Exam 5: Cybersecurity and Risk Management

SOX and the SEC regulators are making it clear that if controls can be ignored,there is no control.Therefore,fraud prevention and detection require an effective monitoring system.

Define social engineering.Describe two ways in which social engineering could be used to obtain credentials from a user in order to gain access to an account or network.

Storm worm,which is spread via spam,is a ________ agent embedded inside over 25 million computers.Storm's combined power has been compared to the processing power of ________.

Detecting internal fraud has become sophisticated.Audit trails from key systems and personnel records are stored in data warehouses and subjected to __________ where things like excessive hours worked,unusual transactions,copying of huge amounts of data and other unusual patterns of behavior are identified.

Discuss how social networks and cloud computing increase IT security risks.How do you recommend that they risks be reduced?

The principle of ________ acknowledges that the cost of information security needs to be balanced with its benefits.It is the basic cost-benefit principle with which you are familiar.

Powerful IT security systems are needed to defend against what appears to be authorized access to a network or application.

Sometimes system failures and data or information loss can result from reasons other than an intentional attempt to breach security.Unintentional threats are all of the following except ___________.

The ability of an IS to continue to operate when a failure occurs,but usually for a limited time or at a reduced level is referred to as __________.

Crime can be divided into two categories depending on the tactics used to carry out the crime: ________.

One source of cybersecurity threats today are ____________who breach networks in an attempt to gain media attention or for their cause.

An audit is an important part of any control system.Which of the following is not a question that would typically be asked as part of an information systems audit?

Managers should expect less tolerant regulators and greater fines and negative consequences for data breaches,according to KPMG.

Attacks ________ could significantly disrupt the functioning of government and business-and trigger cascading effects far beyond the targeted sector and physical location of the incident.

Most data breaches go unreported,according to cybersecurity experts,because corporate victims fear that disclosure would damage their stock price,or because they never knew they were hacked in the first place

In Cybersecurity terminology,a(n)__________ is defined as a tool or technique that takes advantage of a vulnerability.

U.S.cybersecurity experts and government officials are increasingly concerned about breaches from __________ into corporate networks,either through mobile devices or by other means.

Fraudsters carry out their crime by threatening others and by taking advantage of their fears of job loss or disciplinary action.

The _________ is an exercise that determines the impact of losing the support or availability of a resource.

Explain internal fraud.Describe the most effective approach to preventing it.