Deck 1: The Threat Environment

A) countermeasure
B) data breach
C) safeguard
D) compromise

A) 2.2 billion
B) 1 million
C) 5 billion
D) 100,000

A) It's likely that half of all Americans lost their records at least one time in 2018.
B) It's likely that nearly everyone lost their records at least one time in 2018.
C) More than 12 billion people lost their records in 2018.
D) Slightly less than half of the world's population lost their records at least once in 2018.

A) $3.9 million per incident
B) $150 million per year
C) $10,000 per incident
D) $190,000 per year

A) 10 percent
B) 20 percent
C) 42 percent
D) 28 percent

A) Loss of reputation
B) Notification costs
C) Legal fees
D) Detection

A) Amazon
B) Yahoo! Inc.
C) First American Corp.
D) Facebook

A) personal and business addresses
B) access to systems
C) personally identifiable information
D) cash and credit card numbers

A) credit card fraud
B) identity theft
C) false claims
D) data mismanagement

A) Locking up your data to prevent data breaches
B) Understanding how data breaches happen
C) Purchasing software to prevent data breaches
D) Hiring a qualified data security team

A) online
B) from point-of-sale (POS) systems
C) primary by internal hackers, mostly employees
D) through employee extortion

A) spear phishing; sabotage
B) hacking; sabotage
C) spear phishing; a targeted phishing attack
D) viruses; worms

A) Employee sabotage
B) Malware
C) A virus
D) A worm

A) EMV-compliant smart cards
B) POS systems
C) keystroke logger
D) rootkits

A) loss of money
B) loss of customer confidence
C) loss of merchandise
D) employee dissatisfaction

A) Employees usually have extensive knowledge of systems.
B) Employees often have the credentials needed to access sensitive parts of systems.
C) Companies generally have little trust in their employees.
D) Employees know corporate control mechanisms and so often know how to avoid detection.

A) Financial professionals
B) IT security employees
C) CEOs
D) Data entry clerks

A) Product formulations
B) Patents
C) Trade names
D) Trademarks

A) Viruses
B) Worms
C) Direct-propagation worms
D) Distributed denial-of-service (DDoS) attacks

A) Direct-propagation worms
B) Trojan horses
C) Blended threats
D) Bots

A) Malicious software that blocks access to a system or data until money is paid to the attacker
B) A generic name for any "evil software"
C) A piece of code executed by a virus or a worm
D) A program that gives an attacker remote control of your computer

A) Rootkits are seldom caught by ordinary antivirus programs.
B) Rootkits take over the root account of a computer.
C) Rootkits use a root account's privileges to hide themselves.
D) Rootkits are typically less of a threat than are Trojan horses.

A) the thrill of breaking in
B) making money through crime
C) stealing personal identity data
D) capturing thousands and thousands of credit card numbers

A) spear phishing
B) sabotage
C) IP address spoofing
D) hacking

A) IP address scanning
B) a chain of attack
C) piggybacking
D) IP address spoofing

A) handler
B) hacker
C) hoax
D) rootkit

A) Bug bounties
B) DoS attackers
C) script kiddies
D) black marketers

A) Hackers
B) Career criminal
C) Script kiddies
D) IT or security employer

A) Transshipper
B) APT
C) Black-market website
D) Bug bounty

A) An APT
B) A black-market websites
C) A bug bounty
D) Carding

A) extortion
B) click fraud
C) bug bounty
D) carding

A) Bank account theft
B) Carding
C) Spoofing
D) Click fraud

A) Bank account theft
B) Credit card number theft
C) Spoofing
D) Spam

A) public intelligence gathering
B) spoofing
C) bug bounty
D) carding

A) China
B) Russia
C) Iran
D) United States

A) multinational corporations
B) state, regional, and local governments
C) national governments
D) private citizens

A) terrorists or groups of terrorists
B) national governments
C) large multinational corporations
D) Russian and/or Chinese citizens