Deck 1: The Threat Environment

Threat environment consists of the types of attackers and attacks that companies face.

Preventative countermeasures identify when a threat is attacking and especially when it is succeeding.

Most countermeasure controls are preventative controls.

Confidentiality means that attackers cannot change or destroy information.

Detective countermeasures keep attacks from succeeding.

Detective countermeasures identify when a threat is attacking and especially when it is succeeding.

Preventative countermeasures keep attacks from succeeding.

Most countermeasure controls are detective controls.

You accidentally find someone's password and use it to get into a system. This is hacking.

Employees often have extensive knowledge of systems and can pose a greater risk than external attackers.

In fraud, the perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim's interest.

The terms "intellectual property" and "trade secret" are synonymous.

The definition of hacking is "intentionally accessing a computer resource without authorization or in excess of authorization."

Someone sends you a "game." When you run it, it logs you into an IRS server. This is hacking.

In hacking, the perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim's interest.

Misappropriation of assets is an example of employee financial theft.

When considering penalties for hacking, motivation is irrelevant.

The definition of hacking is "accessing a computer resource without authorization or in excess of authorization."

Employees pose an increased risk to organizations as they ofter have access to sensitive parts of systems.

You have access to your home page on a server. By accident, you discover that if you hit a certain key, you can get into someone else's files. You spend just a few minutes looking around. This is hacking.

Downloading pornography can lead to sexual harassment lawsuits.

Rootkits replace legitimate programs and are considered a deeper threat than a set of programs called Trojan horses.

A Trojan horse is a program that hides itself by deleting a system file and taking on the system file's name.

Most cookies are dangerous.

The definition of spam is "unsolicited commercial e-mail."

Nonmobile malware can be on webpages that users download.

Mobile code usually is contained in webpages.

In pretexting, an attacker calls claiming to be a certain person in order to ask for private information about that person.

Botnets usually have multiple owners over time.

Most traditional external hackers cause extensive damage or commit theft for money.

Most traditional external hackers do not cause extensive damage or commit theft for money.

Attackers cannot use IP address spoofing in port scanning attack packets.

Attackers rarely use IP address spoofing to conceal their identities.

Social engineering is rarely used in hacking.

In response to a chain of attack, victims can often trace the attack back to the final attack computer.

The primary purpose for attackers to send port scanning probes to hosts is to identify which ports are open.

Generally speaking, script kiddies have high levels of technical skills.