Deck 2: The Need for Security

With the removal of copyright protection mechanisms, software can be easily distributed and installed.

The information security function in an organization safeguards its technology assets.

Forces of nature, sometimes called acts of God, can present some of the most dangerous threats because they usually occur with very little warning and are beyond the control of people.

DoS attacks cannot be launched against routers.

A worm requires that another program is running before it can begin functioning.

Compared to Web site defacement, vandalism within a network is less malicious in intent and more public.

Much human error or failure can be prevented with effective training and ongoing awareness activities.

Suppose an act of theft performed by a hacker was accompanied by defacement actions to delay discovery. The first act is obviously in the category of  "theft" but the second act is another category-in this case it is a "force of nature." 

An advance-fee fraud attack involves the interception of cryptographic elements to determine keys and encryption algorithms.

When electronic information is stolen, the crime is readily apparent.

Organizations can use dictionaries to regulate password selection during the reset process and thus guard against easy-to-guess passwords.

A sniffer program can reveal data transmitted on a network segment, including passwords, the embedded and attached files-such as word-processing documents-and sensitive data transmitted to or from applications.

Expert hackers are extremely talented individuals who usually devote lots of time and energy to attempting to break into other people's information systems.

Attacks conducted by scripts are usually unpredictable.

A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected.

Information security's primary mission is to ensure that systems and their contents retain their confidentiality at any cost.

As an organization grows, it must often use more robust technology to replace the security technologies it may have outgrown.

A mail bomb is a form of DoS attack.

Two watchdog organizations that investigate allegations of software abuse are the Software & Information Industry Association (SIIA) and National Security Agency (NSA).

Computer assets are the focus of information security and are the information that has value to theorganization, as well as the systems that store, process, and transmit the information. ____________

"Shoulder spying" is used in public or semi-public settings when individuals gather information they are not authorized to have by looking over another individual's shoulder or viewing the information from a distance. _________________________

Once a(n) back door has infected a computer, it can redistribute itself to all e-mail addresses found on the infected system. _________________________

The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information. _________________________

Media as a subset of information assets are the systems and networks that store, process, and transmit information.

A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures. _________________________

Hackers are "persons who access systems and information without authorization and often illegally." _________________________

Cyberterrorists hack systems to conduct terrorist activities via network or Internet pathways. _________________________

When voltage levels lag (experience a momentary increase), the extra voltage can severely damage or destroy equipment. _________________________

Packet munchkins use automated exploits to engage in distributed denial-of-service attacks. _________________________

Software code known as a(n) cookie can allow an attacker to track a victim's activity on Web sites. _________________________

The macro virus infects the key operating system files located in a computer's start-up sector. _________________________

Intellectual property is defined as "the creation, ownership, and control of ideas as well as the representation of those ideas." _________________________

The term phreaker is now commonly associated with an individual who cracks or removes software protection that is designed to prevent unauthorized duplication. _________________________

The application of computing and network resources to try every possible combination of options of a password is called a dictionary attack. _________________________

A device (or a software program on a computer) that can monitor data traveling on a network is known as a socket sniffer. _________________________

One form of e-mail attack that is also a DoS attack is called a mail spoof, in which an attacker overwhelms the receiver with excessive quantities of e-mail. _________________________

Media are items of fact collected by an organization and include raw numbers, facts, and words.

The ____________________ fraud is a social engineering attack that involves convincing the victim to participate in a seeming money-making venture while getting the victim to pay fees or bribes or to refund uncleared international payments.

Script ____________________ are hackers of limited skill who use expertly written software to attack a system.

Some information gathering techniques are quite legal-for example, using a Web browser to perform market research. These legal techniques are called, collectively, competitive ____________________.

A(n) ____________________ hacks the public telephone network to make free calls or disrupt services.

ESD is the acronym for ____________________ discharge.

In the context of information security, ____________________ is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker.

Duplication of software-based intellectual property is more commonly known as software ____________________.

A momentary low voltage is called a(n) ____________________.

A(n) ____________________ is a potential risk to an information asset.

Attempting to reverse-calculate a password is called ____________________.

The expert hacker sometimes is called a(n) ____________________ hacker.

When information gatherers employ techniques in a commercial setting that cross the threshold of what is legal or ethical, they are conducting industrial ____________________.

A(n) ____________________ is an act against an asset that could result in a loss.

A(n) ____________________ is a potential weakness in an asset or its defensive control(s).