Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
68 Cards in this Set
- Front
- Back
- 3rd side (hint)
Define IT security management
|
p467 & 468
|
Review ?s - Chapter 14: IT Security Management & Risk Assessment
|
|
List the 3 fundamental questions IT security mgt tries to address
|
1) What assets do we need to protect?
2) How are those assets threatened? 3) What can we do to counter those threats? |
Review ?s - Chapter 14: IT Security Management & Risk Assessment
|
|
List the steps in the process used to address the 3 fundamental questions IT security mgt tries to address
|
tba
|
Review ?s - Chapter 14: IT Security Management & Risk Assessment
|
|
What are some of the key national and international standards that provide guidance on IT security mgt and risk assessment?
|
p468
|
Review ?s - Chapter 14: IT Security Management & Risk Assessment
|
|
List and briefly define the 4 steps in the iterative security mgt process
|
1) Plan
2) Do 3) Check 4) Act (iterative, back to 1) p470 |
Review ?s - Chapter 14: IT Security Management & Risk Assessment
|
|
Organizational security objectives identify what IT security outcomes are desired, based in part on the role and importance of the IT systems in the organization. List some questions that help clarify these issues
|
p471
|
Review ?s - Chapter 14: IT Security Management & Risk Assessment
|
|
List and briefly define the 4 approaches to identifying and mitigating IT risks
|
p474
1) Baseline approach 2) Informal approach 3) Detailed risk analysis 4) Combined approach |
Review ?s - Chapter 14: IT Security Management & Risk Assessment
|
|
Which of the 4 approaches for identifying and mitigating IT risks does [ISO 13335] suggest is the most cost effective for most organizations?
|
Combined approach (p476)
|
Review ?s - Chapter 14: IT Security Management & Risk Assessment
|
|
List the steps in the detailed security risk analysis process
|
p478, fig 14.3
|
Review ?s - Chapter 14: IT Security Management & Risk Assessment
|
|
Define asset
|
p480
|
Review ?s - Chapter 14: IT Security Management & Risk Assessment
|
|
Define control
|
p480
|
Review ?s - Chapter 14: IT Security Management & Risk Assessment
|
|
Define risk
|
p480
|
Review ?s - Chapter 14: IT Security Management & Risk Assessment
|
|
Define vulnerability
|
p480
|
Review ?s - Chapter 14: IT Security Management & Risk Assessment
|
|
Indicate who provides the key information when determining each of the key assets, their likelihood of compromise, and the consequence, should any be compromised
|
tba
|
Review ?s - Chapter 14: IT Security Management & Risk Assessment
|
|
What are the 2 key questions answered to help identify threats and risk for an asset? Briefly indicate how these questions are answered
|
1) Who or what could cause it harm?
2) How could this occur? p481 |
Review ?s - Chapter 14: IT Security Management & Risk Assessment
|
|
Define consequence
|
tba
|
Review ?s - Chapter 14: IT Security Management & Risk Assessment
|
|
Define likelihood
|
tba
|
Review ?s - Chapter 14: IT Security Management & Risk Assessment
|
|
What is the simple equation for determining risk? Why is this equation not commonly used in practice?
|
tba
|
Review ?s - Chapter 14: IT Security Management & Risk Assessment
|
|
What are the items specified in the risk register for each asset/threat identified?
|
tba
|
Review ?s - Chapter 14: IT Security Management & Risk Assessment
|
|
List and briefly define the 5 alternatives for treating identified risk
|
tba
|
Review ?s - Chapter 14: IT Security Management & Risk Assessment
|
|
Refog: Does your employee/spouse/roommate monitor your activities with a keylogger? Are you sure?
|
tba
|
Lab Thought ?s: Chapter 7 - Monitoring Software
|
|
Refog: What would happen if your employer/spouse/roommate found out you were using a keylogger to monitor your activities
|
tba
|
Lab Thought ?s: Chapter 7 - Monitoring Software
|
|
Refog: Why would someone want to install a keylogger on their own computer?
|
tba
|
Lab Thought ?s: Chapter 7 - Monitoring Software
|
|
Refog: How would you know if you had a keylogger on your computer? How would you get rid of it?
