What are the security risks of installing games on an organizations system?
Laptops should be secured at all times. Keep it with you or lock it up securely before you step away -- and make sure it is locked to or in something permanent. Show
Use extra security measures for portable devices (including laptop computers) and portable electronic media containing sensitive or critical info:
Securely delete personally identifiable informationn (PII) and other sensitive data when it is no longer needed for business purposes. Minimizing the amount of sensitive data stored reduces risk in the case of theft. For information on how to securely delete files, see PC/Mac, or email) Report suspected theft of UCSC-related computing equipment to the UCSC Police Department. Be sure to let them know if the stolen equipment contains any sensitive information. Local authorities should also be contacted if the incident occurs away from campus. Insecure storage or transmission of PII and other sensitive information: Examples
Password hacked or revealed. This can lead to compromised data, compromised systems, and people using your accounts without your knowledge.
Missing "patches" and updates: Hackers can take advantage of vulnerabilities in operating systems (OS) and applications if they are not properly patched or updated. This puts all of the data on those system and other connected systems at risk. Make sure all systems connected to the network/Internet have all necessary operating system (OS) and application security “patches” and updates. Computer infected with a virus or other malware: Computers that are not protected with anti-malware software are vulnerable. Out-of-date anti-malware may not detect known malware, leaving your computer vulnerable to infection.
Improperly configured or risky software: This can open your computer up to attackers.
Insecure disposal & re-use: Examples:
Contractor computer compromised: Examples:
Development server compromised: People sometimes think that "test" and "development" systems don't need to be as secure as "live" or "production" systems. This is a myth. If real data is used, it needs to be protected based on its level of sensitivity, regardless of what kind of system it is in. Otherwise, it's an easy invitation for hackers. Don’t use actual sensitive data in test or development systems, or for training purposes. If actual data is used, security for the system, test results (including screenshots), log files containing personal data, etc., must be equal to a comparable production system or data, including access controls. Which statement describes the security risk of installing games on an organization's system?Which statement describes the security risk of installing games on an organization's system? The software may contain a piece of malicious code capable of opening a backdoor.
Which term is used when an attacker attempts to get credit card numbers using telephone and voice technologies?Vishing (voice phishing) is a form of attack that attempts to trick victims into giving up sensitive personal information over the phone.
What technique is used in social engineering attacks?Social engineering is used to gain (unauthorized) access to sensitive data, cryptocurrency wallets or accounts, or to induce victims to download malware onto computers and networks to enact further damage. Such techniques include phishing, baiting, quid pro quo attacks, pretexting, and tailgating.
What is the primary countermeasure to social engineering?What is the best countermeasure against social engineering? Employee education and awareness. For more employee education and awareness resources, please see the following: 10 Cyber Security Awareness Tips.
|