MIS module 9

__________ is a technical safeguard that ensures that if stored or transmitted data is stolen it cannot be understood.

Encryption

Which of the following statements is NOT​ accurate?

Forms of usurpation deny access to legitimate users.

Which of the following is considered a computer​ crime?

Hacking of information systems

You learn that in a previous security breach at GearUp, a disgruntled employee destroyed the encryption key that had been used to protect data. How will you prevent a similar data safeguard problem at GearOn?

Implement a key escrow procedure.

In an accounts payable​ department, the department supervisor can both approve an expense and write a check to cover the expense. This situation illustrates ignoring which type of human​ safeguard?

Separation of duties

The computers that run the DBMS and all devices that store database data should reside in​ locked, controlled-access facilities. This is an example of​ __________.

physical security

Your personal IS security goal should be to find an effective​ trade-off between​ __________ and​ __________.

risk of​ loss; cost of safeguards

If an organization takes a strong position and mandates that its employees create strong​ passwords, it is engaging in a​ trade-off between​ __________ and​ __________.

security; freedom

In this​ video, Agent Macey explains how a​ _____ pretends to be a legitimate company and sends email requesting users to update their confidential information such as passwords or account numbers.

spoofer

A difficult aspect of understanding the cost of computer security threats is the fact that most data are based on​ __________ methods that have several weaknesses.

survey

Password management best practices include all of the following recommendations EXCEPT​ __________.

users may retain the same password indefinitely to make it easier to remember

An​ organization's policy statement about customer data should include all of the following elements EXCEPT​ __________.

what field is used as the primary key

Organizational security policies should address all the following issues EXCEPT​ __________.

whether data marting will be tolerated

__________ personnel have​ been, often​ inadvertently, the source of serious security risks.

​Help-desk

In this​ video, Special Agent Macey says the single largest threat to the Internet is​ _____.

​denial-of-service attacks

​A(n) __________ will stipulate what an employee should do when he notices something like a virus.

​incident-response plan

What is your first step in implementing GearOn's improved security?

Develop a company-wide security policy.

What technical safeguards will you use to allow GearOn employees to securely access the database that stores members' credit card data?

Smart card and pin

When it comes to risk of security threats and​ losses, __________.

risks cannot be eliminated

Which of the following is likely to occur in the next 10​ years?

Major incidents of cyberwarfare are likely.

A​ __________ is an opportunity for threats to gain access to individual or organizational assets.

vulnerability

When a person transmits personal data over the Internet during a​ transaction, the transmitted data is​ __________ threats unless appropriate​ __________ are taken.

vulnerable​ to; safeguards

A​ __________ is a type of malware that​ self-propagates using the Internet or other computer network.

worm

Because users often neglect to create strong​ passwords, some organizations choose to also employ​ __________ authentication using fingerprint scans or retina scans.

biometric

Use of strong passwords helps protect against​ __________ in which computing power is used to try every possible combination of characters to guess the password.

brute force attacks

You begin your first day of responsibilities by examining the recent IS security breach at GearUp to get ideas for safeguards you will take. At GearUp, criminals accessed the company's improperly-secured wireless system and stole customers' credit card information as well as employee social security numbers. What kind of computer crime did GearUp face?

sniffing

An​ often-overlooked aspect of an​ organization's incident response plan is​ __________.

practicing the incident response

Based on the information provided in this​ video, which of the following usually happens in a​ denial-of-service attack?

A hacker floods a Web server with so many requests that it becomes unavailable to its intended users.

In a security system the purpose of a username is to​ __________.

provide identification

An important new trend revealed by research on security threats is that​ ________.

ransomware and​ Web-based attacks are increasingly serious.

You consider installing a firewall or multiple firewalls as technical safeguards for secure access to the database. How many firewalls will you install?

A perimeter firewall and an internal firewall

The use of usernames and passwords is an important​ __________ safeguard to identify and authenticate legitimate users of the system.

technical

​Long-term attacks focused on stealing confidential data and intellectual property that are perpetrated by​ large, well-funded organizations are called​ __________.

Advanced Persistent Threats

​__________ will enable an organization to determine whether it is under systematic attack or whether an incident is isolated.

Centralized reporting

An employee who believes he is about to be terminated intentionally destroys data. This is an example of which type of​ threat?

Computer crime

What is the most effective way to begin setting up human security safeguards?

Document the security sensitivity for each position

Several employees come to you complaining that the passwords they must use are too long, too complex, and must be changed too often. What do you tell them?

These measures are necessary for security to be strong.

A university professor accidently leaves a sheet of paper in a classroom containing the scores on the recent exam for the​ class, listed by student ID number. This represents what type of​ loss?

Unauthorized data disclosure

Which is the single most important safeguard that an individual computer user can​ implement?

Using strong passwords

According to the information provided in this​ video, any business that has an online presence is at risk of​ _____.

all of these answers

All the following statements are good practices to protect against security​ threats, EXCEPT​ __________.

backing up your browsing​ history, temporary​ files, and cookies

An employee starts the execution of an OLAP application that uses a lot of computational resources while executing.​ Normally, this application runs overnight when resources are not heavily​ used, but this time it is executed during prime work time. As a​ result, order-entry transactions are unable to be completed. This type of human error is termed​ __________.

denial of service

A safety procedure that enables a trusted party to have a copy of the encryption key is called key​ __________.

escrow

Preventing unauthorized network access using hardware or a​ hardware/software combination is accomplished with​ a(n) __________.

firewall

Organizations​ (and you​ personally) can use one or more​ __________ to filter the data transmissions allowed into your computer network.

firewalls

Since public users of Web sites are difficult to hold accountable for security​ violations, organizations take steps to​ __________ the Web site.

harden

The most secure and​ hard-to-break passwords have all the following​ characteristics, EXCEPT​ __________.

having six or fewer characters

You also look into another recent data security problem GearUp faced when many customers were denied service from its web site after IT ran a software update at peak usage time. How can you characterize the cause of this problem?

human error

Human safeguards involve the people and procedural components of information systems. All the following constitute effective human​ safeguards, EXCEPT​ __________.

incident-response plan

Studies of computer crime reveal that​ __________ is the single most expensive consequence of computer crime.

information loss

When an organization encrypts sensitive​ data, it is important that it follow a procedure called a​ __________ to safeguard the loss or damage to the encryption key.

key escrow

When user accounts are defined so that the user has access only to the minimum data and actions required to complete​ his/her job​ responsibilities, the principle of​ __________ is in use.

least possible privilege

According to recent​ research, the type of computer crime with the highest average cost involves​ __________.

malicious insiders

According to the DHS agent portrayed in this​ video, the Secret Service has responded to network intrusions at businesses throughout the United States that have been impacted by​ _____ through their​ point-of-sale systems.

malware

The next major security challenges will likely be those affecting​ __________.

mobile devices

By​ 2029, security threats will continue to​ exist, but​ __________.

organizations can be better prepared for them