MIS Chapter 8, MIS Chapter 8, ISYS 209 Chp 8, MIS ch 8, is ch 8 quiz?

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Acceptable Use Policy

-Defines acceptable use of the firm's information resources and computing equipment as well as the consequences for noncompliance -Should clarify company policy regarding privacy, user responsibility, and personal use of company equipment and networks

security policy

-Outlines how the company is going to protect its assets. -Consists of statements ranking information risks, identifying acceptable security goals, and identifying the mechanisms for achieving those goals.

authentication

-The ability of each party in a transaction to ascertain the identity of the other party -Often established using passwords, but this can be problematic as users often forget them, share them, or create weak passwords that are easy to guess

What can a firewall identify?

A firewall can identify names, IP addresses, applications, and other characteristics of incoming traffic.

What is Secure Hypertext Transfer Protocol?

A protocol for encrypting data transferred over the Internet. This is limited to individual messages, whereas SSL and TLS are designed to establish a secure connection between two computers.

What does a risk assessment determine?

A risk assessment determines the potential frequency of the occurrence of a problem and the potential damage if the problem were to occur. It is used to determine the cost/benefit of a control.

What is a security policy?

A security policy consists of statements ranking information risks, identifying acceptable security goals, and identifying the mechanisms for achieving these goals.

Which of the following best describes a security policy?

A security policy consists of statements ranking information risks, identifying acceptable security goals, and identifying the mechanisms for achieving these goals.

trojan horse

A software program that appears legitimate but contains a second hidden function that may cause damage.

viruis

A software program that attaches itself to other software programs or data files in order to be executed, often causing hardware and software malfunctions

What is a worm?

A worm is a variation of a virus that is targeted at networks; it is designed to spread by itself without the need for an infected host file to be shared.

defines acceptable uses of the firm's information resources and computing equipment, including desktop and laptop computers, wireless devices, telephones, and the Internet, and specifies consequences for noncompliance.

An acceptable use policy (AUP)

hacker

An individual who intends to gain unauthorized access to a computer system

cyberwar

An organized attempt by a country's military to disrupt or destroy the information and communications systems of another country

Information systems controls are both manual and automated and consist of general and application controls. Which of the following best describes application controls?

Application controls include both automated and manual procedures that ensure that only authorized data are completely and accurately processed.

___________________ is the ability to determine that a person is who he or she claims to be through a variety of means

Authentication

Symphoniz, Inc., a software company, has installed a new device at the company's entrance. This device replaces the smart cards that provided access to the company's premises. This device requires every employee to place their palm on a scanner-like device. Once an individual's palm is scanned, the fingerprints are compared with the ones stored in the database. If they match, the individual would be granted access. If not, the individual would be required to report to the security office to complete entry formalities. Which of the following processes is being illustrated in this scenario?

Biometric authentication

_____ focuses on how the company can restore business operations after a disaster strikes.

Business continuity planning

This can be destructive to a company when at risk for people or programs deliberately moving through ads, thus driving up advertising costs for a company:

Click fraud; Google and other companies charge for every click on an advertisement.

Which of the following scenarios illustrates denial of service (DOS), a type of security loss?

Computer worms infiltrating a network with so much artificial traffic that legitimate traffic cannot get through

Which of the following examines data files and sorts out low-priority online material while assigning higher priority to business-critical

Deep packet inspection

Which of the following examines data files and sorts out low-priority online material while assigning higher priority to business-critical files

Deep packet inspection

Which of the following is NOT a security threat posed by the use of the iPhone, iPad,

Dictating what kind of data an app can access inside its sandbox domain

Which of the following is NOT a security threat posed by the use of the iPhone, iPad, and other mobile computing devices in the workplace?

Dictating what kind of data an app can access inside its sandbox domain

Which of the following is the process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the intended receiver?

Encryption

Which of the following is a critical security function of senior management in an organization

Establishing the security policy and managing risk

Information systems controls are both manual and automated and consist of general and application controls. Which of the following best describes GENERAL controls?

General controls govern the design, security, and use of computer programs and the security of data files in general throughout the organization's information technology infrastructure.

