CYSE 200T
Discussion: According to the researchers, what percentage of criminal justice programs include cybercrime coursework in their curriculum?
20%
In the context of the NIST Framework, which best describes the "Framework Profile"?
Aligning business functions, categories & sub-categories with business requirements, risk tolerance and resources of the organization.
An organization should have an incident response team available for anyone that discovers or suspects an incident. A possible structure for such an incident response team includes:
All of the above
Stakeholder protection needs and security concerns associated with the system need to be properly identified and addressed primarily in the Cybersecurity department, not in the entire life cycle.
FALSE
The Predictability aspect contains that all stakeholders are required to know the technical details about how a system processes Pll.
FALSE
The minority (less than 30%) of people uses a storing method like paper, files, electronic devices, or a password manager.
FALSE
The most basic definition of Cyber Harassment entails the repeated pursuit of an individual using electronic or Internet-capable devices.
FALSE
The social stigma associated with membership in the white power movement forced the members to abandon the internet as a critical resource and mainly participate in secret meetings.
FALSE
The three usability characteristics that users want from passwords are that is hard to remember, each system should have an own password and it should rarely change.
FALSE
When an organization is considering to establish a Cyber Security program, the first step is to conduct a risk assessment.
FALSE
When asked how secure the most frequently used password less than 20% answered with "completely" or "very" secure.
FALSE
Which group has been identified as the top threat to public safety within the United States.
FAR RIGHT GROUPS
The very nature of cyber technology is that related crimes are usually limited to state or national borders.
False
Patterns for Cyber Offenders: Half the females in this study committed which type of cyber crime?
Fraud
What is an important requirement in order to achieve security objects?
Fully integrate systems security engineering into systems engineering and its specialties
Digital Forensics refers to investigations of cyber, computer, electronic, or other types of cybercrimes.
True
The notion of "Social Construction" refers to...
the possibility that certain crimes are socially constructed as illegal acts
Human ICT evolution may be visualised as a three-stage rocket: Prehistory, History and Hyperhistory
true
Several models of radicalization identify the importance of cognitive openings. Those who are exposed to radicalized messages during a personal crisis or a period with a ____________ are receptive to new world views, as key to initiating the radicalization process.
SENSE OF LODGING
____ involves using the same key to both encrypt and decrypt data.
SYMETRIC-KEY
Which of the following is not considered a source of threat against critical infrastructure?
Script kitties: younger individuals working as a hobby to disrupt the power grid
Which of the following best describes an Access Control List?
A list of users who have the ability to take specific actions.
In the context of cybersecurity, which best describes the use of a "framework"
A set of standards, guidelines and best practices
Which of the following best describes a software-based firewall?
A software firewall runs on the operating system and intercepts packets as they arrive to a computer
What is an important difference between traditional forms of stalking and Cyber Stalking?
ALL OF THE ABOVE
How much time do people spent on the generation of a password.
BETWEEN A FEW MINUTES AND A COUPLE DAYS
Which cipher involves putting the message into rows of a fixed size?
COLUMNAR TRANSPOSITION CIPHER
An organization should have an incident response team available for anyone that discovers or suspects an incident. A possible structure for such an incident response team includes:
Central incident response system
An event is any observable occurrence in a system or network, which include a user connecting to a file share or a server receiving a request for a web page.
True
Which state is the only one that doesn't have statutes specifically addressing Cyber Stalking and Cyber Harassment (CH/CS)?
NEBRASKA
One of its advantages of cyptography is that it can give us ____
NON-REPUDATION
What is NOT a role of security system engineering.
Provide everybody that has access to the systems with sufficient information how to ensure system security.
Which of the following activities is NOT part of the "identify" function in the cybersecurity frame work?
Provide your employees safe passwords
Select all possible ways how systems are modified.
