Computer Security Chapter 10 Flashcards

Questions and Answers

What are the sources of threats?

Human error, computer crime, natural events and disasters.

What are security losses associated with?

Unauthorized data disclosure, incorrect data modification, faulty service, denial of service, loss of infrastructure.

What is the figure on pg 6 of the slides regarding loss and threats?

Figure on pg 6 of the slides.

What are computer security issues?

How should organizations respond to security threats?

Establish a company-wide security policy, manage risk.

What are security safeguards in information systems?

All of the above

What are technical safeguards?

Identification and authentication, encryption, firewalls, malware protection, design for secure applications.

What are data safeguards?

Define data policies, data rights and responsibilities, enforce rights with usernames and passwords, data encryption, backup and recovery procedures, physical security.

What is data administration?

An organization-wide function that is in charge of developing data policies and enforcing data standards.

What is database administration?

Develop procedures and practices to ensure efficient and orderly multiuser processing, control changes, and protect databases.

What are human safeguards?

Position definitions, hiring and screening, dissemination and enforcement, termination policies, account administration, systems procedures, security monitoring.

In the context of security threats, pretexting, sniffing, spoofing, and phishing are all examples of ________.

unauthorized data disclosure

In information security, which of the following is true about managing risk?

Organizations should implement safeguards that balance the trade-off between risk and cost.

Which of the following is classified as a technical safeguard?

Firewalls

A ________ is a type of virus that self-propagates using the Internet or other computer network.

Worm

If the incident-response plan is not well-prepared, there is substantial risk that the actions of well-meaning people will make the problem worse.

True

Study Notes

Sources of Threats

• Human error, computer crime, and natural disasters are primary sources of security threats.

Security Losses

• Unauthorized data disclosure can result in leakage of sensitive information.
• Incorrect data modification leads to data integrity issues.
• Faulty services can disrupt normal operations and functionalities.
• Denial of service attacks can render resources unavailable to users.
• Loss of infrastructure refers to losing physical and technological assets.

Loss and Threats

• Relevant figures detailing loss and threats are presented in referenced slides.

Computer Security Issues

• Understanding various security problems is essential for effective management.

Organizational Response to Security Threats

• Establishing company-wide security policies is critical for effective threat management.
• Risk management is essential to identify, assess, and mitigate potential threats.

Security Safeguards in Information Systems

• Technical safeguards include hardware and software solutions.
• Data safeguards pertain to the security of the data itself.
• Human safeguards involve procedures and personnel training.

Technical Safeguards

• Identification and authentication help ensure access is granted to authorized users.
• Encryption protects sensitive information from unauthorized access.
• Firewalls monitor and control incoming and outgoing network traffic.
• Malware protection prevents, detects, and removes malicious software.
• Designing applications with security in mind is crucial for defense against vulnerabilities.

Data Safeguards

• Organizations should define clear data policies and assign rights and responsibilities.
• Enforcing data rights using usernames and passwords protects access.
• Data encryption ensures confidentiality and integrity of sensitive information.
• Backup and recovery procedures are vital for data loss prevention.
• Physical security measures protect the hardware and infrastructure.

Data Administration

• An organization-wide role responsible for developing and enforcing data policies and standards.

Database Administration

• Ensures efficient multiuser processing and controls changes to protect databases.

Human Safeguards

• Include well-defined job positions, thorough hiring practices, and strict termination policies.
• Account administration and security monitoring are critical for maintaining security.

Examples of Unauthorized Data Disclosure

• Pretexting, sniffing, spoofing, and phishing are methods of unauthorized data disclosure.

Managing Risk in Information Security

• Organizations should balance investment in security safeguards with the risk and cost trade-offs.

Technical Safeguard Classification

• Firewalls are classified as technical safeguards that enhance a network's security.

Type of Virus

• A worm is a type of virus that can self-propagate across networks without user intervention.

Incident-Response Plan Preparedness

• A poorly prepared incident-response plan increases the risk of worsening security incidents.

Description

Test your knowledge on the key concepts of human and computer threats as outlined in Chapter 10. This quiz covers various aspects of security losses, sources of threats, and computer security issues in a structured flashcard format.