Which act requires financial institutions to ensure the security and confidentiality of customer data

Gramm-Leach-Billey Act

Which act requires financial institutions to ensure the security and confidentiality of customer data and mandates that data must be stored on a secure medium and protected during storage and transmittal?

Gramm-Leach-Billey Act

__________________ requires that your patient records be protected and saved for six years

HIPAA

What outlines medical security and privacy rules and procedures for simplifying the administration of health care billing and automating the transfer of health care data?

HIPAA Act; this act requires health care industry to retain patient information for 6 years to ensure confidentiality of those records.

Which of the following best describes HIPAA?

HIPAA outlines medical security and privacy rules and procedures for simplifying the administration of health care billing and automating the transfer of health care data between health care providers, payers, and plans.

Which of the following statements about information systems security vulnerability is true?

Hackers can unleash denial-of-service (DoS) attacks or penetrate corporate networks, causing serious system disruptions.

The ________ virus, a rather nice sounding virus, was one of the most

ILOVEYOU

The ________ virus, a rather nice sounding virus, was one of the most famous malwares that was detected in 2000.

ILOVEYOU

What does identity management consist of?

Identity management consists of business processes and software tools for identifying the valid users of a system and controlling their access to system resources.

worm

Independent software programs that propagate themselves to disrupt the operation of computer networks or destroy data and other programs

What is a system that checks data entering a system for accuracy and completeness, such as when a clerk confirms a telephone number for a new customer?

Input controls check data for accuracy and completeness when they enter the system.

What are the three classifications for application controls?

Input controls, processing controls, and output controls. They ensure that only authorized data are completely and accurately processed by the application.

Which of the following best describes a firewall?

It is a combination of hardware and software that controls the flow of incoming and outgoing network traffic.

Which of the following statements about the business value of security and control is true?

Lack of sound security and control can cause firms relying on computer systems for their core business functions to lose sales and productivity.

Where are there opportunities for an SQL injection attack?

Large web applications have hundreds of places for inputting user data, each of which creates an opportunity for an SQL injection attack.

_________________ is a general security term that includes computer viruses, worms, and Trojan horses

Malware

Which of the following scenarios illustrates a drive-by download?

Milly copies a file from the Internet to her PC, and, in the process, her PC gets infected by malware.

click fraud

Occurs when an individual or computer program fraudulently clicks on an online ad without any intention of learning more about the advertiser or making a purchase

How does pharming work?

Pharming perpetrators gain access to the internet address information ISP's store to speed up web browsing and flawed software on their servers can allow the fraudsters to hack in and change those addresses.

Jamie uses a form of encryption technique that requires him to have two keys. He shares one key with the senders of the message, so that they can use it to encrypt the message. He uses his private key to decrypt the received message. Which of the following encryption methods is being exemplified in this scenario?

Public key encryption

_______________ is an increasing problem where hackers lock parts of your computer and then demand money to unlock

Ransomware

_______________ is an increasing problem where hackers lock parts of your computer and then demand money to unlock the system.

Ransomware

Which of the following best describes risk assessment?

Risk assessment determines the potential frequency of the occurrence of a problem and the potential damage if the problem were to occur. It is used to determine the cost/benefit of a control.

A particular malware threat looks for weaknesses in poorly coded Web application software that get exposed when the Web application fails to filter the data entered by a user on a Web page. This results in malicious program code entering into the company's systems and networks. Which of the following best refers to this malware threat?

SQL injection attack

What are SQL injection attacks?

SQL injection attacks take advantage of vulnerabilities in poorly coded Web app software to introduce malicious program code into a company's systems and networks.

What does the acceptable use policy, AUP, do?

The AUP defines acceptable uses of the firm's info resources and computing equipment, including desktop and laptop computers, wireless devices, telephones, and the internet, and specifies consequences for noncompliance.

What mandates that financial services firms ensure security and confidentiality of consumer data?

The Gramm-Leach-Biley Act regulates the financial services industry and is also known as the Financial Services Modernization Act of 1999.

Which of the following best describes the Gramm-Leach-Bliley Act?

