Deck 4: Information Security and Controls

A) copyright
B) patent
C) trade secret
D) knowledge base
E) private property notice

A) Infiltrating an organization that stores large amounts of personal information.
B) Phishing.
C) Hacking into a corporate database.
D) Stealing mail.
E) All of the above are strategies to obtain information to assume another person's identity.

A) virus
B) worm
C) phishing
E) spear phishing
E) zero-day

A) Stolen information
B) Stolen identities
C) Financial loss
D) Loss of service
E) All of the above are consequences of poor information security practices.

A) More information systems and computer science departments are teaching courses on hacking so that their graduates can recognize attacks on information assets.
B) Computer attack programs, called scripts, are available for download from the Internet.
C) International organized crime is training hackers.
D) Cybercrime is much more lucrative than regular white-collar crime.
E) Almost anyone can buy or access a computer today.

A) weak passwords.
B) unattended computers.
C) employee negligence.
D) contract labor, such as consultants.
E) poor antivirus software.

A) smaller computing devices
B) downstream liability
C) the Internet
D) limited storage capacity on portable devices
E) due diligence

A) consultants and temporary hires.
B) secretaries and consultants.
C) contract laborers and executive assistants.
D) janitors and guards.
E) executives and executive secretaries.

A) Copyrighted material
B) Patented material
C) A trade secret
D) A knowledge base
E) Public property

A) malicious software
B) tailgating
C) power outage
D) lack of user experience
E) tornados

A) Loss of intellectual property
B) Loss of data
C) Backup costs
D) Loss of productivity
E) Replacement cost

A) vulnerability
B) risk
C) control
D) threat
E) compromise

A) copyright
B) patent
C) trade secret
D) knowledge base
E) private property

A) vulnerability
B) risk
C) control
D) danger
E) compromise

A) Tailgating
B) Hacking
C) Spoofing
D) Social engineering
E) Spamming

A) always illegal because it is considered trespassing.
B) never illegal because it is not considered trespassing.
C) typically committed for the purpose of identity theft.
D) always illegal because individuals own the material in the dumpster.
E) always legal because the dumpster is not owned by private citizens.

A) human resources, finance
B) human resources, management information systems
C) finance, marketing
D) operations management, management information systems
E) finance, management information systems

A) robbery - white collar crime - cybercrime
B) white collar crime - extortion - robbery
C) cybercrime - white collar crime - robbery
D) cybercrime - robbery - white collar crime
E) white collar crime - burglary - robbery

A) They are difficult to guess.
B) They contain special characters.
C) They are not a recognizable word.
D) They are not a recognizable string of numbers
E) They tend to be short so they are easy to remember.

A) something the user is.
B) something the user wants.
C) something the user has.
D) something the user knows.
E) something the user does.

A) Access
B) Physical
C) Data security
D) Administrative
E) Input

A) biometrics, signature recognition
B) authentication, authorization
C) iris scanning, voice recognition
D) strong passwords, biometrics
E) authorization, authentication

A) something the user is.
B) something the user wants.
C) something the user has.
D) something the user knows.
E) something the user does.

A) Zero-day
B) Denial-of-service
C) Distributed denial-of-service
D) Phishing
E) Brute force dictionary

A) Continue operating with no controls and absorb any damages that occur
B) Transfer the risk by purchasing insurance.
C) Implement controls that minimize the impact of the threat
D) Install controls that block the risk.
E) All of the above are strategies for mitigating risk.

A) Spyware
B) Spamware
C) Adware
D) Viruses
E) Worms

A) Risk management
B) Risk analysis
C) Risk mitigation
D) Risk acceptance
E) Risk transference

A) risk management
B) risk analysis
C) risk mitigation
D) risk acceptance
E) risk transference

A) Viruses
B) Worms
C) Trojan horses
D) Back doors
E) Logic bombs

A) Credit card companies usually block stolen credit cards rather than prosecute.
B) People tend to shortcut security procedures because the procedures are inconvenient.
C) It is easy to assess the value of a hypothetical attack.
D) The online commerce industry isn't willing to install safeguards on credit card transactions.
E) The cost of preventing computer crimes can be very high.

A) Computing resources are typically decentralized.
B) Computer crimes often remain undetected for a long period of time.
C) Rapid technological changes ensure that controls are effective for years.
D) Employees typically do not follow security procedures when the procedures are inconvenient.
E) Computer networks can be located outside the organization.

A) something the user is.
B) something the user wants.
C) something the user has.
D) something the user knows.
E) something the user does.

A) risk management
B) risk analysis
C) risk mitigation
D) risk acceptance
E) risk transference

A) phishing
B) zero-day
C) worm
D) back door
E) distributed denial-of-service

A) Viruses
B) Worms
C) Trojan horses
D) Back doors
E) Logic bombs

A) Alien software
B) Virus
C) Worm
D) Back door
E) Logic bomb

A) Viruses
B) Worms
C) Trojan horses
D) Back doors
E) Logic bombs

A) keyloggers, screen scrapers
B) screen scrapers, uninstallers
C) keyloggers, spam
D) screen scrapers, keyloggers
E) spam, keyloggers

A) A cold site has no equipment.
B) A warm site has no user workstations.
C) A hot site needs to be located close to the organization's offices.
D) A hot site duplicates all of the organization's resources.
E) A warm site does not include actual applications.

A) public, public
B) public, private
C) private, private
D) private, public
E) none of these

A) The attack was confined to the Exeter campus.
B) Telephone service was not disrupted.
C) It took three days to clean infected computers and bring the network back into operation.
D) Only the PCs owned by the University had to be scanned.
E) The attack did not affect the professors' ability to run their classes.

A) Apply policy-based standards for e-mail.
B) Comply with Sarbanes-Oxley.
C) Categorize Web sites and block questionable ones.
D) Provide all employees with secure access to external e-mail.
E) Prevent employees from downloading potentially dangerous files.

A) Firewalls prevent unauthorized Internet users from accessing private networks.
B) Firewalls examine every message that enters or leaves an organization's network.
C) Firewalls filter network traffic according to categories of activities that are likely to cause problems.
D) Firewalls filter messages the same way as anti-malware systems do.
E) Firewalls are sometimes located inside an organization's private network.

A) The worm targeted large data warehouses.
B) The worm was fairly simplistic.
C) The worm spread from Iran to other countries.
D) The worm probably only took a month to build.
E) The worm specifically targeted nuclear facilities.

A) whitelisting, blacklisting
B) whitelisting, encryption
C) encryption, whitelisting
D) encryption, blacklisting
E) blacklisting, whitelisting

A) It is easy to get into the Facebook code itself.
B) People trust messages from their Facebook friends.
C) Social networks aren't closely regulated in corporate network defense systems.
D) Many social network users aren't technology savvy and wouldn't realize their computer is under the control of outsiders.
E) There is a black market for Facebook usernames and passwords.

A) IloveIT
B) 08141990
C) 9AmGt/*
D) Rainer
E) InformationSecurity