Deck 5: IT Security, crime, compliance, and Continuity

A)Botnet
B)Exposure
C)Fault tolerance
D)Spoofing

A)a detailed recovery plan;containment,including a fault-tolerant system
B)perimeter defense technologies,such as e-mail scanners;human resource procedures,such as recruitment screening
C)general controls;application controls
D)physical controls,including authorization;authentication systems

A)Account data was stolen by a former HSBC IT specialist;HSBC learned about the theft from French Authorities several years after the theft.
B)Account data was stolen by a group of hackers who cracked passwords;HSBC detected the data theft from their IT staff within a few days.
C)Malware was used to steal the account data;network intrusion detection systems detected the theft as it was happening.
D)Competitors stole the account data;HSBC learned about the theft months later when customers complained about identity theft.

A)patches;service packs
B)patches;downloads
C)firewalls;spyware
D)service packs;firewalls

A)Users invite in and build relationships with others.Cybercriminals hack into these trusted relationships using stolen log-ins.
B)E-mail viruses and malware have been increasing for years even though e-mail security has improved.
C)Communication has shifted from social networks to smartphones.
D)Web filtering,user education,and strict policies cannot help prevent IT security dangers on Facebook and other social networks.

A)insider error or action that is either intentional or unintentional.
B)insider action that is intentional.
C)former employees and IT staff.
D)hackers.

A)Infosec was mostly a financial issue assigned to the accounting department.
B)The focus was on preemptive approaches to protect ahead of the threats.
C)The biggest concerns were risks from employees and malware.
D)Infosec was viewed as a cost rather than as a resource for preventing business disruptions.

A)IT security is so integral to business objectives that it cannot be treated as a stand-alone function.
B)Internal threats are not a major challenge because firewalls prevent employee malicious activity.
C)Infosec failures have a direct impact on business performance,customers,business partners,and stakeholders.
D)Infosec failures can lead to fines,legal action,and steep declines in stock prices as investors react to the crisis.

A)social engineering
B)phishing
C)spoofing
D)botnets

A)security duty
B)fiduciary responsibility
C)confidentiality contract
D)secrecy function

A)Time-to-exploitation;weeks
B)Time-to-exploitation;minutes
C)Denial of service;days
D)Denial of service;seconds

A)threat
B)risk
C)vulnerability
D)exploit

A)Anti-malware tools and anti-virus software
B)Intrusion detection systems (IDS)
C)Spyware and warez software
D)Intrusion prevention systems (IPS)

A)losses due to IT security breaches can destroy a company financially
B)disruptions due to IT security breaches can seriously harm a company operationally
C)to comply with international,federal,state,and foreign laws,companies must invest in IT security to protect their data,other assets,the ability to operate,and net income
D)All of the above

A)keeping information security convenient for users and inexpensive.
B)securing corporate systems while ensuring their availability.
C)planning for disaster recovery and business continuity.
D)complying with government regulations and license agreements.

A)making data and documents available and accessible 24x7 while also restricting access.
B)implementing and enforcing procedures and acceptable use policies for company-owned data,hardware,software,and networks.
C)storing and archiving all databases and data warehouses on-site protected by firewalls.
D)recovering from business disasters and disruptions quickly.

A)threat
B)risk
C)vulnerability
D)exploit

A)advanced persistent threat (APT)
B)spoofing attack
C)malware intrusion
D)denial of service (DoS)attack

A)Transnational organized crime groups use money laundering to fund their operations,which creates international and national security threats.
B)Cybercrime is safer and easier than selling drugs,dealing in black market diamonds,or robbing banks.
C)Funds used to finance terrorist operations are easy to track,which provides evidence to identify and locate leaders of terrorist organizations and cells.
D)Online gambling offers easy fronts for international money-laundering operations.

A)Fostering company loyalty
B)Immediately revoking access privileges of dismissed,resigned,or transferred employees
C)Instituting separation of duties by dividing sensitive computer duties among as many employees as economically feasible
D)Performing authorization and authentication

A)Security company IronKey reported that password cracking software can quickly copy the contents of a BlackBerry's SD card and crack a 4-digit PIN in 30 seconds.
B)Password cracking software can crack security on a handheld device without alerting the owner that the device's security has been compromised.
C)password cracking software can store log-in information for the cracked handheld,allowing a hacker to access the hacked device again,unless the user changes the password.
D)All of the above.

A)data and data processing capabilities
B)hardware and software applications and wireless devices
C)data and networks
D)data,hardware,software applications,and networks

A)firewall
B)switch
C)router
D)gateway

A)Corruption
B)Conflict of interest
C)Occupational fraud
D)Earnings management

A)convenience
B)encryption
C)authorization
D)all of the above

A)a gun,knife,or other small weapon
B)deception,confidence,and trickery
C)embezzlement and electronic transfers of money
D)bribery and threats

A)in the accounting department
B)in the IT department
C)at the top levels of the organization
D)at the lowest levels of the organization

A)financial expertise and human error
B)social engineering and the predictability of human nature
C)red flags and accounting loopholes
D)unbelievable returns that defied the market

A)prevention
B)detection
C)prosecution
D)compliance

A)Network access control (NAC)
B)Security exchange commission (SEC)
C)Wi-Fi protected access (WPA)
D)Intrusion detection system (IDS)

A)authorization
B)authentication
C)endpoint security
D)information assurance

A)Firewalls are a barrier between a corporate intranet or other internal networks and the Internet.
B)Firewalls function by deciding what traffic to allow into and out of the network and what traffic to block.
C)Firewalls must be configured to enforce the company's security procedures and policies.
D)Network firewalls stop all viruses and most other types of malware.

A)perimeter security layer to control access to the network.
B)authentication layer to verify the identity of the person requesting access to the network.
C)biometrics layer to monitor network usage.
D)authorization layer to control what authenticated users can do once they are given access to the network.

A)stolen computers
B)identity theft
C)network intrusion
D)malware

A)is fully secured
B)cannot be authenticated
C)has a moderate level of security
D)may be intercepted and disclosed

A)access
B)biometric
C)application
D)physical

A)Wireless packet analyzers
B)Password crackers
C)Firewall sniffers
D)Intrusion detectors

A)the requirements and operations of the business
B)how firewalls,anti-virus software,and other technology function
C)tactics of hackers,fraudsters,botnets,and identity thieves
D)how much to invest in risk management

A)Security bonds or malfeasance insurance for key employees
B)Emergency power shutoff and backup batteries
C)Shielding against electromagnetic fields
D)Properly designed and maintained air-conditioning systems

A)missing documents.
B)delayed bank deposits.
C)employees who do not take vacations or go out of their way to work overtime.
D)large increase in network traffic.

A)5%
B)10%
C)20%
D)33%

A)is an antifraud law.
B)forces more accurate business reporting and disclosure of GAAP (generally accepted accounting principles)violations.
C)makes it necessary to find and root out fraud.
D)All of the above

A)Disaster recovery
B)Auditing
C)Date recovery
D)Internal control

A)23%
B)43%
C)73%
D)93%