Information Systems Security Midterm Review
List and describe the steps in the Risk Management Process.
1. Asset identification 2. Identify threats 3. Identify vulnerabilities 4. Assess risks 5. Determine countermeasures
Describe Advanced Persistent Threat.
Advanced Persistent Threat is an attacker who has sophisticated tools and expertise to perform different forms of attacks in order to gain access to a system and remain in the system undetected for as long as possible
What is an example of Personal Identifiable Information (PII)
Any data that can potentially be used to identify a particular person- social security number, driver's license number, bank account number
List at strategies for controlling risk.
Apply safeguards (Avoidance) Transfer the risk (Transference) Reduce impact (Mitigation) Understand consequences and accept risk (Acceptance)
What are the objectives of emergency actions taken at the beginning stage of a disaster? Preventing injuries, loss of life, and ...
Business Continuity and Disaster Recovery Planning
The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.
CISO (Chief Information Security Officer)
In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?
Chain of custody
What are the three components of the C.I.A. triad? What are they used for?
Confidentiality, Integrity, Availability
Describe defense in depth
Defense in depth is an information assurance concept where multiple layers of security controls are placed throughout an information technology system
__________ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the flood waters recede.
Disaster recovery (DR)
In a ____________________ attack, the attacker sends a large number of connection or information requests to disrupt a target from a small number of sources.
Distributed denial of service
Why are employees one of the greatest threats to information security?
Employee mistakes can to the revelation of classified data, entry of erroneous data, accidental deletion or modification of data, storage of data
True/False Digital evidence is not volatile.
F
True/False The Health Insurance Portability and Accountability Act of 1996 requires government agencies to identify sensitive systems, conduct computer security training, and develop computer security plans.
F
True/False: When electronic information is stolen, the crime is readily apparent.
F
True/False:A worm requires that another program is running before it can begin functioning.
F
A(n) ____________________ site is a fully configured computer facility with all services, communications links, and physical plant operations provided, including heating and air conditioning.
Hot
Describer insider threat.
Insider threat is when a member of an organization or an employee uses his or her access as a member of the organization to attack the specific organization
The _____________________ drastically changed security because information became accessible from external sources.
Internet
Why is the Energy Sector a uniquely critical infrastructure?
It is a uniquely critical infrastructure because it provides an "enabling function" across all critical infrastructure sectors
Why is "think like an adversary" an important security strategy?
It is important to "think like an adversary" to understand the technological capabilities, unconventional perspectives, and strategic reasoning of hackers. You need to know yourself and your enemy (attackers) to understand how they think and develop the same skills (or better) that they have in order to keep yourself, your organization, and nation safe
In the ____________________ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network.
Man-in-the middle
The redirection of legitimate user Web traffic to illegitimate Web sites with the intent to collect personal information is known as __________.
Pharming
What country implemented a multi-layered attack against the US power system in 2017?
Russia
In the context of information security, ____________________ is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker.
Social engineering
True/False A firewall can be configured to disallow certain types of incoming traffic that may be attacking.
T
True/False Blocking ICMP packets may help prevent denial-of-service attacks.
T
True/False Frequently the first responder to a computer crime is the network administrator.
T
True/False In the attack on the US Power grid in 2017, malware was planted, fake resumes with tainted attachments were used.
T
True/False Malware is a generic term for software that has a malicious purpose
T
True/False Most computer criminals are not really "criminals".
T
True/False Power grids are a major target for foreign actors.
T
True/False: A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected.
T
True/False: As an organization grows, it must often use more robust technology to replace the security technologies it may have outgrown
T
True/False: Confidentiality ensures that only those with the rights and privileges to access information are able to do so.
T
True/False: During the early years of computing, the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage.
T
True/False: One form of e-mail attack that is also a DoS attack is called a mail bomb, in which an attacker overwhelms the receiver with excessive quantities of e-mail.
T
True/False: Risk control is the application of controls that reduce the risks to an organization's information assets to an acceptable level
T
True/False: To achieve balance—that is, to operate an information system that satisfies the user and the security professional—the security level must allow reasonable access, yet protect against threats.
T
True/False: To determine if the risk to an information asset is acceptable or not, you estimate the expected loss the organization will incur if the risk is exploited.