The Gramm-Leach-Bliley Act requires financial institutions to ensure the security and confidentiality of customer data. Data must be stored on a secure medium, and special security measures must be enforced to protect such data on storage media and during transmittal.

imposes responsibility on companies and their management to protect investors by safeguarding the accuracy and integrity of financial information that is used internally and released externally.

The Sarbanes-Oxley Act

What does a security policy consist of?

The security policy consists of statements ranking info risks, identifying acceptable security goals, and identifying the mechanisms for achieving these goals.

Which of the following is NOT addressed by a business continuity plan?

The technical issues involved in keeping systems up and running

cyberterrorism

The use of computer and networking technologies against persons or property to intimidate or coerce governments, civilians, or any segment of society in order to attain political, religious, or ideological goals.

A __________ is a program that seems like a normal program, but does something completely unexpected

Trojan horse

An individual posing as an online gamer accesses information stored in an unsuspecting user's computer by placing a program in his hard disk that appears to be legitimate. The system functions normally with the program performing underlying functions. The malware used by the individual is referred to as a(n)

Trojan horse

What type of malware is this: "An individual posing as an online gamer accesses info stored in an unsuspecting user's computer by placing a program in the hard disk that appears to be legitimate"

Trojan horse; the system functions normally with the program performing underlying functions. They appear to be legit, but carry a destructive payload and give the creator unauthorized access.

What are firewalls?

Using a combination of hardware and software, firewalls are able to control incoming and outgoing data on a network. They can be on individual computers or on networks.

smart cards

a device about the size of a credit card that contains a chip formatted with access permission and other data

token

a physical device, usually small enough to fit on a key ring, designed to prove the identity of a single user

Electronic evidence on computer storage media that is not visible to the average user is called ____________

ambient data

computer crime

any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution

biometric authentication

based on the measurement of a physical or behavioral trait that makes each individual unique

Gaining access to a safety deposit box using iris scanning is an example of ___________________ authentication

biometric

Although it may seem innocent enough, _________is a serious problem for companies that are involved with pay-per-click

click fraud

Although it may seem innocent enough, _________is a serious problem for companies that are involved with pay-per-click advertising.

click fraud

Someone hacking into your facebook

cybervandalism

Someone hacking into your facebook account to add terrible photos and messages is taking part in ____________.

cybervandalism

Sarbanes-Oxley Act of 2002

imposes responsibility on companies and their management to safeguard the accuracy and integrity of financial information that is used internally and released externally

A __________ is a type of spyware that records keystrokes to steal sensitive

keylogger

A __________ is a type of spyware that records keystrokes to steal sensitive information such as social security numbers.

keylogger

malware

malicious software programs

Health Insurance Portability and Accountability Act (HIPAA) of 1996

outlines medical security and privacy rules and procedures

If you receive an email asking for your social security number in return for a million

phishing

If you receive an email asking for your social security number in return for a million dollars, this is an example of _____________.

phishing

Computer criminals use denial-of-service attacks on information systems to

prevent legitimate users from using the system's resources

Gramm-Leach-Bliley Act of 1999

requires financial institutions to ensure the security and confidentiality of customer data

Establishing a risk level of malware threats to an organization

risk assessment

Establishing a risk level of malware threats to an organization is an example of _____________.

risk assessment

tricking employees to reveal their password by pretending to be a legitimate member of a company

social engineering

refers to software that covertly gathers information about a user through an Internet connection without the user's knowledge.

spyware

three alternative authentication technologies

token, smart cards, and biometric authentication

types of malware

virus, worm, trojan horse

Which of the following is an opportunity for threats to gain access to assets

vulnerability

A _____________ is a unique type of malware that replicates itself from one computer to another

worm


Kaugnay na mga set ng pag-aaral

POL 235 lessons learned Module 1

View Set

Cisco Intro to Networking Final Review (ICND1)

View Set

RN Physiological and Psychological Responses to Stress Assessment

View Set

US History Unit three Study Guide

View Set

Quiz -- Chapter 15 - Business 101

View Set

Davis Ch. 8: Fluid & Fluid Imbalances

View Set