Business Driven Technology Study Set 2

Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident are called insiders.

Insiders are illegitimate users who purposely or accidentally misuse their access to the environment to do business.

Information security policies detail how an organization will implement the information security plan.

Dumpster diving, another security breach for companies, occurs when people not associated with the company jump into the company's outside garbage bins and try to gather and steal any valuable company products they can resell on eBay.

Organizations address security risks through two lines of defense.The first is people and the second is technology.

Pretexting is a form of social engineering in which one individual lies to obtain confidential data about another individual.

Ransomware is a form of social engineering in which one individual lies to obtain confidential data about another individual.

Through social engineering, hackers use their social skills to trick people into revealing access credentials or other valuable information.

Through pretexting, hackers use their social skills to trick people into revealing access credentials or other valuable information.

The three primary information security areas are (1) authentication and authorization, (2) policies and rewards, and (3) detection and response.

Tokens are small electronic devices that change user passwords automatically.

The technique to gain personal information for the purpose of identity theft, often through fraudulent emails that look as though they came from legitimate businesses, is called phishing.

A process of providing a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space is called authentication.

One of the most ineffective ways to set up authentication techniques is by setting up user IDs and passwords.

Biometrics is the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting.

A firewall scrambles information into an alternative form that requires a key or password to decrypt.

Identity theft is the forging of someone's identity for the purpose of fraud.

Identity theft is the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity.

A phishing expedition is a masquerading attack that combines spam with spoofing.The perpetrator sends millions of spam emails that appear to be from a respectable company.The emails contain a link to a website that is designed to look exactly like the company's website.The victim is encouraged to enter his or her username, password, and sometimes credit card information.

Spear phishing is a phishing expedition in which the emails are carefully designed to target a particular person or organization.