tolerable Downtime (MTD)

The maximum period of time that a business process can be down before the survival of the organization is at risk.

New cards
89

Emergency Operations Center (EOC)

Physical location identified for coordination of information and resources to support incident management activities.

New cards
90

Decryption

The process of unscrambling ciphertext into plaintext

New cards
91

Alogorithm

A repeatable process that produces the same result when it receives the same input

New cards
92

Cipher

An algorithm to encrypt or decrypt information

New cards
93

Symmetric Encryption

the same key is used to encode and decode

New cards
94

Assymetric Encryption

used in public key encryption

New cards
95

Keyspace

The number of possible keys to a cipher

New cards
96

Open ciphers

Make it possible for experts around the world to examine the ciphers for weaknesses

New cards
97

Data Encryption Standard (DES)

The most scrutinized cipher in history

New cards
98

Cryptanalysis

the study and practice of finding weaknesses in ciphers

New cards
99

Nonrepudiation

Enables you to prevent a party from denying a previous statement or action.

New cards
100

Transposition ciphers

Rearranges characters or bits of data

New cards

Explore top notes

note Note
studied byStudied by 3 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 13 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 8 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 39 people
Updated ... ago
4.0 Stars(1)
note Note
studied byStudied by 20 people
Updated ... ago
5.0 Stars(2)
note Note
studied byStudied by 189 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 13 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 156 people
Updated ... ago
5.0 Stars(1)

Explore top flashcards

flashcards Flashcard51 terms
studied byStudied by 21 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard124 terms
studied byStudied by 20 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard101 terms
studied byStudied by 4 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard55 terms
studied byStudied by 5 people
Updated ... ago
5.0 Stars(2)
flashcards Flashcard170 terms
studied byStudied by 6 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard153 terms
studied byStudied by 16 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard150 terms
studied byStudied by 37 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard50 terms
studied byStudied by 1 person
Updated ... ago
5.0 Stars(1)