Principles of Cybersecurity, 1st Edition page 66

Review and Assessment Copyright Goodheart-Willcox Co., Inc. 66 Principles of Cybersecurity Chapter Summary Section 2.1 Security Principles • The CIA triad describes the three underlying principles of data protection. These principles are confi dentiality, integrity, and availability. • The areas of a business can be broken down into six security domains to help manage the process of protecting data and assets: users, workstation, LAN, WAN, remote access, and system. Users represent the weakest link in the security chain. Section 2.2 Vulnerabilities and Threats • Malware is computer code intentionally written to cause some form of harm. The action it performs is called its payload. • Software and fi rmware may include vulnerabilities when it is released. Patches are issued to fi x these issues when they are discovered. • Security threats beyond malware include keyloggers, adware, cookies, and social engineering. Even innocent information posted on public websites or social media can provide a means for a hacker to fi nd a way into an account or business website. Section 2.3 Legal Requirements • Security professionals are responsible for ensuring compliance with the terms of laws and regulations that have been enacted to protect data. There are many federal and state laws that apply to cybersecurity as well as industry standards. • Some of the laws that apply to cybersecurity measures include the Computer Fraud and Abuse Act (CFAA), Electronic Communication Privacy Act (ECPA), Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX), and Health Insurance Portability and Accountability Act (HIPAA). The Payment Card Industry Data Security Standard (PCI DSS) is a set of regulations that also applies. Check Your Cybersecurity IQ Now that you have completed this chapter, see what you have learned about cybersecurity by visiting the student companion website (www.g-wlearning.com) and taking the chapter posttest. Review Questions For each question, select the answer that is the best response. 1. A guessed password affects which basic principle of a company’s security? A. Confi dentiality B. Safety C. Availability D. Integrity 2. A Windows 7 machine used by the receptionist did not get the latest security patches, and a known vulnerability was exploited. Which business security domain should have addressed this issue? A. Workstation B. LAN C. Server D. WAN 3. Which of the following presents a threat to the network? A. An unpatched computer. B. A computer infected with a root kit. C. The sales manager’s use of a weak password. D. Files are not protected with a password. 4. The data on a server is encrypted from a _____ threat. This affects the _____ principle. A. ransomware confi dentiality B. worm availability C. ransomware availability D. root kit integrity

Previous Page Next Page

Principles of Cybersecurity, 1st Edition Page 66 (78 of 634)

Resources and Downloads

Help