MIS 213 Ch. 4
False
A VPN is a network within the organization (T/F)
Patent
A _____ is a document that grants the holder exclusive rights on an invention for 20 years.
Threat
A _____ is any danger to which an information resource may be exposed
Phishing
A ______ attack uses deception to fraudulently acquire sensitive personal information by masquerading as an official e-mail
Trade Secret
A _______ is intellectual work that is known only to a company and is not based on public information
Authentication and Authorization
Access Controls Include
Authentication, Authorization
Access controls involve ____ before ____.
Vulnerability
An information system's _______ is the possibility that the system will be harmed by a threat.
Trojan Horse Back Door Logic Bomb
Attacks by a Programmer Developing a System include
Something the user is
Biometrics are an example of:
Disaster Recovery Plan Hot Site Cold Site
Business Continuity Planning includes
Firewalls Anti-malware Systems Whitelisting and Blacklisting Encryption Virtual Private Networking Secure Socket Layer Employee Monitoring Systems
Communication Controls Include
False
Dumpster diving is always illegal because it involves trespassing on private property (T/F)
human resources, management information systems
Employees in which functional areas of the organization pose particularly grave threats to information security?
True
Firewalls do not filter messages the same way as anti-malware systems do
False
Having one backup of your business data is sufficient for security purposes (T/F)
True
Human errors cause more than half of the security-related problems in many organizations (T/F)
True
IT security is the responsibility of everyone in the organization (T/F)
risk mitigation
In _____, the organization takes concrete actions against risks
distributed denial of service attack
In a _____ attack, a coordinated stream of requests is launched against a target system from many compromised computers at the same time.
whitelisting, blacklisting
In a process called _____, a company allows nothing to run unless it is approved, whereas in a process called ____, the company allows everything to run unless it is not approved.
Employee negligence
In its study of various organizations, the Ponemon Institute found that the most common cause of data breaches was:
cookies
In most cases, _____ track your path through Web sites and are therefore invasions of your privacy
Authentication
Organizations use _____ to establish privileges to systems operations
True
Organizations utilize layers of controls because they face so many diverse threats to information security (T/F)
Something the user knows
Passwords and passphrases are examples of:
unauthorized individuals from gaining access to a company's facilities
Physical Controls prevent
True
Public-key encryption uses two different keys, one public and one private. (T/F)
Denial of Service Attack Distributed Denial of Service Attack
Remote software attacks requiring no user action
Virus, Worm, Phishing attack
Remote software attacks requiring user action
False
Risk analysis involves determining whether security programs are working (T/F)
Authorization
Something the user is, does, has or knows
True
The computing skills necessary to be a hacker are decreasing (T/F)
True
The higher the level of an employee in organization, the greater the threat that he or she poses to the organization. (T/F)
Janitors and Guards
The most overlooked people in information security are:
Alien Software
The term _____ refers to clandestine software that is installed on your PC through duplicitous channels but is not particularly malicious.
Adware, Spyware, Spamware, Cookies
Types of alien software include
Dumpster Diving
Typically committed for the purpose of identity theft
1. Human Errors 2. Social Engineering
Unintentional threats to information systems include
Something the user does
Voice recognition is an example of:
Risk Risk Analysis Risk Mitigation
What Organizations Are Doing to Protect Information Resources
keyloggers, screen scrapers
When companies attempt to counter ____ by requiring users to accurately select characters in turn from a series of boxes, attackers respond by using ______.
limited storage capacity on portable devices
Which of the following factors is not increasing the threats to information security?
Spamware
Which of the following is(are) designed to use your computer as a launch pad for sending unsolicited e-mail to other computers?
Viruses
_____ are segments of computer code that attach to existing computer programs and perform malicious acts.
Access
_____ controls are concerned with user identification, and they restrict unauthorized individuals from using information resources.
trojan horses
______ are software programs that hide in other computer programs and reveal their designed behavior only when they are activated (T/F)
Risk Analysis
_______ is the process in which an organization assesses the value of each asset being protected, estimates the probability that it will be compromised, and compares the probable costs of an attack with the costs of protecting the asset.
Logic Bombs
________ are segments of computer code embedded within an organization's existing computer programs that activate and perform a destructive action at a certain time or date.
Social Engineering
________ involves building an inappropriate trust relationship with employees for the purpose of gaining sensitive information or unauthorized access privileges
Information Security
all of the processes and policies designed to protect an organization's information and information systems (IS) from unauthorized access, use, disclosure, disruption, modification, or destruction.
Threat
any danger to which a system may be exposed
Security
the degree of protection against criminal activity, danger, damage, and/or loss.
Exposure
the harm, loss, or damage that can result if a threat compromises an information resource.
Vulnerability
the possibility that the system will be harmed by a threat