Chapter 12--Information Security Management

A security threat is a challenge to the integrity of information systems that arises from one of three sources: human error and mistakes,malicious human activity,and natural events and disasters.
Pretexting occurs when someone deceives by pretending to be someone else.
Phishing-used for obtaining unauthorized data that uses pretexing via email.
Spoofing-is another term for someone pretending to be someone else.
Sniffing- is a technique for intercepting computer communications .
Drive-by sniffers- simply take computers with wireless communications through an area and search for unprotected wireless networks.
Hacking-occurs when a person gains unauthorized access to a computer system.
Usurpation-occurs when unauthorized programs invade a computer system and replace legitimate programs.
A security program has three components: senior-management involvement, safeguards of various kinds,and incident response.
A security policy has three elements: the first is a general statement of the organizations security program. The second is the issue specific-policy. The third is the system-specific policy.
Risk is the likelihood of an adverse occurrence.
Uncertainty- refers to the things we do not know that we do not know.
Technical safeguards involve the hardware and software components of an information system.
A smart card is a plastic card similar to a credit card.
Biometric authentication- uses personal physical characteristics such as fingerprints,facial features,and retinal scans to authenticate users.
Hashing is a method of mathematically manipulating the message to create a string of bits that characterize the message.
A virus is a computer program that replicates itself.
Trojan horses are viruses that masquerade as useful program or files.
Spyware programs are installed on the user's computer without the user's knowledge or permission.
Adware is similar to spyware in that it is installed without the user's permission and that it resides in the background and observes user behavior.
A botnet is a network of bots that is created and managed by the individual or organization that infected the network with the bot program.
Hardening a site means to take extraordinary measures to reduce a system's vulnerability.
A hot site is a utility company that can take over another company's processing with no forewarning.
A cold site provides computer and office space.