Deck 10: Information Systems Security

A) hacker
B) phisher
C) safeguard
D) sniffer

A) an employee inadvertently installing an old database on top of the current one
B) an employee intentionally destroying data and system components
C) a virus and worm writer infecting computer systems
D) a hacker breaking into a system to steal for financial gain

A) unauthorized data disclosure
B) incorrect data modification
C) faulty services
D) loss of infrastructure

A) Hacking
B) Usurping
C) Sniffing
D) Pretexting

A) deletion of records by an employee who is unaware of operating procedures
B) poorly written programs resulting in data losses
C) loss of data as a result of flooding
D) hacking of information systems

A) target
B) vulnerability
C) threat
D) key escrow

A) Spoofing
B) Phishing
C) Sniffing
D) Pretexting

A) IP spoofing
B) caches
C) denial of service
D) adware

A) hacking
B) phishing
C) usurping
D) sniffing

A) Keyloggers
B) Pretexters
C) Drive-by sniffers
D) Phishers

A) bookmarks
B) pop-ups
C) cookies
D) toolbars

A) It involves the use of a personal identification number (PIN) for authentication.
B) It provides weak authentication.
C) It is a relatively inexpensive mode of authentication.
D) It often faces resistance from users for its invasive nature.

A) a hacker monitoring and intercepts wireless traffic at will
B) a hacker floods a Web server with millions of bogus service requests
C) an intruder using another site's IP address to masquerade as that other site
D) a phisher pretending to be a legitimate company and requesting confidential data

A) Cookies
B) Botnets
C) Payloads
D) Public keys

A) Encryption
B) Spoofing
C) Phishing
D) Usurpation

A) Unauthorized data disclosure
B) Incorrect data modification
C) Denial of service
D) Loss of infrastructure

A) Surveys on computer crimes provide accurate results since they use standard parameters to measure and tally computer crime costs.
B) Surveys suggest that some organizations do not report all their computer crime losses, and some will not report such losses at all.
C) Losses due to natural disasters can be measured accurately.
D) Losses due to human error are insignificant.

A) Pretexting
B) Phishing
C) Hacking
D) Spoofing

A) All organizations except financial institutions should invest heavily in security safeguards.
B) Organizations should implement safeguards that balance the trade-off between risk and cost.
C) Passwords are classified as technical safeguards.
D) Physical security is classified as human safeguards.

A) sending valuable data only via email or IM
B) using single password for all the sites
C) removing high-value assets from computers
D) storing browsing history, temporary files, and cookies

A) the Privacy Act of 1974
B) the Sarbanes-Oxley Act
C) the HIPAA of 1996
D) the Gramm-Leach-Bliley Act

A) sharing the private key with all systems connected to the network
B) creating IS security software programs
C) establishing the security policy
D) avoiding the use of perimeter firewalls

A) ATM card
B) smart card
C) cookie
D) key escrow

A) cookies
B) firewalls
C) key escrow
D) passwords

A) key
B) honeypot
C) cookie
D) cache

A) Employees' dissatisfaction
B) Natural disasters
C) Hackers
D) Competitors

A) denial-of-service
B) sniffing
C) brute force
D) phishing

A) Social Security number
B) public key
C) personal identification number
D) private key

A) certain Web sites being censored for hurting sentiments
B) small amounts of spam in a user's inbox
C) an unauthorized transaction from a user's credit card
D) pop-up ads appearing frequently

A) smart cards
B) facial features
C) passwords
D) personal identification numbers