CYSE 200T

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Discussion: According to the researchers, what percentage of criminal justice programs include cybercrime coursework in their curriculum?

20%

In the context of the NIST Framework, which best describes the "Framework Profile"?

Aligning business functions, categories & sub-categories with business requirements, risk tolerance and resources of the organization.

An organization should have an incident response team available for anyone that discovers or suspects an incident. A possible structure for such an incident response team includes:

All of the above

Stakeholder protection needs and security concerns associated with the system need to be properly identified and addressed primarily in the Cybersecurity department, not in the entire life cycle.

FALSE

The Predictability aspect contains that all stakeholders are required to know the technical details about how a system processes Pll.

FALSE

The minority (less than 30%) of people uses a storing method like paper, files, electronic devices, or a password manager.

FALSE

The most basic definition of Cyber Harassment entails the repeated pursuit of an individual using electronic or Internet-capable devices.

FALSE

The social stigma associated with membership in the white power movement forced the members to abandon the internet as a critical resource and mainly participate in secret meetings.

FALSE

The three usability characteristics that users want from passwords are that is hard to remember, each system should have an own password and it should rarely change.

FALSE

When an organization is considering to establish a Cyber Security program, the first step is to conduct a risk assessment.

FALSE

When asked how secure the most frequently used password less than 20% answered with "completely" or "very" secure.

FALSE

Which group has been identified as the top threat to public safety within the United States.

FAR RIGHT GROUPS

The very nature of cyber technology is that related crimes are usually limited to state or national borders.

False

Patterns for Cyber Offenders: Half the females in this study committed which type of cyber crime?

Fraud

What is an important requirement in order to achieve security objects?

Fully integrate systems security engineering into systems engineering and its specialties

Digital Forensics refers to investigations of cyber, computer, electronic, or other types of cybercrimes.

True

The notion of "Social Construction" refers to...

the possibility that certain crimes are socially constructed as illegal acts

Human ICT evolution may be visualised as a three-stage rocket: Prehistory, History and Hyperhistory

true

Several models of radicalization identify the importance of cognitive openings. Those who are exposed to radicalized messages during a personal crisis or a period with a ____________ are receptive to new world views, as key to initiating the radicalization process.

SENSE OF LODGING

____ involves using the same key to both encrypt and decrypt data.

SYMETRIC-KEY

Which of the following is not considered a source of threat against critical infrastructure?

Script kitties: younger individuals working as a hobby to disrupt the power grid

Which of the following best describes an Access Control List?

A list of users who have the ability to take specific actions.

In the context of cybersecurity, which best describes the use of a "framework"

A set of standards, guidelines and best practices

Which of the following best describes a software-based firewall?

A software firewall runs on the operating system and intercepts packets as they arrive to a computer

What is an important difference between traditional forms of stalking and Cyber Stalking?

ALL OF THE ABOVE

How much time do people spent on the generation of a password.

BETWEEN A FEW MINUTES AND A COUPLE DAYS

Which cipher involves putting the message into rows of a fixed size?

COLUMNAR TRANSPOSITION CIPHER

An organization should have an incident response team available for anyone that discovers or suspects an incident. A possible structure for such an incident response team includes:

Central incident response system

An event is any observable occurrence in a system or network, which include a user connecting to a file share or a server receiving a request for a web page.

True

Which state is the only one that doesn't have statutes specifically addressing Cyber Stalking and Cyber Harassment (CH/CS)?

NEBRASKA

One of its advantages of cyptography is that it can give us ____

NON-REPUDATION

What is NOT a role of security system engineering.

Provide everybody that has access to the systems with sufficient information how to ensure system security.

Which of the following activities is NOT part of the "identify" function in the cybersecurity frame work?

Provide your employees safe passwords

Select all possible ways how systems are modified.

REACT MODIFICATION TO FIELD SYSTEMS PLANNED UPGRADES TO FIELDED SYSTEMS WHILE PLANNED UPGRADES TO SYSTES

Which of the following are NOT part of the 5 core activities of the NIST Framework?