T
True/False:In the early years of computing, if security was addressed at all, it dealt only with the physical security of the computers themselves and not the data or connections between the computers.
T
____________________ are malware programs that hide their true nature and reveal their designed behavior only when activated.
Trojan horses
What is the difference between vulnerability and exposure?
Vulnerability- a fault within the system such as software package flaws, unlocked doors, unprotected system port -leaves things open to an attack or damage Exposure- a single instance when a system is open to damage. Vulnerabilities can in turn be the cause of exposure
An organizational resource that is being protected is sometimes logical, such as a Web site, software information, or data. Sometimes the resource is physical, such as a person, computer system, hardware, or other tangible object. Either way, the resource is known as a(n) ___________.
asset
The first phase of risk management is _________.
asset identification
____________________ enables authorized users—people or computer systems—to access information
availability
If you use public WIFI and someone gets your email password and logs into your email. That individual is a ________________________ Hacker
black hat
These individuals hack for malicious reasons or personal gain. They do not have permission from the entity.
black hat hacker
Of the various types of mitigation plans, the ____________________ plan is the most strategic and long-term, as it focuses on the steps to ensure the continuation of the organization
business continuity plan (BCP)
Give examples of critical infrastructure systems
chemical sector, communications sector, commercial facilities sector, dams sector, dams sector
A ____ site provides only rudimentary services and facilities.
cold
When unauthorized individuals or systems can view information ________ is breached.
confidentiality
_____________ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data that result in violence against noncombatant targets by subnational groups or clandestine agents.
cyber-terrorism
Human error or failure often can be prevented with training, ongoing awareness activities, and ____________________.
education
Computer security is generally considered to be the responsibility of...?
everyone in the organization
A technique used to compromise a system is known as a(n) ___________.
exploit
Computer ____________________ is the process of collecting, analyzing, and preserving computer-related evidence.
forensics
These individuals hack without permission but not for malicious reasons.
grey hat hacker
One form of online vandalism is ____________________ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency
hacktivist
A(n) _____________ system is the entire set of people, procedures, and technology that enable business to use information.
hardware
____________ is the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system
hardware
The __________ plan specifies the actions an organization can and should take while an adverse event is in progress. An adverse event could result in loss of an information asset or assets, but it does not currently threaten the viability of the entire organization.
incident response (IR)
Information has ____________________ when it is whole, complete, and uncorrupted
integrity
The ____________ virus infects the key operating system files located in a computer's start-up sector.
macro virus
Risk _________ is the application of security mechanisms to reduce the risks to an organization's data and information systems.
management
The most valuable organizational asset is ____________.
people
The weakest link in a security chain is:
people
One of the first components of risk identification is identification, inventory, and categorization of assets. List at different types of assets.
people, data and information, procedures
The protection of tangible items, objects, or areas from unauthorized access and misuse is known as ___________.
physical security
A(n) ____________ threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures
polymorphic
A type of malicious code that takes control of the information on a system and demands payment to release it is called ______________ Some attackers will encrypt the data on the system and demand money to decrypt it.
ransomware
A single loss ____________________ is the calculation of the value associated with the most likely loss from an attack.
risk assessment
____________________ involves three major undertakings: risk identification, risk assessment, and risk control.
risk management
A _________ assigns a status level to employees to designate the maximum level of classified data they may access.
security clearance
is used in public or semi-public settings when individuals gather information they are not authorized to have by looking over another individual's shoulder or viewing the information from a distance.
shoulder surfing
A device (or a software program on a computer) that can monitor data traveling on a network is known as a _________ sniffer.
socket
____ is any technology that aids in gathering information about a person or organization without their knowledge.
spyware
When organizations adopt security measures for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as __________.
standards of due care
Any event or circumstance that has the potential to adversely affect operations and assets is known as a(n) _________.
threat
Of various approaches to information security implementation, the ___________ approach has a higher probability of success.
top-down
A potential weakness in an asset or its defensive control system(s) is known as a(n) _________.
vulnerability
An organization may hire a ________ hacker to find all the vulnerabilities in their system so that it can be patched before someone takes advantage of it
white hat
A(n) ____________________ is a malicious program that replicates itself constantly without requiring another program environment.
worm
