IT 255 Review

Helpfulness: 0
Set Details Share
created 8 years ago by sarahs89
560 views
IT 255 review sheet
updated 8 years ago by sarahs89
Grade levels:
College: Second year
Subjects:
computers
show moreless
Page to share:
Embed this setcancel
COPY
code changes based on your size selection
Size:
X
Show:
1

Threat

Any action that could damage an asset

2

Gramm-Leach Bliley Act(GLBA)

Passed in 1999, requires that all types of financial institutions to protect private financial information

3

Standards

A detailed written definition for hardware and software and how it is to be used

4

White-hat hackers

Ethical hacking using various penetration tools to uncover vulnerabilities.

5

Data Classification Standards

Definition of different data types

6

Vulnerabilities and Threats

any weakness in a system that makes it possible for a threat to cause harm

7

Risk

Refers to the likely hood of exposure to danger

8

Causes of Security Gaps

A laps in a security control in a policy creates a gap

9

Cryptography

is the practice of hiding data and keeping it away from unauthorized users

10

Encryption

is the process of transforming data from clear text into ciphertext

11

Change control procedures

request-impact assessment-approval-build/test-implement-monitor

12

7 domains

user, workstation, LAN, LAN-to-WAN, WAN, remote access, and system/application domain

13

Hijacking

type of attack in which the attacker takes control of a session between two machines and masquerades as one of them

14

intimidation

using threats or harassment to bully another person for information

15

phishing

email or web pages that resemble the work of a reputable organization to capture sensitive information

16

social engineering

is deceiving or using people to get around security controls

17

black hat hacker

breaks IT security for the challenge and to prove technical powers, and poke holes in system

18

grey hat hacker

wannabe hacker, average abilities either becoming a black or white hat hacker

19

vulnerability

a weakness that allows a threat to be realized or to have an effect on an asset

20

risk management

process of identifying, assessing, prioritizing, and addressing risk

21

best password policies

A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly.

22

annual loss expectancy

estimated loss due to a specific realized threat.
to calculate ALE is ALE = SLE x ARO

23

Access Control Models

Methods used to restrict and allow access to resources.

24

parts of the access control model

Access Tokens-Security Descriptors-Access Control Lists-Access Control Entries-Access Rights and-Access Masks-Security Identifiers

25

policies

are high-level statements or rules about protecting people or systems

26

Baselines

Benchmarks used to make sure that a system provides a minimum level of security across multiple applications and across different products.

27

Phases of risk-response planning

Implementing BIA – Business Impact Analysis is a formal analysis of an organization’s functions and activities that classifies them as critical or noncritical. BCP Business Community Plan is a plan for a structured response to any events that result in an interruption to critical business activities or functions.– DRP –Disaster Recovery Plan which directs the actions necessary to recover resources after a disaster and is part of a BCP

28

types of attack tools used

Vulnerability scanners
Port scanners
Sniffers
Wardialers
Keyloggers

29

Malicious software and the types found

any software that gives partial to full control of your computer to do whatever the malware creator wants.
Malware, Spyware, Viruses, Worms, Trojans, Keyloggers, Dialer, and RootKits

30

Quantitative

a risk-analysis method that uses mathematical formulas and numbers to assist in ranking risk severity.

31

Components of access control

Authorization, Identification, Authentication, Accountability

32

Qualitative

a risk-analysis method that uses relatives ranking to provide further definition of the identified risks in order to determine responses to them.