Deck 1: Introduction to the Management of Information Security

One form of e-mail attack that is also a DoS attack is called a mail spoof,in which an attacker overwhelms the receiver with excessive quantities of e-mail._________________________

A(n)polymorphic threat is one that over time changes the way it appears to antivirus software programs,making it undetectable by techniques that look for pre-configured signatures._________________________

The malicious code attack includes the execution of viruses,worms,Trojan horses,and active Web scripts with the intent to destroy or steal information._________________________

A device (or a software program on a computer)that can monitor data traveling on a network is known as a socket sniffer._________________________

The first step in solving problems is to gather facts and make assumptions.

When voltage levels lag (experience a momentary increase),the extra voltage can severely damage or destroy equipment._________________________

The term phreaker is now commonly associated with an individual who cracks or removes software protection that is designed to prevent unauthorized duplication._________________________

A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach,so that users who subsequently visit those sites become infected.

"Shoulder spying" is used in public or semi-public settings when individuals gather information they are not authorized to have by looking over another individual's shoulder or viewing the information from a distance._________________________

DoS attacks cannot be launched against routers.

Corruption of information can occur only while information is being stored.

The authorization process takes place before the authentication process.

The macro virus infects the key operating system files located in a computer's start up sector._________________________

____________________ is unsolicited commercial e-mail.

ESD is the acronym for ____________________ discharge.

A ____________ overflow is an application error that occurs when the system can't handle the amount of data that is sent.

What are the three distinct groups of decision makers or communities of interest on an information security team?

Duplication of software-based intellectual property is more commonly known as software ____________________.

List the measures that are commonly used to protect the confidentiality of information.

A(n)____________________ hacks the public telephone network to make free calls or disrupt services.

Attempting to reverse-calculate a password is called ____________________.

Explain the differences between a leader and a manager.

A(n)____________________ is an act against an asset that could result in a loss.

List and explain the critical characteristics of information as defined by the C.I.A.triad.

The three levels of planning are strategic planning,tactical planning,and ____________________ planning.

A virus or worm can have a payload that installs a(n)____________________ door or trap door component in a system,which allows the attacker to access the system at will with special privileges.

List the specialized areas of security.

The set of organizational guidelines that dictates certain behavior within the organization is called ____________________.

Some information gathering techniques are quite legal,for example,using a Web browser to perform market research.These legal techniques are called,collectively,competitive ____________________.

List and explain the four principles of management under the contemporary or popular management theory.Briefly define each.

A(n)____________________ is a potential weakness in an asset or its defensive control(s).

List the steps that can be used as a basic blueprint for solving organizational problems.

A momentary low voltage is called a(n)____________________.

Discuss the planning element of information security.

What is authentication?  Provide some examples.

There are 12 general categories of threat to an organization's people,information,and systems.List at least six of the general categories of threat and identify at least one example of those listed.