Chat with AIExam 10: Information Systems Security
Describe an incident-response plan.
(40) 
VerifiedEvery organization should have an incident-response plan as part of its security program.The plan should include how employees are to respond to security problems,whom they should contact,the reports they should make,and steps they can take to reduce further loss.
The plan should provide centralized reporting of all security incidents that will enable an organization to determine if it is under systematic attack or whether an incident is isolated.Centralized reporting also allows the organization to learn about security threats,take consistent actions in response,and apply specialized expertise to all security problems.Viruses and worms can spread very quickly across an organization's networks,and a fast response will help to mitigate the consequences.Because of the need for speed,preparation pays.The incident-response plan should identify critical personnel and their off-hours contact information.These personnel should be trained on where to go and what to do when they get there.Finally,organizations should periodically practice incident response.
Hiring,training,and educating employees in an organization is a technical safeguard.
(35) VerifiedFalse
Which of the following is a technical safeguard against security threats?
(27) VerifiedD
While making online purchases,a person should buy only from vendors who support https.
(35) As one of the safeguards against security threats,a person should preferably use the same password for different sites so as to avoid confusion.
(41) Which of the following uses an individual's personal physical characteristics such as fingerprints,facial features,and retinal scans for verification purposes?
(40) Most secure communications over the Internet use a protocol called ________.
(33) Explain the concept of denial of service (DOS)in information management.
(33) ________ occurs when computer criminals invade a computer system and replace legitimate programs with their own unauthorized ones.
(35) With https,data are encrypted using a protocol called the ________.
(40) ________ are created by companies as false targets for computer criminals to attack.
(30) A key is a number used with an encryption algorithm to encrypt data.
(41) With asymmetric encryption,two different keys are used for encoding and decoding a message.
(36) ________ is the process of transforming clear text into coded,unintelligible text for secure storage or communication.
(31) What human safeguards should be taken against security threats for temporary personnel,vendors,and partner personnel?
(30) Smart cards are convenient to use because they do not require a personal identification number for authentication.
(25) Mark receives an email from his bank asking him to update and verify his credit card details.He replies to the mail with all the requested details.Mark later learns that the mail was not actually sent by his bank and that the information he had shared has been misused.Mark is a victim of ________.
(33) Which of the following is considered a personal security safeguard?
(32) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)