Exam 10: Computer Crime and Information Technology Security

COBIT's enablers include culture, ethics and behavior.Establishing an organizational culture that values honesty is least likely to prevent which of the following risks to information systems?

George received an e-mail that threatened to release his personal financial data unless he paid a fee.Which category of computer crime best describes that situation?

According to COBIT 5, an organization's information technology governance and management should enable a holistic approach.Which of the following frameworks provides the most holistic view of an organization?

Consider the following examples of computer crime as you answer the question: i.Social Security numbers are stolen from a company's database.ii.A fraudster uses a computer to identify people over the age of 80 with annual incomes of $250,000 or more.iii.A supervisor receives threats from a worker via e-mail; the worker demands promotion as a condition of not exposing the supervisor's illegal acts.iv.An unhappy customer launches a denial-of-service attack.Which of the following pairs an item from the list with an appropriate description of a business risk?

Consider the following examples of computer crime as you answer the question: i.Social Security numbers are stolen from a company's database.ii.A fraudster uses a computer to identify people over the age of 80 with annual incomes of $250,000 or more.iii.An employee receives threats from a co-worker via e-mail.iv.An unhappy customer launches a denial-of-service attack.Carter's taxonomy of computer crime comprises four categories.Which of the following statements is most true?

COBIT's enablers include culture, ethics and behavior.Which element of the COSO internal control framework is most closely related to that enabler?

Consider the following examples of computer crime as you answer the question: i.Social Security numbers are stolen from a company's database.ii.A fraudster uses a computer to identify people over the age of 80 with annual incomes of $250,000 or more.iii.An employee receives threats from a co-worker via e-mail.iv.An unhappy customer launches a denial-of-service attack.Carter's taxonomy of computer crime comprises four categories.Which of the following pairs includes items from different categories?

George received an e-mail that threatened to release his personal financial data unless he paid a fee.That situation is an example of:

Consider the following short case as you respond to the question: Melissa is an internal auditor for the County of Bufflufia.Her job responsibilities include providing training on information systems security and checking the work of data entry clerks.Melissa is also part of a team that responds to denial-of-service attacks on the county's information system.Her co-worker, Eugene, ensures that all the county's computers have the most up-to-date antivirus software; he also enforces the county's policy of backing up sensitive data, such as employee social security numbers and other payroll information, at least once a day.The back-ups are dated and stored in a locked filing cabinet.Which employee has responsibilities related to technical security controls?

According to COBIT's principles, information technology governance and management should enable a ___ approach.

Consider the following short case as you respond to the question: Melissa is an internal auditor for the County of Bufflufia.Her job responsibilities include providing training on information systems security and checking the work of data entry clerks.Melissa is also part of a team that responds to denial-of-service attacks on the county's information system.Her co-worker, Eugene, ensures that all the county's computers have the most up-to-date antivirus software; he also enforces the county's policy of backing up sensitive data, such as employee social security numbers and other payroll information, at least once a day.The back-ups are dated and stored in a locked filing cabinet.Melissa's responsibilities relate to which elements of the CIA triad?

Which category of computer crime in Carter's taxonomy recognizes that the presence of computers has generated new versions of traditional crimes?

COBIT's enablers include "information." According to ISACA, information is very often the key product of the enterprise itself.Which of the following best exemplifies ISACA's explanation?

According to COBIT 5, an organization's information technology governance and management should meet stakeholder needs.Which of the following best pairs a stakeholder with an information need?

Consider the following short case as you respond to the question: Melissa is an internal auditor for the County of Bufflufia.Her job responsibilities include providing training on information systems security and checking the work of data entry clerks.Melissa is also part of a team that responds to denial-of-service attacks on the county's information system.Her co-worker, Eugene, ensures that all the county's computers have the most up-to-date antivirus software; he also enforces the county's policy of backing up sensitive data, such as employee social security numbers and other payroll information, at least once a day.The back-ups are dated and stored in a locked filing cabinet.Which of the following statements is most true?

Which element of Carter's taxonomy of computer crime is associated with each item below? a.Computer is not required for the crime but is related to the criminal act b.Computer is used to commit the crime c.Computer use may make a crime more difficult to trace d.Growth of the Internet creates new ways of reaching victims e.Objective is to impact the confidentiality, availability and/or integrity of data f.Presence of computers has generated new versions of fairly traditional crimes g.Targets the system or its data h.Technological growth creates new crime targets i.Use of the computer simplifies criminal actions j.Uses the computer to further a criminal end

Following the principles and enablers of COBIT will enable organizations to better:

The chapter discussed eleven examples of risks and threats to information systems and seven enablers from the COBIT framework.Consider the items below, each of which pairs risk with an enabler; explain how the two are related.The first item is done as an example. a.Fraud/Processes.Every organization should have a process in place for reporting suspected fraud. b.Information theft/Information. c.Malicious software/Services, infrastructure and applications. d.Disclosure of confidential information/Culture, ethics and behavior. e.Service interruptions and delays/Organizational structures. f.Fraud/People, skills and competencies.

The terms target, instrumentality, incidental and associated from Carter's taxonomy are most closely associated with which form of risk from Brown's taxonomy?

COBIT's principles include the need to separate governance from management.Based on Carter's taxonomy, which types of computer crime are most likely to occur if governance and management are not separated?