Professional Documents
Culture Documents
Ias Quiz 1 Reviewer
Ias Quiz 1 Reviewer
Ias Quiz 1 Reviewer
Security
- Computer security began immediately after the first mainframes were developed
- Groups developing code-breaking computations during World War II created the first modern
computers
- Physical controls were needed to limit access to authorized personnel in sensitive military
locations
- Only rudimentary controls were available to defend against physical theft, espionage, and
sabotage
The 1990s
- As networks of computers became more common, so did the need to interconnect the networks
- Internet, the first manifestation of a global network of networks
The Present
- Ability to secure each now influenced by the security on every computer to which it is
connected
- The protection of information and its critical elements, including the systems and hardware that
use, store, and transmit that information
- The CIA triad embodies the three concepts of “fundamental security objects for both data,
information and computing services.”
Confidentiality
Integrity
Availability
- Is making sure that authorized parties are able to access the information when needed
- Refers to any pieces of information, device, or some other parts related to them that support
business activities
- Should be put under strict security measures
List of Assets:
1. Customer Data
2. IT and Network Infrastructure
3. Intellectual Property
4. Finances and Financial Data
5. Service Availability and Productivity
6. Reputation
Protecting Data
- Without data, an organization loses its record of transactions and/or its ability to deliver value
to its customer
- Must have secure infrastructure services based on the size and scope of the enterprise
Risk
Threat
- Defined as an object, person, or other entity that represents a constant danger to an asset
Vulnerability
- Energy – electricity
- Equipment – mechanical or electronic component failure
- Fire and chemical – explosion, smoke, or industrial pollution
- Human – riot, war, terrorist attack, etc.
- Natural Disaster – earthquake, volcano, landslide, etc.
- Pandemic disease – bacteria or virus
- Weather – sandstorm, flood, etc.
Hackers
Expert hacker
Script kiddies
- Limited skill
- Do not usually fully understand the systems they hack
- Have advanced knowledge, can create malware that intends to gain access to the systems to
steal personal and financial assets
Hackers/Crackers
- Is a form of brute force attack used for defeating a cipher or authentication mechanism
IP Addressing Spoofing
Hijacking
- When an intruder takes control of a session between a server and the client
Replay Attacks
Man-In-The-Middle Attacks
Masquerading
Social Engineering
Phishing
- Attacker sends a fraudulent message designed to trick a human victim into revealing sensitive
information
Denial-of-service (DoS)
1. Causes damage
2. Escalates security privileges
3. Divulges private data
4. Modifies or deletes data
General Classification of Malware
Virus
Worm
- Program that is self-contained. Duplicates and send itself to other hosts without any user
intervention. Does not need an application.
Trojan
- Malware that hides into a useful program. Collects sensitive information. Can actively upload
and download files.
Rootkit
- Applications get access to a machine unauthorized and hide their existence from other app
Spyware