|
tba
|
Lab Thought ?s: Chapter 7 - Monitoring Software
|
|
Spector 360: Would this software help reduce wasted time at work? How?
|
tba
|
Lab Thought ?s: Chapter 7 - Monitoring Software
|
|
Spector 360: Could this software help protect the company from being sued? How?
|
tba
|
Lab Thought ?s: Chapter 7 - Monitoring Software
|
|
Spector 360: Could this software hurt employee morale and lead to other negative behaviors?
|
tba
|
Lab Thought ?s: Chapter 7 - Monitoring Software
|
|
Spector 360: What industries or types of companies would really benefit from this software?
|
tba
|
Lab Thought ?s: Chapter 7 - Monitoring Software
|
|
BtR/FSCrack: How does the cracking program actually "crack" the password?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
BtR/FSCrack: Can a cracking program like John the Ripper crack any password?
|
Depends on the complexity of the password and the hashing algorithm involved
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
BtR/FSCrack:If you used a larger wordlist, would it crack the password faster?
|
Probably not, because it would take some percentage longer to go through a larger wordlist. You'd probably have a better likeliness though.
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
BtR/FSCrack: Can you use foreign language wordlists?
|
Probably, but you might want to check that they have the same language encoding.
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
LCP: Where are these passwords stored on your computer?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
LCP: Can MAC or Linux passwords be cracked?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
LCP: Can someone access your computer by guessing your password?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
LCP: Are there additional options that make guessing passwords faster?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
ophcrack: What are rainbow tables and what do they look like?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
ophcrack: How do rainbow tables differ from dictionary or brute-force attacks?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
ophcrack: If you had a faster computer, would it crack the passwords faster?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
ophcrack: Would a larger encryption key make it harder to crack a given password?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
fgdump: Could someone get the password database from your computer?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
fgdump: Could someone remotely access your password db?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
fgdump: Are the passwords stored in plain-text or encrypted?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
fgdump: How could you keep these passwords from being stolen?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
word/excel: Are there additional programs that can "recover" your passwords more quickly?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
word/excel: Is the password system used in this MS application inherently and intentionally weak?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
word/excel: Would a third-party encryption software keep your documents safer?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
word/excel: Are there options that could speed up the cracking process?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
Revelation: Why allow asterisks to show in the password box? Are they necessary?
|
So the user can tell if they are typing in the correct box and that they have entered enough characters.
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
Revelation: Could someone gain advantage by knowing the number of characters in your password?
|
Yes, they could limit their selection of character length, thus shortening the cracking time.
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
Revelation: Could this tool be integrated into other security software to automate this task?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
Revelation: How does it change asterisks to characters?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
Cain&Able: Did the length or strength of the password slow down the cracking of the password?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
Cain&Able: Why did Cain &Able crack the password so quickly?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
Cain&Able: Would a stronger password even help?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
Cain&Able: Does Cain&Able integrate a password cracker with other security tools?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
Default Passwords: Why have default passwords?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
Default Passwords: Do all devices have default passwords? (e.g., routers, switches, firewalls, desktops, cars, vending machines, alarm systems)
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
Default Passwords: Is there any way to disable default passwords?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
Default Passwords: Does "flashing" the device remove new passwords?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
Password Evaluator: Why did you choose the password you currently have?
|
something that's important to me, with some letters changed to numbers
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
Password Evaluator: Could others follow the same logic and choose a similar password?
|
yes
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
Password Evaluator: Do hackers/crackers know that users follow the same patterns when they choose passwords?
|
yes
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
Password Evaluator: Do you use the same password for multiple accounts?
|
yes
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
Password Generator: Do you think one of these passwords would be easy for you to remember?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
Password Generator: Why are these good passwords?
|
tba
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
Password Generator: Why do special characters make passwords difficult to crack?
|
Because they aren't found in the dictionary and they widely expand the selection needed to cover brute force
|
Lab Thought ?s: Chapter 2 - Password Auditors
|
|
Password Generator: Why does a change of case help make a stronger password?
|
Because a capital letter has a different hash than a lowercase letter, so it makes it harder to crack
|
Lab Thought ?s: Chapter 2 - Password Auditors
|