MIS 213 Ch. 4

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

False

A VPN is a network within the organization (T/F)

Patent

A _____ is a document that grants the holder exclusive rights on an invention for 20 years.

Threat

A _____ is any danger to which an information resource may be exposed

Phishing

A ______ attack uses deception to fraudulently acquire sensitive personal information by masquerading as an official e-mail

Trade Secret

A _______ is intellectual work that is known only to a company and is not based on public information

Authentication and Authorization

Access Controls Include

Authentication, Authorization

Access controls involve ____ before ____.

Vulnerability

An information system's _______ is the possibility that the system will be harmed by a threat.

Trojan Horse Back Door Logic Bomb

Attacks by a Programmer Developing a System include

Something the user is

Biometrics are an example of:

Disaster Recovery Plan Hot Site Cold Site

Business Continuity Planning includes

Firewalls Anti-malware Systems Whitelisting and Blacklisting Encryption Virtual Private Networking Secure Socket Layer Employee Monitoring Systems

Communication Controls Include

False

Dumpster diving is always illegal because it involves trespassing on private property (T/F)

human resources, management information systems

Employees in which functional areas of the organization pose particularly grave threats to information security?

True

Firewalls do not filter messages the same way as anti-malware systems do

False

Having one backup of your business data is sufficient for security purposes (T/F)

True

Human errors cause more than half of the security-related problems in many organizations (T/F)

True

IT security is the responsibility of everyone in the organization (T/F)

risk mitigation

In _____, the organization takes concrete actions against risks

distributed denial of service attack

In a _____ attack, a coordinated stream of requests is launched against a target system from many compromised computers at the same time.

whitelisting, blacklisting

In a process called _____, a company allows nothing to run unless it is approved, whereas in a process called ____, the company allows everything to run unless it is not approved.

Employee negligence

In its study of various organizations, the Ponemon Institute found that the most common cause of data breaches was:

cookies

In most cases, _____ track your path through Web sites and are therefore invasions of your privacy

Authentication

Organizations use _____ to establish privileges to systems operations

True

Organizations utilize layers of controls because they face so many diverse threats to information security (T/F)

Something the user knows

Passwords and passphrases are examples of:

unauthorized individuals from gaining access to a company's facilities

Physical Controls prevent

True

Public-key encryption uses two different keys, one public and one private. (T/F)

Denial of Service Attack Distributed Denial of Service Attack

Remote software attacks requiring no user action

Virus, Worm, Phishing attack

Remote software attacks requiring user action

False

Risk analysis involves determining whether security programs are working (T/F)

Authorization

Something the user is, does, has or knows

True

The computing skills necessary to be a hacker are decreasing (T/F)

True

The higher the level of an employee in organization, the greater the threat that he or she poses to the organization. (T/F)

Janitors and Guards

The most overlooked people in information security are:

Alien Software

The term _____ refers to clandestine software that is installed on your PC through duplicitous channels but is not particularly malicious.

Adware, Spyware, Spamware, Cookies

Types of alien software include

Dumpster Diving

Typically committed for the purpose of identity theft

1. Human Errors 2. Social Engineering

Unintentional threats to information systems include

Something the user does

Voice recognition is an example of:

Risk Risk Analysis Risk Mitigation

What Organizations Are Doing to Protect Information Resources

keyloggers, screen scrapers

When companies attempt to counter ____ by requiring users to accurately select characters in turn from a series of boxes, attackers respond by using ______.

limited storage capacity on portable devices

Which of the following factors is not increasing the threats to information security?

Spamware

Which of the following is(are) designed to use your computer as a launch pad for sending unsolicited e-mail to other computers?

Viruses

_____ are segments of computer code that attach to existing computer programs and perform malicious acts.

Access

_____ controls are concerned with user identification, and they restrict unauthorized individuals from using information resources.

trojan horses

______ are software programs that hide in other computer programs and reveal their designed behavior only when they are activated (T/F)

Risk Analysis

_______ is the process in which an organization assesses the value of each asset being protected, estimates the probability that it will be compromised, and compares the probable costs of an attack with the costs of protecting the asset.

Logic Bombs

________ are segments of computer code embedded within an organization's existing computer programs that activate and perform a destructive action at a certain time or date.

Social Engineering

________ involves building an inappropriate trust relationship with employees for the purpose of gaining sensitive information or unauthorized access privileges

Information Security

all of the processes and policies designed to protect an organization's information and information systems (IS) from unauthorized access, use, disclosure, disruption, modification, or destruction.

Threat

any danger to which a system may be exposed

Security

the degree of protection against criminal activity, danger, damage, and/or loss.

Exposure

the harm, loss, or damage that can result if a threat compromises an information resource.

Vulnerability

the possibility that the system will be harmed by a threat


Ensembles d'études connexes

Ch.1 Quiz - Information Security

View Set

APUSH - Learning Curve Chapter 16

View Set