REACT MODIFICATION TO FIELD SYSTEMS PLANNED UPGRADES TO FIELDED SYSTEMS WHILE PLANNED UPGRADES TO SYSTES
Which of the following are NOT part of the 5 core activities of the NIST Framework?
React - Understand how to change software when an event is detected
Which of the following are considered a trend for physical threats against critical infrastructure?
Social media and new technologies are increasing the potential for security events
Most researchers agree that the process of radicalization into extremist movements cannot be explained by any one factor. One of the most influential frameworks identifies twelve mechanisms affecting radicalization at the individual, group and mass levels.
TRUE
Only a small proportion of posters among the white supremacist community have sophisticated technological backgrounds. Instead, most users demonstrate a basic degree of technological proficiency.
TRUE
The current state of legislation makes it very difficult to prove a case of Cyber Harassment beyond a reasonable doubt.
TRUE
Common elements for defining crime include which of the following?
Whether or not the behavior is Illegal, Harmful or Deviant
Discussion: According to the researchers, which are possible reasons why criminal justice programs have not more fully embraced cybersecurity offerings.?
all of the above
Ethics was a matter of rational and disembodied autonomous subjects, rather than a matter of social beings. ICTs challenge the long held ethical assumptions by calling for notions of
distributed responsibility
The Onlife Manifesto aims to prevent further conversation on the way in which a hyperconnected world calls for rethinking the referential frameworks on which policies are built.
false
The increased focus and public dialogue on security issues is forcing the creation of less resilient IT infrastructure due to overloaded IT Staff.
false
What term is used to refer to the new experience of a hyperconnected reality within which it is no longer sensible to ask whether one may be online or offline?
one life
What factor does it depend on if an event had an impact?
All of the above are correct
Select all elements that are part of the privacy engineering objectives.
MANAGEABILITY Predictability DISASSOCIABILITY
The largest and most consequential physical event on infrastructure to date was on Pacific Gas & Electric's (PG&E) Metcalf Substation (500 kilovolts [kV]) in California when it was attacked in April 2013 by snipers. Which of the following measures did PG&E NOT take to mitigate such events in the future?
Increased night vision surveillance
How does a Target Profile aid in buying decisions for an organization?
It can be used to inform or contribute to a decision about buying a product or service, in terms of cyber security.
Which of the following apply to Password Security
all of the above.
The National Infrastructure Protection Plan (NIPP) 2013 mentions several approaches to managing risks. Ideally, individual decisions should be based on the importance of the affected infrastructure, the cost of the mitigation measure(s), and the expected amount of risk reduction resulting from implementing the measure(s). The groupings included in NIPP 2013 are:
1 identify, deter, detect, disrupt, and prepare for threats and hazards; 2) Reduce vulnerabilities; 3) Mitigate consequences
Place the following steps in proper order when considering establishing a cybersecurity program.
1.Prioritize and Scope 2.Orient 3.Create a CURRENT profile 4.Conduct a Risk Assessment 5.Create a TARGET profile 6.Determine, analyze and prioritize gaps 7.Implement the Action Plan
Which of the following best describes the function of a firewall?
A firewall protects all company servers and computers by stopping packets from outside the organizations network that do not meet a strict set of criteria.
___________ is a weakness that could be used to harm the business.
A vulnerability
Which of the following is NOT considered an appropriate use of Framework Profiles.
ALL OF THE ABOVE
Select all acts and behavior that Cyber Harassment via email, instant messages or other means typically involves.
ALL THE ABOVE
Select all elements of the multidisciplinary approach that protecting privacy requires:
ALL THE ABOVE
When Chief Security Officers were asked "What should be the most important advances in security in the coming few years", which of these were their answers concerning securing end-to-end communication?
ALL THE ABOVE
Which of the following is not considered an action to take when considering software design?
Address the quality of people testing your software.
Label theory is concerned with which of the following?
All of the above
Something that might adversely affect the information your business needs to run is called a threat. The most common threats include:
All of the above
Which of the following are true regarding the 2015 Ukraine Cybersecurity Event?