React - Understand how to change software when an event is detected

Which of the following are considered a trend for physical threats against critical infrastructure?

Social media and new technologies are increasing the potential for security events

Most researchers agree that the process of radicalization into extremist movements cannot be explained by any one factor. One of the most influential frameworks identifies twelve mechanisms affecting radicalization at the individual, group and mass levels.

TRUE

Only a small proportion of posters among the white supremacist community have sophisticated technological backgrounds. Instead, most users demonstrate a basic degree of technological proficiency.

TRUE

The current state of legislation makes it very difficult to prove a case of Cyber Harassment beyond a reasonable doubt.

TRUE

Common elements for defining crime include which of the following?

Whether or not the behavior is Illegal, Harmful or Deviant

Discussion: According to the researchers, which are possible reasons why criminal justice programs have not more fully embraced cybersecurity offerings.?

all of the above

Ethics was a matter of rational and disembodied autonomous subjects, rather than a matter of social beings. ICTs challenge the long held ethical assumptions by calling for notions of

distributed responsibility

The Onlife Manifesto aims to prevent further conversation on the way in which a hyperconnected world calls for rethinking the referential frameworks on which policies are built.

false

The increased focus and public dialogue on security issues is forcing the creation of less resilient IT infrastructure due to overloaded IT Staff.

false

What term is used to refer to the new experience of a hyperconnected reality within which it is no longer sensible to ask whether one may be online or offline?

one life

What factor does it depend on if an event had an impact?

All of the above are correct

Select all elements that are part of the privacy engineering objectives.

MANAGEABILITY Predictability DISASSOCIABILITY

The largest and most consequential physical event on infrastructure to date was on Pacific Gas & Electric's (PG&E) Metcalf Substation (500 kilovolts [kV]) in California when it was attacked in April 2013 by snipers. Which of the following measures did PG&E NOT take to mitigate such events in the future?

Increased night vision surveillance

How does a Target Profile aid in buying decisions for an organization?

It can be used to inform or contribute to a decision about buying a product or service, in terms of cyber security.

Which of the following apply to Password Security

all of the above.

The National Infrastructure Protection Plan (NIPP) 2013 mentions several approaches to managing risks. Ideally, individual decisions should be based on the importance of the affected infrastructure, the cost of the mitigation measure(s), and the expected amount of risk reduction resulting from implementing the measure(s). The groupings included in NIPP 2013 are:

1 identify, deter, detect, disrupt, and prepare for threats and hazards; 2) Reduce vulnerabilities; 3) Mitigate consequences

Place the following steps in proper order when considering establishing a cybersecurity program.

1.Prioritize and Scope 2.Orient 3.Create a CURRENT profile 4.Conduct a Risk Assessment 5.Create a TARGET profile 6.Determine, analyze and prioritize gaps 7.Implement the Action Plan

Which of the following best describes the function of a firewall?

A firewall protects all company servers and computers by stopping packets from outside the organizations network that do not meet a strict set of criteria.

___________ is a weakness that could be used to harm the business.

A vulnerability

Which of the following is NOT considered an appropriate use of Framework Profiles.

ALL OF THE ABOVE

Select all acts and behavior that Cyber Harassment via email, instant messages or other means typically involves.

ALL THE ABOVE

Select all elements of the multidisciplinary approach that protecting privacy requires:

ALL THE ABOVE

When Chief Security Officers were asked "What should be the most important advances in security in the coming few years", which of these were their answers concerning securing end-to-end communication?

ALL THE ABOVE

Which of the following is not considered an action to take when considering software design?

Address the quality of people testing your software.

Label theory is concerned with which of the following?

All of the above

Something that might adversely affect the information your business needs to run is called a threat. The most common threats include:

All of the above

Which of the following are true regarding the 2015 Ukraine Cybersecurity Event?

All of the above are true

Which of the following are not capabilities assigned to users in an Access Control System?

Assign

According to the authors, an IT multi-functional response team requires collaboration with which other areas of the company?

