MIS module 9
__________ is a technical safeguard that ensures that if stored or transmitted data is stolen it cannot be understood.
Encryption
Which of the following statements is NOT accurate?
Forms of usurpation deny access to legitimate users.
Which of the following is considered a computer crime?
Hacking of information systems
You learn that in a previous security breach at GearUp, a disgruntled employee destroyed the encryption key that had been used to protect data. How will you prevent a similar data safeguard problem at GearOn?
Implement a key escrow procedure.
In an accounts payable department, the department supervisor can both approve an expense and write a check to cover the expense. This situation illustrates ignoring which type of human safeguard?
Separation of duties
The computers that run the DBMS and all devices that store database data should reside in locked, controlled-access facilities. This is an example of __________.
physical security
Your personal IS security goal should be to find an effective trade-off between __________ and __________.
risk of loss; cost of safeguards
If an organization takes a strong position and mandates that its employees create strong passwords, it is engaging in a trade-off between __________ and __________.
security; freedom
In this video, Agent Macey explains how a _____ pretends to be a legitimate company and sends email requesting users to update their confidential information such as passwords or account numbers.
spoofer
A difficult aspect of understanding the cost of computer security threats is the fact that most data are based on __________ methods that have several weaknesses.
survey
Password management best practices include all of the following recommendations EXCEPT __________.
users may retain the same password indefinitely to make it easier to remember
An organization's policy statement about customer data should include all of the following elements EXCEPT __________.
what field is used as the primary key
Organizational security policies should address all the following issues EXCEPT __________.
whether data marting will be tolerated
__________ personnel have been, often inadvertently, the source of serious security risks.
Help-desk
In this video, Special Agent Macey says the single largest threat to the Internet is _____.
denial-of-service attacks
A(n) __________ will stipulate what an employee should do when he notices something like a virus.
incident-response plan
What is your first step in implementing GearOn's improved security?
Develop a company-wide security policy.
What technical safeguards will you use to allow GearOn employees to securely access the database that stores members' credit card data?
Smart card and pin
When it comes to risk of security threats and losses, __________.
risks cannot be eliminated
Which of the following is likely to occur in the next 10 years?
Major incidents of cyberwarfare are likely.
A __________ is an opportunity for threats to gain access to individual or organizational assets.
vulnerability
When a person transmits personal data over the Internet during a transaction, the transmitted data is __________ threats unless appropriate __________ are taken.
vulnerable to; safeguards
A __________ is a type of malware that self-propagates using the Internet or other computer network.
worm
Because users often neglect to create strong passwords, some organizations choose to also employ __________ authentication using fingerprint scans or retina scans.
biometric
Use of strong passwords helps protect against __________ in which computing power is used to try every possible combination of characters to guess the password.
brute force attacks
You begin your first day of responsibilities by examining the recent IS security breach at GearUp to get ideas for safeguards you will take. At GearUp, criminals accessed the company's improperly-secured wireless system and stole customers' credit card information as well as employee social security numbers. What kind of computer crime did GearUp face?
sniffing
An often-overlooked aspect of an organization's incident response plan is __________.
practicing the incident response
Based on the information provided in this video, which of the following usually happens in a denial-of-service attack?
A hacker floods a Web server with so many requests that it becomes unavailable to its intended users.
In a security system the purpose of a username is to __________.
provide identification
An important new trend revealed by research on security threats is that ________.
ransomware and Web-based attacks are increasingly serious.
You consider installing a firewall or multiple firewalls as technical safeguards for secure access to the database. How many firewalls will you install?
A perimeter firewall and an internal firewall
The use of usernames and passwords is an important __________ safeguard to identify and authenticate legitimate users of the system.
technical
Long-term attacks focused on stealing confidential data and intellectual property that are perpetrated by large, well-funded organizations are called __________.
Advanced Persistent Threats
__________ will enable an organization to determine whether it is under systematic attack or whether an incident is isolated.
Centralized reporting
An employee who believes he is about to be terminated intentionally destroys data. This is an example of which type of threat?
Computer crime
What is the most effective way to begin setting up human security safeguards?
Document the security sensitivity for each position
Several employees come to you complaining that the passwords they must use are too long, too complex, and must be changed too often. What do you tell them?
These measures are necessary for security to be strong.
A university professor accidently leaves a sheet of paper in a classroom containing the scores on the recent exam for the class, listed by student ID number. This represents what type of loss?
Unauthorized data disclosure
Which is the single most important safeguard that an individual computer user can implement?
Using strong passwords
According to the information provided in this video, any business that has an online presence is at risk of _____.
all of these answers
All the following statements are good practices to protect against security threats, EXCEPT __________.
backing up your browsing history, temporary files, and cookies
An employee starts the execution of an OLAP application that uses a lot of computational resources while executing. Normally, this application runs overnight when resources are not heavily used, but this time it is executed during prime work time. As a result, order-entry transactions are unable to be completed. This type of human error is termed __________.
denial of service
A safety procedure that enables a trusted party to have a copy of the encryption key is called key __________.
escrow
Preventing unauthorized network access using hardware or a hardware/software combination is accomplished with a(n) __________.
firewall
Organizations (and you personally) can use one or more __________ to filter the data transmissions allowed into your computer network.
firewalls
Since public users of Web sites are difficult to hold accountable for security violations, organizations take steps to __________ the Web site.
harden
The most secure and hard-to-break passwords have all the following characteristics, EXCEPT __________.
having six or fewer characters
You also look into another recent data security problem GearUp faced when many customers were denied service from its web site after IT ran a software update at peak usage time. How can you characterize the cause of this problem?
human error
Human safeguards involve the people and procedural components of information systems. All the following constitute effective human safeguards, EXCEPT __________.
incident-response plan
Studies of computer crime reveal that __________ is the single most expensive consequence of computer crime.
information loss
When an organization encrypts sensitive data, it is important that it follow a procedure called a __________ to safeguard the loss or damage to the encryption key.
key escrow
When user accounts are defined so that the user has access only to the minimum data and actions required to complete his/her job responsibilities, the principle of __________ is in use.
least possible privilege
According to recent research, the type of computer crime with the highest average cost involves __________.
malicious insiders
According to the DHS agent portrayed in this video, the Secret Service has responded to network intrusions at businesses throughout the United States that have been impacted by _____ through their point-of-sale systems.
malware
The next major security challenges will likely be those affecting __________.
mobile devices
By 2029, security threats will continue to exist, but __________.
organizations can be better prepared for them