All of the above are true
Which of the following are not capabilities assigned to users in an Access Control System?
Assign
According to the authors, an IT multi-functional response team requires collaboration with which other areas of the company?
Communications, legal, senior decision-makers and other relevant business experts
System security is the application of engineering and management principles, concepts, criteria and techniques to optimize security within the ____________ of operational effectiveness, time and cost throughout all _________________________________. Fill in the blanks.
Constraints; stages of the system life cycle
Which best describes a BYOD (Bring Your Own Device) Plan?
Creating a BYOD policy allows employees to integrate themselves more fully into their job and can bring higher employees satisfaction and productivity.
Select all issues that need to be considered when outsourcing the incident response team.
Current and future quality of work Division of responsibilities Sensitive Information revealed to the contractor Lack of organization -specific knowledge
An incident in which a cyber attack is used as a vector to achieve effects that are beyond the computer (i.e., kinetic or other effects) is a definition of which type of threat?
Cyber attack against critical infrastructure
What is the main purpose of the problem context in the systems security engineering framework?
Enables engineering teams to focus attention on acquiring as complete an understanding of the stakeholders problem as practical.
70% of the respondents in a survey about their attitude towards password requirements indicated that they prefer passwords to stay valid for less than 30 days to insure safety.
FALSE
After applying engineering analysis and design principles to deliver a system with the capability to satisfy stakeholder requirements, system engineers are responsible for the utilization, support and retirement as well.
FALSE
Cryptography uses digital certificates. They form a trusted link between the actual person or organization, their public key, and their digital signature. Two ways to form this trusted link is with certificate authorities and root certificates.
FALSE
More than 45% of the DOC employees have to manage more than 15 accounts at work.
FALSE
Risk can be managed and consequently companies are able to eliminate it.
FALSE
Since privacy and security are closely related, it is often beneficial to share leadership resources between these two disciplines.
FALSE
The ultimate objective of systems security engineering is to achieve absolut assurance that the system is adequately secure relative to all stakesholder´s obejctives. This implies that a system can be declared secure by observation.
FALSE
Which is NOT part of the The Four tiers of the NIST Framework Maturity Model?
FULL
Catastrophe bonds (commonly called "cat bonds") are...
Financial instruments designed to help manage the financial risks associated with potentially devastating natural disasters, such as hurricanes, earthquakes, floods, and typhoons
Incidents should not be handled on a first-come first serve basis but instead be prioritized based on relevant factors. Select all factors that influence the decision which incident to address first.
Functional impact of the incident Information impact of the incident Recoverability from the incident
are used to either encrypt or decrypt data, and in some situations they can act in a similar way to passwords.
KEYS
What does NOT represent a problem that can arise from processing Pll?
LOSS OF PRIVACY
The Recover Function helps an organization resume normal operations after an event. Select all activities that can be part of the recover function.
Make full backups of important business data and information. Make incremental backups. Consider cyber insurance. Make improvements to processes, procedures and technologies.
Which of the following are not identified as one of the key trends are impacting the grid and its components, assets, and systems?
Moore's law that the number of transistors on a chip doubles every year whole the costs are halved
Select the three contexts within which the activities are conducted, according to the systems security engineering framework.
PROBLEM SOLLUTION TRUSWORTHINESS
Which of the following is not considered to be a vulnerability to critical assets?
Power sub-stations
A major component of cyber security is encryption, which means any threat to this concept is a cross-system vulnerability of the greatest magnitude.
TRUE
Alarmingly employees seem to have a false perception of security around their work-related accounts. Around 35% perceive no major consequences if their passwords were compromised.
TRUE
Another key issue is that confidentiality, authenticity, integrity and non-repudiation all rely on the presumption that a private key has not been compromised.
TRUE
Cryptography is the art, science, practice and study of securing communications.
TRUE
If data has been signed by a private key, it can be verified by checking it with the public key.
