Flashcard Set Preview
| Side A | Side B | ||
| 1 |
Hacking
|
Accessing and using computer systems without permission, usually by means of a personal computer...
|
|
| 2 |
Zombie
|
Infected machine
|
|
| 3 |
Denial-of-Service Attack
|
Sending e-mail bombs (hundreds of messages per second) from randomly generated false addresses....
|
|
| 4 |
Splogs
|
A spam blog that promotes affiliated Web sites to increase their Google PageRank (hot often...
|
|
| 5 |
Spoofing
|
Making e-mail message look as if someone else sent it
|
|
| 6 |
Masquerading
|
Accessing a system by prefending to be an authorized user. The impersonator enjoys the same...
|
|
| 7 |
Data Diddling
|
Changing data before, during, or after they are entered into the system
|
|
| 8 |
Data Leakage
|
Copying company data, such as computer files, without permission
|
|
| 9 |
Phreaking
|
Attacking phone systems and using telephone lines to transmit viruses and to access, steal,...
|
|
| 10 |
Identity Theft
|
Assuming somone's identity, usually for economic gain, by illegally obtaining confidential...
|
|
| 11 |
Pretexting
|
Acting under fals pretenses to gain confidential information
|
|
| 12 |
Phishing
|
Sending e-mails requesting recipients to visit a Web page and verify data or fill in missing...
|
|
| 13 |
Vishing
|
Voice phishing, where e-mail recipients are asked to call a phone number where they are asked...
|
|
| 14 |
Evil Twin
|
A wireless network with teh same name as a local wireless access point. The hacker disables...
|
|
| 15 |
Typosquatting
|
Setting up Web sits with names similar to real Web sites so users making typographical errors...
|
|
| 16 |
Spyware
|
Using software to moitor computing habits and send that data to someone else, often without...
|
|
| 17 |
Logic and Time Bombs
|
Software that sits idle until a specified circumstance or time triggers it, destroying programs,...
|
|
| 18 |
Trap Door
|
Entering a system using a back door that bypasses normal system controls
|
|
| 19 |
Superzapping
|
Using special software to bypass system conrols and perform illegal acts
|
|
| 20 |
Virus
|
A segment of executable code that attaches itself to sfotware, replicates itself, and spreads...
|
|
| 21 |
Worm
|
Similar to a virus, but a program rather than a code segment hidden in a host program. Copies...
|
|
| 22 |
Computer Crime
|
Involves the manipulation of a computer or data by whatever method, to dishonestly obtain money,...
|
|
| 23 |
Computer Abuse
|
unauthorized use of, or access to, a computer for purposes contrary to the wishes of athe owner...
|
|
| 24 |
Misappropriation of Assets
|
Theft of company assets
|
|
| 25 |
Fraudulent Financial Reporting
|
Intentional or reckless conduct that results in materially misleading financial statements
|
|
| 26 |
Presssure
|
Incentive or motivation to commit fraud
|
|
| 27 |
Opportunity
|
Condition or situation that allows a person or oganization to do three things.
Commit fraud
Conceal...
|
|
| 28 |
Rationalization
|
Allows perpetrators to justify their illegal behavior
|
|
| 29 |
Input Fraud
|
Altering or falsifying computer input
|
|
| 30 |
Processor Fraud
|
Stealing computer time or services
|
|
| 31 |
Computer Instructions Fraud
|
Tampering with the software that processes data
|
|
| 32 |
Data Fraud
|
Altering or damaging a company's data files or copying, using, or searching the data files...
|
|
| 33 |
Output Fraud
|
Stealing or misusing system output
|
|
| 34 |
Threat
|
Any potential adverse occurrence or unwanted event that could be injurious to either the AIS...
|
|
| 35 |
Impact
|
Potential dollar loss from a threat
|
|
| 36 |
Likelihood
|
Probability that the threat will happen
|
|
| 37 |
Internal Controls
|
process implemented by the board of directors, management, and those under their direction...
|
|
| 38 |
Preventive Controls
|
deter problems before they arise
|
|
| 39 |
Detective Controls
|
needed to discover problems as soon as they arise
|
|
| 40 |
Corrective Controls
|
remedy control problems that have been discovered
|
|
| 41 |
General Controls
|
designed to make sure an organization's control environment is stable and well managed
|
|
| 42 |
Application Controls
|
prevent, detect, and correct transaction errors and fraud
|
|
| 43 |
Foreign Corrupt Practices Act
|
prevent the bribery of foreign officials in order to obtain business. Require corporations...
|
|
| 44 |
Sarbanes-Oxley Act
|
applies to publicy held companies and their auditors and was intended to prevent financial...
|
|
| 45 |
Public Company Accouting Obersight Board
|
control the auditing profession. Board members oversee their activities. Three PCAOB member ...
|
|
| 46 |
Belief System
|
communicates company core values to employees and inspires them to live by them
|
|
| 47 |
Boundary System
|
helps employees act ethically by setting limits beyond which and employee must not pass
|
|
| 48 |
Diagnostic Control System
|
measures comapny progress by comparing actual performance planned performances
|
|
| 49 |
Interactive Control System
|
helps top-level managers with high-level activities that demand frequent and regualr attention,...
