K201 lecture notes chapter 10: Q1-Q3, Q4-Q7

Email spoofing is a synonym for phishing?
Unauthorized data disclosure
In the context of security threats, pretexting, sniffing, spoofing, & phishing are all examples of
A _____ is a type of virus that self-propagates using the Internet or other computer network.
Organizations should implement safeguards that balance the trade-off between risks and costs
In information security, which of the following is true about managing risk?
Human Safeguards
___________ involve the people and procedure components of information systems
– Est. a company-wide security policy
– Technical, data, & human safeguards
– Manage risk
– Proactive
How should organizations respond to security threats?
– ID & authentication
– Encryption
– Firewalls
– Malware Protection
– Design secure applications
What are technical safeguards?
Username & passwords/smart card/biometrics
ID & authentication
Transforms clear text into coded, unintelligible text, requiring a key to read
Prevent unauthorized access to the network
Virus, Trojan horse, worm, spyware, adware
Malware Protection
Prevent common attacks like SQL injection attacks
Design Secure applications
– Define data policies
– Data rights & responsibilities
– Enforce rights with usernames & passwords
– Data encryption
– Backup & recovery procedures
– Physical security
What are data safeguards?
– Data administration
– An organization-wide function develops data policies & enforces data standards
– Database administration
– Develop procedures & practices to ensure efficient & orderly multiuser processing, control changes, and protect databases
Who are responsible for safeguards?
– Document whether or not the job involve sensitive data (how sensitive)
– Provide separation of duties and authorities; determine least priviledge
Positive Definitions
Background checks, references, & social media posts
Hiring and Screening
Employee security training
Dissemination of Policies & Enforcement
Revoke access to systems promptly
Termination Policies
– Manage accounts
– Password management
– Help desk policies
Account Administration
– Normal operation
– Backup
– Recovery
System Procedures
– Activity log analysis
– Security testing
– Investigating security incidents
Securing Monitoring
– Have a plan in place
– Centralized reporting
– Specific responses
– Practice
How do organizations respond to security incidents?