Karten 61 Karten
Lernende 7 Lernende
Sprache English
Stufe Universität
Erstellt / Aktualisiert 31.07.2020 / 18.04.2021
Lizenzierung Keine Angabe
0 Exakte Antworten 61 Text Antworten 0 Multiple Choice Antworten
Fenster schliessen

Whats Risk Deterrence 

Deterrence: Abschreckung

security cameras, security guards, instructional signage

Fenster schliessen

Whats Risk avoidance

selecting alternate options or activities that have less associated risk than the default e.g.: removing the FTP protocol from a server to avoid FTP attacks.

Fenster schliessen

Whats Risk Rejection

to reject risk or ignore risk. 

Fenster schliessen

Whats Residual risk

  • once a countermeasure is implemented the risk that remains is called a residual risk. 
Fenster schliessen

What is the Patriot act

  • the way government agencies obtain wiretapping authorizations
  • allow authorities to obtain a blanket authorization for a person and then monitor all communications to or from that person under the single warrant.
  • ISPs may have to provide the government with a large range of information.

nicht so wichtig
Fenster schliessen

What is the European Union General Data Protection Regulation

  • The new law applies to all organizations that collect data from EU residents or process that information on behalf of someone who collects it.
  • The law even applies to organizations that are not based in the EU, if they collect information about EU residents.
  • The ability of the EU to enforce this law globally remains an open question
  • A data breach notification requirement that mandates that companies inform authorities of serious data breaches within 24 hours
  • The creation of centralized data protection authorities in each EU member state
  • Provisions that individuals will have access to their own data
  • Data portability provisions that will facilitate the transfer of personal information between service providers at the individual’s request
  • The “right to be forgotten” that allows people to require companies to delete their information if it is no longer needed

nicht so wichtig
Fenster schliessen

What does STRIDE stand for

STRIDE is a model of threats

Spoofing: attack with the goal to gain access and target the system with a falsified identity

Tampering: unauthorized change or manipulation of data whether in transit or storage, to falsify communication or alter  static information

Repudiation: The ability of an attacker to deny having performed an action or activity

Information disclosure: the revelation or distribution of private, confidential, or controlled information to external or unauthorized entities.

Denial of Service (DoS): prevents use of a resource, could reduce throughput or introduce latency in order to hamper productive use of a service

Elevation of privilege:  transform a limited use account into an account with greater privileges, powers and access.

Fenster schliessen

What is a Threat and what does it involve?

Any potential danger to an asset done intentional or accidental

Threat actor: intentionally exploits vulnerabilities, Script kiddies, Organized crime groups, state sponsor and governments, Hacktivists, Terrorist groups,

Threat intelligence: knowledge about an existing or emerging threat  to assets including networks and systems.

Threat event: accidental and intentional exploits of vulnerabilities.