22477859
Beschreibung
Mindmap von Luke ROBERTS, aktualisiert more than 1 year ago
|
Erstellt von Luke ROBERTS
vor fast 4 Jahre
|
|
Learning Aim B:
Cyber Security
- KEY TERMS
- CYBER SECURITY
- Refers to the range of measures that
can be taken to protect computer
systems. networks and data from
unarthorised access or cyber attack.
- Refers to the range of measures that
can be taken to protect computer
systems. networks and data from
unarthorised access or cyber attack.
- THREAT
- A threat is an incident or an action
which is deliberate or unintended
that results in distribution, down
time or data loss.
- INTERNAL THREAT
- Caused by an
incident inside
an organisation
- Caused by an
incident inside
an organisation
- EXTERNAL THREAT
- Caused outside the
organisation
- Caused outside the
organisation
- A threat is an incident or an action
which is deliberate or unintended
that results in distribution, down
time or data loss.
- ATTACK
- An attack is a
deliberate action,
targeting an
organisation's
digital system or
data
- An attack is a
deliberate action,
targeting an
organisation's
digital system or
data
- UNARTHORISED ACCESS
- This refers to someone
gaining entry without
permission to an
organisation's system,
software or data
- HACKER
- Is someone who seeks
out and exploits these
vulnerabilities
- 3 TYPES OF HACKERS
- Black
- They try to inflict
damage by
compromising security
systems
- They try to inflict
damage by
compromising security
systems
- Grey
- Do it for fun and
not with malicious
intent
- Do it for fun and
not with malicious
intent
- White
- Working with
organisation's to
strengthen the security of
a system
- Working with
organisation's to
strengthen the security of
a system
- Black
- Is someone who seeks
out and exploits these
vulnerabilities
- HACKER
- This is achieved by
exploiting a security
vulnerability
- This refers to someone
gaining entry without
permission to an
organisation's system,
software or data
- CYBER SECURITY
- WHY ARE SYSTEMS ATTACKED
- FUN/CHALLENGE
- Hacking systems can be fun or a
challenge
- There is a sense of
achievement
- Friends may give respect of hacking
achievements
- Hacking systems can be fun or a
challenge
- FINANCIAL GAIN
- Ransoms can be made to prevent
attacks from happening
- Ransomware can be used to encrypt
a computer until you pay
- A payment is given to carry
out an attack on an
organization
- Ransoms can be made to prevent
attacks from happening
- DISTRIBUTION
- Attacks such as denial of service
stop websites from working
- Viruses can slow down computers
and delete files
- Attacks such as denial of service
stop websites from working
- INDUSTRIAL ESPIONAGE
- The aim is to find intellectual property such
as design or blueprints for products, business
strategies or software source code
- The aim is to find intellectual property such
as design or blueprints for products, business
strategies or software source code
- PERSONAL ATTACK
- Employees that are unhappy may
attack the company
- Friends/family mat attack each other if
upset over something
- Employees that are unhappy may
attack the company
- INFORMATION/DATA THEFT
- Credit card or financial details are
stolen to gain money
- Company information may also be stolen
- Credit card or financial details are
stolen to gain money
- FUN/CHALLENGE
- MALWARE
- MALICIOUS
SOFTWARE
- This is an umbrella term given to
software that is designed to harm a
digital system, damage data or
harvest sensitive information.
- This is an umbrella term given to
software that is designed to harm a
digital system, damage data or
harvest sensitive information.
- VIRUS
- A piece of malicious code that attaches to a
legitimate program. It is capable of
reproducing itself and usually capable of
causing great harm to files or other programs
on the same computer
- A piece of malicious code that attaches to a
legitimate program. It is capable of
reproducing itself and usually capable of
causing great harm to files or other programs
on the same computer
- WORM
- Similar to virus but unlike a virus it is a self contained program. It is capable of spreading
on it own, without help from humans. Worms get around by exploiting vulnerabilities in
operating systems and attaching themselves to emails. They self replicate at a
tremendous rate, using up hard drive space and bandwidth, overloading servers.
- Similar to virus but unlike a virus it is a self contained program. It is capable of spreading
on it own, without help from humans. Worms get around by exploiting vulnerabilities in
operating systems and attaching themselves to emails. They self replicate at a
tremendous rate, using up hard drive space and bandwidth, overloading servers.
- TROJAN HORSE
- A type of malware that is often disguised as legitimate software. Users
are tricked into downloading it to their computer. Once installed the
Trojan works undercover to carry out a predetermined task. Such as
Backdoor for hackers to use Installing harmful programs Harvesting
sensitive data It is named after the wooden horse used by the ancient
Greeks to infiltrate the city of Troy.
