InfoSec Review 1&2
true
. True or False: Cyberterrorism has thus far been largely limited to acts such as the defacement of NATO Web pages during the war in Kosovo.
methodology
A formal approach to solving a problem based on a structured sequence of procedures is called a(n) _____.
champion
A senior executive who promotes an information security project and ensures its support, both financially and administratively, at the highest levels of the organization is called a(n) _____.
vulnerability
A(n) attack is an act that exploits a(n) ______.
man-in-the-middle
Another name for TCP hijacking is _____.
Management and Technology
Information security has more to do with _____ than with _____
possession
Ownership or control of information is called the characteristic of _____
confidentiality
The characteristic of information that deals with preventing disclosure is
false; computer virus
True or False: A computer worm consists of segments of code that perform malicious actions.
true
True or False: If information has a state of being genuine or original and is not a fabrication, it has the characteristic of authenticity.
true
True or False: Information security programs that begin at a grassroots level by system administrators to improve security are often called a bottom-up approach.
true
True or False: Many organizations find that their most valuable asset is their data.
True
True or False: Personal security addresses the issues needed to protect items, objects, or areas.
true
True or False: The person responsible for the storage, maintenance, and protection of the information is the data custodian.
true
True or False: Warnings of attacks that are not valid are usually called hoaxes.
false; cracking
True or False: When a program tries to reverse-calculate passwords, this is known as a brute force spoof.
False; Art and Science
True or False: With the level of complexity in today's information systems, the implementation of information security has often been described as a combination of art and technology
spam
Unsolicited commercial e-mail is also called _____.
back door
Using a known or previously installed access mechanism is called using a _____.
organizational management and professionals
What are the three most commonly encountered communities of interest that have roles and responsibilities in information security
dictionary attack
When a program tries using all commonly used passwords, this is known as a(n) ______.
top-down
When projects are initiated at the highest levels of an organization and then pushed to all levels, they are said to follow a(n) ____ approach.
maintenance and change
Which SecSDLC phase keeps the security systems in a high state of readiness?
script kiddies
____ are hackers of limited skill who use expertly written software to attack a system
social science
____ examines the behavior of individuals as they interact with systems, whether societal systems or information systems.
cyberterrorists
____ hack systems to conduct terrorist activities via network or Internet pathways
pharming
____ is "the redirection of legitimate Web traffic to an illegitimate site for the purpose of obtaining private information."
information extortion
____ occurs when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it.
personal
____ security addresses the protection of individuals or groups authorized to access an organization.
communications
____ security encompasses the protection of an organization's communications media, technology, and content.
theft
______ is the illegal taking of another's property, which can be physical, electronic, or intellectual.