|
|
| 50 |
COBIT- Control Objectives for Information and related Technology
|
framework of generally applicable information systems security and control practices for IT...
|
|
| 51 |
COSO = Committee of Sponsoring Organizations
|
private-sector group consisting of the American Accounting Association, AICPA, Institute of...
|
|
| 52 |
Internal Control - Integrated Framework
|
which defines internal controls and provides guidance for evaluating and enhancing internal...
|
|
| 53 |
Enterprise Risk Management - Integrated Franework (ERM)
|
expands on the elements of the internal control integrated framework and provides an all encompassing...
|
|
| 54 |
Strategic Objectives
|
high-level goals that are aligned with and support the company's mission
|
|
| 55 |
Operations Objectives
|
deal with the effectiveness and efficiency of company operations, such as performance and profitability...
|
|
| 56 |
Reporting Objectives
|
help ensure the accuracy, completeness, and reliability of internal and external company reports,...
|
|
| 57 |
Compliance Objectives
|
help the company comply with all applicable laws
|
|
| 58 |
Internal Environment
|
most important component of the ERM and internal control frameworks. Influences how organizations...
|
|
| 59 |
Objective setting
|
can't work controls without objectives
|
|
| 60 |
Event Identification
|
event = and incident or occurrence emanating from internal or external sources that affects...
|
|
| 61 |
Inherent Risk
|
risk that exists before management takes and steps to control the likelihood ori mpact of a...
|
|
| 62 |
Residual Risk
|
risk that remains after management implements internal controls, or some other response to...
|
|
| 63 |
Control Activities
|
policies, procedures, and rules that provide resonable assurance that management's control...
|
|
| 64 |
Authorization
|
ofen documented by signing, initializing, or entering an authorization code
|
|
| 65 |
Digital Signature
|
means of signing a document with a piece of data that cannot be forged
|
|
| 66 |
Time-Based Model of Security
|
focuses on the relationship between preventive, detective, and corrective controls
|
|
| 67 |
Defense-in-Depth
|
employ multiple layers of controls in order to avoid having a single point of failure
|
|
| 68 |
Authentication
|
focueses on verifying the indentity of the person or device attempting to access the system
|
|
| 69 |
Biometric
|
fingerprints or voice recognition
|
|
| 70 |
Multifactor Authentication
|
3 levels of authentication, makes it much stronger
|
|
| 71 |
Authorization
|
restricts access of authenticated users to specific portions of the system and specifies what...
|
|
| 72 |
Border Router
|
connects an organization's information system to the internet
|
|
| 73 |
Firewall
|
special-purpose hardware device or software running on a general-purpose computer
|
|
| 74 |
Transmission Control Protocol (TCP)
|
specifies that procedures for dividing files and documents into packets to be sent over the...
|
|
| 75 |
Internet Protocol (IP)
|
specifies the structure of those packets and how to route them to the prooper destination
|
|
| 76 |
Routers
|
designed to read the destination address fields in IP packet headerse to decide where to send...
|
|
| 77 |
Access Control List (ACL)
|
determines which packets are allowed entry and which are dropped
|
|
| 78 |
Static Packet Filtering
|
screens individual IP packets based solely on the contents of the source and/or destination...
|
|
| 79 |
Stateful Packet Filtering
|
maintains a table that lists all established connections between the organization's computers...
|
|
| 80 |
RADIUS = Remote Authentication Dial-In User Service
|
organizations still permit employees to remotely access the organizational network by dialing...
|
|
| 81 |
War Dialing
|
calls every telephone number assigned to the organization to identify those which are conneceted...
|
|
| 82 |
Vulnerabilities
|
Flaws that can be exploited to either crash the system or take control of it
|
|
| 83 |
Hardening
|
turning off unnecessary programs that represent potential security threats
|
|
| 84 |
Encryption
|
transforming normal text (plaintext) into unreadable gibberish
|
|
| 85 |
Ciphertext
|
The unreadable gibberish text
|
|
| 86 |
Decryption
|
trasnforms ciphertext back into plaintext
|
|
| 87 |
Hashing
|
process that takes plaintext of any length and transforms it into a short code called a hash. ...
|
|
| 88 |
Log Analysis
|
process of examining logs to monitor security
|
|
| 89 |
Intrusion Detection Systems (IDS)
|
create logs of network traffic that was permitted to pass the firewall and then analyze those...
|
|
| 90 |
Vulnerability Scans
|
automated tools designed to identify whether a given system possesses any well-known vulnerabilities
|
|
| 91 |
Penetration Test
|
authorized attempt by either an internal audit team or external security consulting firm to...
|
|
| 92 |
Computer Emergency Response Team (CERT)
|
responsible for dealing with major incidents. Not only technical specialists but also senior...
|
|
| 93 |
Patch
|
code released by software developers that fixes a particular vulnerability
|
|
| 94 |
Patch Management
|
process for regularly applying patches and updates to all software used by organization
|
No comments yet! Be the first to add a comment below!
Please login to post comments.
After login, we will forward you back to this flashcard.