Term
|
Definition
| the protection of available information or information resources from unauthorized access, attacks, thefts or data damage. |
|
|
Term
| As an information security professional, what do you need to protect? |
|
Definition
|
|
Term
| Data refers to what (in terms of protecting data) |
|
Definition
*to the information assets of a person, customer or organization
*files in the computer system/network |
|
|
Term
| Resources refers to what (in terms of protecting resources) |
|
Definition
*any virtual or physical components of a system that have limited availability
*any device connected directly to a computer system/network
*a virtual resource - files, memory location or network connection |
|
|
Term
|
Definition
*compromised reputation
*loss of goodwill
*reduced investor confidence
*loss of customers
*various financial losses |
|
|
Term
| Three primary goals of security |
|
Definition
Prevention
Detection
Recovery |
|
|
Term
|
Definition
| any condition that leaves a system open to attack |
|
|
Term
| What are some vulnerabilites? |
|
Definition
*improperly configured or installed hardware or software
*bugs in software or operating systems
*the misuse of software or communication protocols
*poorly designed networks
*poor physical security
*Insecure passwords
*Design flaws in software or operating systems
*unchecked user input |
|
|
Term
|
Definition
| any event or action that could potentially result in the violation of a security requirement, policy or procedure. |
|
|
Term
| Potential threats to computer and network security include: |
|
Definition
*unintentional or unauthorized access or changes to data
*the interruption of services
*the interruption of access to assets
*damage to hardware
*unauthorized access or damage to facilities |
|
|
Term
|
Definition
| is a technique that is used to exploit a vulnerability in any application on a computer system without the authorization to do so. |
|
|
Term
| attacks on computer system and network security include: |
|
Definition
*physical attacks
*network-based attacks including wireless networks
*software-based attacks
*social engineering attacks
*web application-based attacks |
|
|
Term
|
Definition
| when an attacker accesses your computer system without the authorization to do so |
|
|
Term
| intrusions can occur when? |
|
Definition
| when the system is vulnerable to attacks |
|
|
Term
|
Definition
*physical intrusions
*Host-based intrusions
*network-based intrutions |
|
|
Term
risk
(as applied to information systems) |
|
Definition
*is a concept that indicates exposure to the chance of damage or loss
*signifies the likelihood of a hazard or dangerous threat occurring |
|
|
Term
risk
(as applied to information technology) |
|
Definition
*associated with the loss of a system, power or network, and other physical losses
*also affects people, practices and processes |
|
|
Term
|
Definition
| the countermeasures that yo need to put in place to avoid, mitigate or counteract security risks due to threats or attacks |
|
|
Term
|
Definition
*prevention
*detection
*correction |
|
|
Term
|
Definition
| these help to prevent a threat or attack from exposing a vulnerability in the computer system |
|
|
Term
|
Definition
| these help to discover if a threat or vulnerability has entered into the computer system |
|
|
Term
|
Definition
| there help mitigate the consequences of a threat or attach from adversely affecting the computer system |
|
|
Term
| Security Management process can include: |
|
Definition
*identifying,
*implementing, and
*monitoring security controls |
|
|
Term
|
Definition
| involves detecting problems and determining how best to protect a system |
|
|
Term
|
Definition
| this involves installing control mechanisms to prevent problems in a system |
|
|
Term
|
Definition
| involves detecting and solving any security issues that arise after security controls are implemented |
|
|
