a concept that indicates exposure to the chance of damage or loss

Which algorithm is a hashing encryption algorithm?

Personal info, company info, and info about intellectual property must be protected

CIA triad includes:

A system in which objects are assigned security labels of varying levels, depending on the object's sensitivity

physical or virtual objects, such as smart cards, ID badges, or data packets, that store authentication information

a type of authentication that relies on detailed info that describes exactly when a keyboard key is pressed and released as someone types info into a computer

this algorithm is modeled after MD5 and is considered the stronger of the two

an email-based or web-based attack that is intended to trick the user into performing undesired actions, such as deleting files in an attempt to remove a virus

an increasingly popular variety of malware in which an attacker infects a victim's computer with code that restricts the victim's access to their computer or the data on it

a formalized statement that defines how security will be implanted within a particular organization

a virus that is able to alter its decryption module each time it infects a new file

they attempt to trick or shield themselves from antivirus software and security professionals

an attack that occurs when the security level of a system is at its lowest, immediately after the discovery of a vulnerability

a type of network attack in which an attacker attempts to disrupt or disable systems that provide network services by various means

Data security must be applied at every level of an organization including :

refers to gaining access to data through unintentional user methods such as email and instant messaging, and the use of mobile devices

the practice of monitoring for, obtaining, evaluating, testing, and deploying software patches and updates

an attacker takes advantage of the trust established between an authorized user of a website and the website itself. It exploits a web browser's trust in a user's unexpired cookies

For relational databases, security measures include:

a hardware, firmware, and software component of a computer system that is responsible for ensuring that the security policy is implemented and the system is secure

the screen lock option on all mobile devices should be enabled with strict requirements on when the device will be locked

the process of actively adding geographical identification metadata to an app or its data

You may need to re-evaluate the openness of certain rooms and systems in order to control for this threat

a network device that manages the info of any applications that interface with it. This info includes the state of apps and the resources they require to designate resources across the network

Organizations can exercise greater control over the privacy and security of their services. This method is geared more toward banking and gov't services that require strict access control

refers to using the cloud to provide access to any or all infrastructure needs a client may have

self-allocates addresses randomly from a small range of 169.254.0.1 to 169.254.255.254

-disabling unnecessary services
-closing unused ports
-regularly applying the appropriate patches
-hiding responses from ports that indicate their status and allow access pre-configured ports only

use the principle of implicit deny so that the firewall blocks any traffic it does not require

symmetric algorithms

any type of attack in which the attacker attempts to obtain and make use of passwords illegitimately

software attacks that are targeted at web-based and other client-server applications

access points on a network that fool users into believing they are legitimate

it is important to always consider what is happening inside an organization, especially when physical security is concerned

physical threats that can be internal or external, intentional or accidental

an approach to securing systems and their data against attack that incorporates many different avenues of defense is called...

a cryptoprocessor device that can be attached to servers and comps to provide digital key security. The modules can provide a number of security functions

a password that meets the complexity requirements that are set by a system admin and documented in a security or password policy

has the monitoring capability of an IDS, but actively works to block any detected threats

a general term for the collected protocols, policies, and hardware that govern access on device network interconnections, provides an additional layer of security

a point to point logical network that is created by grouping selected hosts together using a switch or router

directory access protocol that runs over TCP/IP networks. The schema is extensible, which means you can make changes or add on to it

Directory service vulnerabilities

a data transport technique that can be used to provide remote access in which a data packet is encrypted and encapsulated in another data packet in order to conceal the info of the packet inside

internet protocol combo of PPTP and Layer 2 Forwarding (L2F) that enables the tunneling of PPP sessions across a variety of network protocols

an authentication protocol that sends user IDs and passwords as plaintext. Generally used when a remote client is connecting to a non-windows server that does not support strong password encryption

publicly available email security and authentication utility that uses a variation of public key cryptography to encrypt emails.

an area of info security that is used to identify individuals within a comp system or network