Communications, legal, senior decision-makers and other relevant business experts

System security is the application of engineering and management principles, concepts, criteria and techniques to optimize security within the ____________ of operational effectiveness, time and cost throughout all _________________________________. Fill in the blanks.

Constraints; stages of the system life cycle

Which best describes a BYOD (Bring Your Own Device) Plan?

Creating a BYOD policy allows employees to integrate themselves more fully into their job and can bring higher employees satisfaction and productivity.

Select all issues that need to be considered when outsourcing the incident response team.

Current and future quality of work Division of responsibilities Sensitive Information revealed to the contractor Lack of organization -specific knowledge

An incident in which a cyber attack is used as a vector to achieve effects that are beyond the computer (i.e., kinetic or other effects) is a definition of which type of threat?

Cyber attack against critical infrastructure

What is the main purpose of the problem context in the systems security engineering framework?

Enables engineering teams to focus attention on acquiring as complete an understanding of the stakeholders problem as practical.

70% of the respondents in a survey about their attitude towards password requirements indicated that they prefer passwords to stay valid for less than 30 days to insure safety.

FALSE

After applying engineering analysis and design principles to deliver a system with the capability to satisfy stakeholder requirements, system engineers are responsible for the utilization, support and retirement as well.

FALSE

Cryptography uses digital certificates. They form a trusted link between the actual person or organization, their public key, and their digital signature. Two ways to form this trusted link is with certificate authorities and root certificates.

FALSE

More than 45% of the DOC employees have to manage more than 15 accounts at work.

FALSE

Risk can be managed and consequently companies are able to eliminate it.

FALSE

Since privacy and security are closely related, it is often beneficial to share leadership resources between these two disciplines.

FALSE

The ultimate objective of systems security engineering is to achieve absolut assurance that the system is adequately secure relative to all stakesholder´s obejctives. This implies that a system can be declared secure by observation.

FALSE

Which is NOT part of the The Four tiers of the NIST Framework Maturity Model?

FULL

Catastrophe bonds (commonly called "cat bonds") are...

Financial instruments designed to help manage the financial risks associated with potentially devastating natural disasters, such as hurricanes, earthquakes, floods, and typhoons

Incidents should not be handled on a first-come first serve basis but instead be prioritized based on relevant factors. Select all factors that influence the decision which incident to address first.

Functional impact of the incident Information impact of the incident Recoverability from the incident

are used to either encrypt or decrypt data, and in some situations they can act in a similar way to passwords.

KEYS

What does NOT represent a problem that can arise from processing Pll?

LOSS OF PRIVACY

The Recover Function helps an organization resume normal operations after an event. Select all activities that can be part of the recover function.

Make full backups of important business data and information. Make incremental backups. Consider cyber insurance. Make improvements to processes, procedures and technologies.

Which of the following are not identified as one of the key trends are impacting the grid and its components, assets, and systems?

Moore's law that the number of transistors on a chip doubles every year whole the costs are halved

Select the three contexts within which the activities are conducted, according to the systems security engineering framework.

PROBLEM SOLLUTION TRUSWORTHINESS

Which of the following is not considered to be a vulnerability to critical assets?

Power sub-stations

A major component of cyber security is encryption, which means any threat to this concept is a cross-system vulnerability of the greatest magnitude.

TRUE

Alarmingly employees seem to have a false perception of security around their work-related accounts. Around 35% perceive no major consequences if their passwords were compromised.

TRUE

Another key issue is that confidentiality, authenticity, integrity and non-repudiation all rely on the presumption that a private key has not been compromised.

TRUE

Cryptography is the art, science, practice and study of securing communications.

TRUE

If data has been signed by a private key, it can be verified by checking it with the public key.

TRUE

In a general sense, non-repudiation refers to whether an individual can dispute that they are the responsible party.

TRUE

In a survey the majority of participants (93.5%) indicated that their bureau has offered training on cybersecurity. Group of answer choicesTrue

TRUE

Privacy risk models can be used to factor the extent to which systems and processes are vulnerable to problematic data actions as well as the likelihood and its impact.

