Cyber-Security Exam 1
Security Problem
The value of the information on technology is more valuable than the technology itself
Attacker's Profile
Generally inexperienced young people, script kiddies
Electronic Crime
When the computer is a target, or a computer is used to commit the crime
Targets of Opportunity
A hacker attacks a vulnerability, not necessarily the company itself
Specifically Targeted Attacks
Driven by a purpose, a hacktivist
Structured Threats
Planned, more funded, longer periods of activity
Unstructured Threats
Less funded, shorter periods of time, fewer people
Difficulties in Defending Against Attacks
Increased speed, sophistication, availability of attacks
Security vs. Convenience
The higher the security level the lower the convenience
Confidentiality
Security actions that ensure that only authorized parties can view the information and prevents the
disclosure to others.
Integrity
Security actions that ensure that the information is correct and no unauthorized person or malicious
software has altered that data.
Availability
Security actions that ensures that data is accessible to authorized users.
Layers of Information Security
Confidentiality, integrity, availability
Laws Protecting Electronic Data Privacy
, HIPPA, Sarbanes-Oxley Act of 2002, Gramm-Leach-Bliley Act, California Database Security Breach
Cyber-Terrorism
Attacks may be ideologically motivated
Targets of Cyber-Terrorism
Banking, military, energy, transportation, water
Cybercriminals
A generic term used to describe individuals who launch attacks against other users and their
computers; also describes a loose-knit network of attackers, identity thieves, and financial fraudsters.
Script Kiddies
Individuals who want to break into computers to create damage yet lack the advanced knowledge of
computers and networks needed to do so.
Comprehensive Security Strategy
Block attacks, update defenses, minimize losses, send secure information
Social Engineering
A means of gathering information for an attack by relying on the weaknesses of individuals.
Phishing
Sending an e-mail or displaying a web announcement that falsely claims to be from a legitimate
enterprise in an attempt to trick the user into surrendering private information.
Shoulder Surfing
Viewing information that is entered by another person.
Dumpser Diving
Digging through trash receptacles to find information that can be useful in an attack.
Key Logger
Hardware or software that captures and stores each keystroke that a user types on the computer's
keyboard.
Man-In-The-Middle
Offline Cracking
Dictionary Attack
A password attack that compares common dictionary words against those in a stolen password file.
Security Problem
The value of the information on technology is more valuable than the technology itself
Attacker's Profile
Generally inexperienced young people, script kiddies
Electronic Crime
When the computer is a target, or a computer is used to commit the crime
Targets of Opportunity
A hacker attacks a vulnerability, not necessarily the company itself
Specifically Targeted Attacks
Driven by a purpose, a hacktivist
Structured Threats
Planned, more funded, longer periods of activity
Unstructured Threats
Less funded, shorter periods of time, fewer people
Difficulties in Defending Against Attacks
Increased speed, sophistication, availability of attacks
Security vs. Convenience
The higher the security level the lower the convenience
Confidentiality
Security actions that ensure that only authorized parties can view the information and prevents the
disclosure to others.
Integrity
Security actions that ensure that the information is correct and no unauthorized person or malicious
software has altered that data.
Availability
Security actions that ensures that data is accessible to authorized users.
Layers of Information Security
Confidentiality, integrity, availability
Laws Protecting Electronic Data Privacy
, HIPPA, Sarbanes-Oxley Act of 2002, Gramm-Leach-Bliley Act, California Database Security Breach
Cyber-Terrorism
Attacks may be ideologically motivated
Targets of Cyber-Terrorism
Banking, military, energy, transportation, water
Cybercriminals
A generic term used to describe individuals who launch attacks against other users and their
computers; also describes a loose-knit network of attackers, identity thieves, and financial fraudsters.
Script Kiddies
Individuals who want to break into computers to create damage yet lack the advanced knowledge of
computers and networks needed to do so.
Comprehensive Security Strategy
Block attacks, update defenses, minimize losses, send secure information
Social Engineering
A means of gathering information for an attack by relying on the weaknesses of individuals.
Phishing
Sending an e-mail or displaying a web announcement that falsely claims to be from a legitimate
enterprise in an attempt to trick the user into surrendering private information.
Shoulder Surfing
Viewing information that is entered by another person.
Dumpser Diving
Digging through trash receptacles to find information that can be useful in an attack.
Key Logger
Hardware or software that captures and stores each keystroke that a user types on the computer's
keyboard.
Man-In-The-Middle
Offline Cracking
Dictionary Attack
A password attack that compares common dictionary words against those in a stolen password file.