- A type of malware that is often disguised as legitimate software. Users
are tricked into downloading it to their computer. Once installed the
Trojan works undercover to carry out a predetermined task. Such as
Backdoor for hackers to use Installing harmful programs Harvesting
sensitive data It is named after the wooden horse used by the ancient
Greeks to infiltrate the city of Troy.
- ROOTKIT
- Is a set of tools that give a hacker a high level
administrative control, of a computer. They can
then us this privileged position to: Encrypt files
Install programs Change system configuration
Steal data Much like a trojan, rootkits often
come bundled with legitimate software.
- Is a set of tools that give a hacker a high level
administrative control, of a computer. They can
then us this privileged position to: Encrypt files
Install programs Change system configuration
Steal data Much like a trojan, rootkits often
come bundled with legitimate software.
- RANSOMEWARE
- Encrypts files stored on a computer to extort or steal money from organisations.
Victims must then pay a ransom to have the encrypted files unlocked. There is
normally a deadline for the transaction to happen. Bitcoin is usually asked for as
a form of payment as they are difficult to trace. If the payment is not made then
the amount demanded may increase or the files are permanently locked.
Ransomware is usually spread through e-mails or through infected websites.
- Encrypts files stored on a computer to extort or steal money from organisations.
Victims must then pay a ransom to have the encrypted files unlocked. There is
normally a deadline for the transaction to happen. Bitcoin is usually asked for as
a form of payment as they are difficult to trace. If the payment is not made then
the amount demanded may increase or the files are permanently locked.
Ransomware is usually spread through e-mails or through infected websites.
- SPYWARE
- malicious software secretly installed to collect information from
someone else's computer Cyber criminals harvest personal
information such as: Passwords Credit card numbers and other
details Email addresses With this information they can steal
someone's identity, making purchases on their credit card etc
Spyware works in the background on someones computer without
it being noticed.
- malicious software secretly installed to collect information from
someone else's computer Cyber criminals harvest personal
information such as: Passwords Credit card numbers and other
details Email addresses With this information they can steal
someone's identity, making purchases on their credit card etc
Spyware works in the background on someones computer without
it being noticed.
- KEYLOGGERS
- spyware that records every
keystroke made on a computer
to steal personal information
- spyware that records every
keystroke made on a computer
to steal personal information
- BOTNET
- An army of 'zombie' devices. They are used to carry out
mass attacks such as emailing spam to millions of users.
- An army of 'zombie' devices. They are used to carry out
mass attacks such as emailing spam to millions of users.
- DISTRIBUTED
DENIAL-OF-SERVICE ATTACK
- Flooding a website with useless traffic to inundate and
overwhelm the network
- Flooding a website with useless traffic to inundate and
overwhelm the network
- MALICIOUS
SOFTWARE
- SOCIAL ENGINEERING
- PHISHING
- A way of attempting to acquire
information, by pretending to be from a
trustworthy source. examples are email
spoofing, fake websites, spoof phone calls
- A way of attempting to acquire
information, by pretending to be from a
trustworthy source. examples are email
spoofing, fake websites, spoof phone calls
- SPEAR PHISHING
- Involves bespoke emails being sent to
well-researched victims. eg. where somebody who
holds a senior position within an organisation with
access to highly valuable information uses it to
target victims
- Involves bespoke emails being sent to
well-researched victims. eg. where somebody who
holds a senior position within an organisation with
access to highly valuable information uses it to
target victims
- BLAGGING
- A blagger invents a scenario to
engage a targeted victim in a
manner that increases the chance
the victim will divulge information
- A blagger invents a scenario to
engage a targeted victim in a
manner that increases the chance
the victim will divulge information
- SHOULDER SURFING
- Acquiring sensitive information by someone peering
over a users shoulder when they are using a device. It
can also be done from a distance with the use of
technology such as video cameras, drones etc
- Acquiring sensitive information by someone peering
over a users shoulder when they are using a device. It
can also be done from a distance with the use of
technology such as video cameras, drones etc
- PHARMING
- Involves re directing people to bogus, look-a -like websites without realising it has happened.
- Involves re directing people to bogus, look-a -like websites without realising it has happened.
- MAN IN THE MIDDLE ATTACK
- A form of eavesdropping where
the attacker makes an
independent connection between
two victims and steals information
to use fraudulently.
- A form of eavesdropping where
the attacker makes an
independent connection between
two victims and steals information
to use fraudulently.
- PHISHING
Möchten Sie kostenlos Ihre eigenen Mindmaps mit GoConqr erstellen? Mehr erfahren.