TRUE
In a general sense, non-repudiation refers to whether an individual can dispute that they are the responsible party.
TRUE
In a survey the majority of participants (93.5%) indicated that their bureau has offered training on cybersecurity. Group of answer choicesTrue
TRUE
Privacy risk models can be used to factor the extent to which systems and processes are vulnerable to problematic data actions as well as the likelihood and its impact.
TRUE
The Disassociability element of the privacy preserving system requires that an individual´s identity or associated activities are actively protected or "blinded" from exposure.
TRUE
The current profile reflects an organization's current state of cyber security, while the target profile describes what the organization wants to become in terms of cyber security.
TRUE
The diary study conducted by Steves et al. in 2013 indicates that a user performs logins 23 times in a typical workday.
TRUE
Usability can be defined as the extend to which a product can be used by specific users to achieve specified goals with effectiveness, efficiency and satisfaction in a specified context of use.
TRUE
When conducting a Risk Assessment, an organization should start with the current risk management activities.
TRUE
n the United States, insurance is one of the principal risk management instruments, not only for aiding in recovery after a disaster but also for encouraging future investments that are more resilient to potential hazards.
TRUE
According to the researchers, a significant amount of crime is tied to...
Technology
Risk is a measure of the extent to which an entity is threatened by a potential circumstance or event. Select the two elements of the function, risk is typically comprised of:
The adverse impacts that would arise if the circumstance or event occurs. The likelihood of occurrence
Which of the following is a key issue that helped NIST in the development of privacy engineering objectives and a risk model?
The need for more development tools that measure the effectiveness of privacy practices.
Which of the following are NOT a suggested action to take when considering a BYOD program?
The need for simpler login procedures
Who defines the scope of security in terms of the assets to which security applies and the consequences against which security is assessed?
The stakeholders
Common methods of attacks include attrition, web, email, impersonation and improper usage
True
Events with a negative consequence, such as system crashes, packet floods, unauthorized use of system privileges, unauthorized access to sensitive data, and execution of malware that destroys data, are called adverse events.
True
Likelihood is the chance that a threat will affect your business and helps determine what types of protections to put in place.
True
The incident response team can use the staffing models of performing all of its inciedent response work, partially outsourcing or fully outsourcing.
True
When selecting appropriate structure and staffing models for an incident response team, organizations should consider the need for 24/7 availability, full-time versus part-time members and the employee morale.
True
Which, according the the authors, best describes two-factor authentication.
When you log into your account from a unfamiliar computer for the first time, it sends you a text message with a code that you must enter to confirm you are really you.
When Chief Security Officers were asked "What should be the most important advances in security in the coming few years", which of these were their answers concerning Smarter Systems?
both the above
In organizations today, the role of CIO is increasingly filled by someone with an engineering background, to make sure that it is run as a part of Technology and not as a semi-separate entity.
false
Which of the following best describes a Hardware-based Firewall?
hardware firewall is a device that us connected to the network and filters packets based on as et of rules.
All of the following are true for public key cryptography except for:
it represents a systematic encryption.
What are the two categories that signs of an incident fall into?
precursors and indicators
Authentication can be accomplished by identifying someone through one or more of three factors. These factors are...
something they know, something they have, or something they are
The Neutralization theory suggests...
that individuals, while knowing right from wrong, rationalize of neutralized their behavior in or to give themselves the justification to commit a crime.
ICTs have a huge ethical, legal, and political significance.
true
If done right, security-by-design is not a burden, and should not be considered optional.
true
The incident response plan must contain details on when and how to communicate to the public about security incidents.
true
The main issue with BYOD is that most backend systems are not designed with this kind of flexibility in mind and the change from the perimeter model to a new cross-layer model of security is quite radical.
true
Although not everyone within an incident response team needs to have strong _____ and _____ skills, at least a few people within every team should possess them so the team can represent itself well in front of others.
writing and speaking