TRUE

The Disassociability element of the privacy preserving system requires that an individual´s identity or associated activities are actively protected or "blinded" from exposure.

TRUE

The current profile reflects an organization's current state of cyber security, while the target profile describes what the organization wants to become in terms of cyber security.

TRUE

The diary study conducted by Steves et al. in 2013 indicates that a user performs logins 23 times in a typical workday.

TRUE

Usability can be defined as the extend to which a product can be used by specific users to achieve specified goals with effectiveness, efficiency and satisfaction in a specified context of use.

TRUE

When conducting a Risk Assessment, an organization should start with the current risk management activities.

TRUE

n the United States, insurance is one of the principal risk management instruments, not only for aiding in recovery after a disaster but also for encouraging future investments that are more resilient to potential hazards.

TRUE

According to the researchers, a significant amount of crime is tied to...

Technology

Risk is a measure of the extent to which an entity is threatened by a potential circumstance or event. Select the two elements of the function, risk is typically comprised of:

The adverse impacts that would arise if the circumstance or event occurs. The likelihood of occurrence

Which of the following is a key issue that helped NIST in the development of privacy engineering objectives and a risk model?

The need for more development tools that measure the effectiveness of privacy practices.

Which of the following are NOT a suggested action to take when considering a BYOD program?

The need for simpler login procedures

Who defines the scope of security in terms of the assets to which security applies and the consequences against which security is assessed?

The stakeholders

Common methods of attacks include attrition, web, email, impersonation and improper usage

True

Events with a negative consequence, such as system crashes, packet floods, unauthorized use of system privileges, unauthorized access to sensitive data, and execution of malware that destroys data, are called adverse events.

True

Likelihood is the chance that a threat will affect your business and helps determine what types of protections to put in place.

True

The incident response team can use the staffing models of performing all of its inciedent response work, partially outsourcing or fully outsourcing.

True

When selecting appropriate structure and staffing models for an incident response team, organizations should consider the need for 24/7 availability, full-time versus part-time members and the employee morale.

True

Which, according the the authors, best describes two-factor authentication.

When you log into your account from a unfamiliar computer for the first time, it sends you a text message with a code that you must enter to confirm you are really you.

When Chief Security Officers were asked "What should be the most important advances in security in the coming few years", which of these were their answers concerning Smarter Systems?

both the above

In organizations today, the role of CIO is increasingly filled by someone with an engineering background, to make sure that it is run as a part of Technology and not as a semi-separate entity.

false

Which of the following best describes a Hardware-based Firewall?

hardware firewall is a device that us connected to the network and filters packets based on as et of rules.

All of the following are true for public key cryptography except for:

it represents a systematic encryption.

What are the two categories that signs of an incident fall into?

precursors and indicators

Authentication can be accomplished by identifying someone through one or more of three factors. These factors are...

something they know, something they have, or something they are

The Neutralization theory suggests...

that individuals, while knowing right from wrong, rationalize of neutralized their behavior in or to give themselves the justification to commit a crime.

ICTs have a huge ethical, legal, and political significance.

true

If done right, security-by-design is not a burden, and should not be considered optional.

true

The incident response plan must contain details on when and how to communicate to the public about security incidents.

true

The main issue with BYOD is that most backend systems are not designed with this kind of flexibility in mind and the change from the perimeter model to a new cross-layer model of security is quite radical.

true

Although not everyone within an incident response team needs to have strong _____ and _____ skills, at least a few people within every team should possess them so the team can represent itself well in front of others.

writing and speaking


Ensembles d'études connexes

Sensation and Perception (Chapter 4)

View Set

PNE 106 Ch. 11 Schizophrenia PrepU

View Set

Peer Tutor Practice exam questions

View Set

Information Privacy Law - Privacy and Law Enforcement

View Set

HST201 American History 1 Test #3

View Set

Chapter 10 Revenue Cycle: Cash and Financial Investments

View Set