Exam 3: Computer and Internet Crime

Industrial espionage and competitive intelligence are the same thing.

Whenever possible, automated system rules should mirror an organization's written policies.

An intrusion prevention system is software and/or hardware that monitors system and network resources and activities, and notifies network security personnel when it identifies possible intrusions from outside the organization or misuse from within the organization.

Edward Davidson ran a spamming operation out of his home that sent hundreds of thousands of spam e-mails. The header information of these e-mails concealed the actual sender from the recipient of the e-mail, a violation of the ____ Act.

The use of smart cards which contain a memory chip that is updated with encrypted data every time the card is used, is much more popular in the United States than Europe.

The ____ is a type of computer crime perpetrator whose primary motive is to achieve a financial gain.

The cost of creating an e-mail campaign for a product or a service can easily exceed the cost of a direct-mail campaign. Such an e-mail campaign also typically takes longer to develop.

____ have become the primary means for distributing spam, malware, and phishing scams.

Part of a thorough security risk assessment is to determine how each threat can be ____ so that it becomes much less likely to occur or, if it does occur, has less of an impact on the organizations.

To initiate a denial-of-service attack, a tiny program is downloaded surreptitiously from the attacker's computer to dozens, hundreds, or even thousands of computers all over the world. Based on a command by the attacker or at a preset time, these computers called ____________________ go into action, each sending a simple request for access to the target site again and again.

The process of assessing security-related risks from both internal and external threats to an organization's computers and networks is call a(n) ____________________.

According to the 2008 CSI Computer Crime and Security Survey, virus related incidents were the most common security incident.

The ____ code portion of a rootkit gets the rootkit installation started and can be easily activated by clicking on a link to a malicious Website in an e-mail or opening an infected .pdf file.

Societe Generale, France's second largest banking establishment, had long had a reputation for having poor internal controls. It is no wonder that a relatively inexperienced trader was able to take advantage of the bank's system of weak internal controls to exceed his trading limit and cause the bank to lose more than €4.9 billion.

Briefly describe the security training appropriate for all employees, contractors, and part-time workers.

Installation of a corporate firewall is the most common security precaution taken by business. Once a good firewall is in place, the organization is safe from future attacks.

Estimates of the rate at which software vulnerabilities are discovered around the world ____________________.

Some IT security experts warn that is will not be long before we see ____ aimed at smartphones to steal user's data or turn them into remote-controlled bots.

Phishing frequently leads consumers to counterfeit Web sites designed to trick them into initiating a denial-of-service attack.

____ is (are) the abuse of e-mail systems to send unsolicited e-mail to large numbers of people.