ISOM Ch 4
What is a trusted third party, such as VeriSign, that validates user identities by means of digital certification?
Certificate authority
What was passed to protect minors from accessing inappropriate material on the Internet?
Child Online Protection Act
_______ is the assurance that the message and information remain available only to those authorized to view them.
Confidentiality
What scrambles information into an alternative for that requires a key or password to decrypt.
Encryption
_______ are policies and procedures that address information management along with the ethical use of computers and the Internet in the business environment.
Epolicies
What identifies the rules required to maintain information security, such as requiring users to log off before leaving for lunch or meetings, never sharing passwords with anyone, and changing passwords every 30 days?
Information security policies
Which policy contains general principles to guide the proper use of the Internet?
Internet use policy
What is a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they come from legitimate businesses?
Phishing
What is a masquerading attack that combines spam with spoofing?
Phishing expedition
A(n) ________ computer use policy contains general principles to guide computer user behavior.
ethical
A zombie _______ is a group of computers on which a hacker has planted zombie programs.
farm
Content _______ occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission of unauthorized information.
filtering
A user can opt ____ to receive by choosing to allow permissions to incoming emails.
in
Information _______ is a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization.
security
_______-fraud is the abuse of pay-per-click, pay-per-call, and pay-per-conversion revenue models by repeatedly clicking on a link to increase charges or costs for the advertiser.
Click
What is a computer crime where a competitor or disgruntled employee increases a company's search advertising costs by repeatedly clicking on the advertiser's link?
Competitive click-fraud
______ are the principles and standards that guide our behavior toward other people.
Ethics
What is a hardware and/or software that guard a private network by analyzing incoming and outgoing information for the correct markings?
Firewall
Who are legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident?
Insiders
What is intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents?
Intellectual property
What uses their social skills to trick people into revealing access credentials or other valuable information?
Social engineering
______ software is the unauthorized use, duplication, distribution, or sale of copyrighted software.
Pirated
What is the traditional security process, which requires a user name and password?
Single-factor authentication
What is looking through people's trash, is another way hackers obtain information?
Dumpster diving
Select the two terms that refer to the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or information inquiry.
Ediscovery and Electronic discovery
Match the hacker weapon on the left with the definition on the right.
Elevation of privilege => A process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system. Hoaxes => Attack computer systems by transmitting a virus hoax, with a real virus attached. Malicious code => Includes a variety of threats such as viruses, worms, and Trojan horses. Packet tampering => Consists of altering the contents of packets as they travel over the Internet or altering data on computer disks after penetrating a network. Sniffer => A program or device that can monitor data traveling over a network. Spoofing => The forging of the return address on an email so that the message appears to come form someone other than the actual sender. Splogs (spam blogs) => Fake blogs created solely to raise the search engine rank of affiliated websites. Spyware => Software that come hidden in free downloadable software and tracks online movements.
Which of the following is a type of unplanned downtime?
Frozen pipe, Smoke damage, static electricity, Water damage
___________ are experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge.
Hackers
What is the foreign of someone's identity for the purpose of fraud?
Identity theft
_______ reroutes requests for legitimate websites to false websites.
Pharming
What uses a zombie farm, often by an organized crime association, to launch a massive phishing attack?
Pharming attack
Which policy outlines the corporate guidelines or principles governing employee online communications?
Social media policy
What is a phishing expedition in which the emails are carefully designed to target a particular person or organization?
Spear phishing
What are malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines?
Destructive agents
_______ rights management is a technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution.
Digital
What is a data file that identifies individuals or organizations online and is comparable to a digital signature?
Digital certificate
Select two items typically contained in an employee monitoring policy.
*Be as specific as possible stating when and what (email, IM, Internet, network activity, etc.) will be monitored. *Expressly communicate that the company reserves the right to monitor all employees. *State the consequences of violating the policy. *Always enforce the policy the same for everyone.
Select three items contained in a typical Internet use policy.
*Describes the Internet services available to users. *Defines the organization's position on the purpose of Internet access and what restrictions, if any, are placed on that access. *Describes user responsibility for citing sources, properly handling offensive material, and protecting the organization's good name. *States the ramifications if the policy is violated.
What refers to a period of time when a system is unavailable?
Downtime
Select three items typically contained in a social media policy.
*Employee online communication policy detailing brand communication. *Employee blog and personal blog policies. *Employee social network and personal social network policies. *Employee Twitter, corporate Twitter, and personal Twitter policies. *Employee LinkedIn policy. *Employee Facebook usage and brand usage policy. *Corporate YouTube policy.
Select three items typically found in an acceptable use policy.
*Not using the service as part of violating any law. *Not attempting to break the security of any computer network or user. *Not posting commercial messages to groups without prior permission. *Not performing any nonrepudiation.
Select three categories of authentication and authorization.
*Something that is part of the user, such as a fingerprint or voice signature. *Something the user knows, such as a user ID and password *Something the user has, such as a smart card or token.
_________-by hacking is a computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network.
Drive
______ is a method for confirming users' identities.
Authentification
______ is the process of providing a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space.
Authorization
Select the three reasons why organizations should develop written epolicies.
1. Establish organizational rules 2. Establish employees procedures 3. Establish employee guidelines
Select three epolicies
1. Ethical Computer Use Policy 2. Information Privacy Policy 3. Acceptable Use Policy 4. Email Privacy Policy 5. Social Media Policy 6. Workplace Monitoring Policy
Select two accurate statements relating to an ethical computer use policy.
1. Users need to be informed of the rules. 2. Users need to consent to following the rules.
______ is software that, although purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements without the consent of the computer user.
Adware
What scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware?
Antivirus software
Match the virus on the left with its correct definition on the right.
Backdoor program => Opens a way into the network for future attacks. Worm => Spreads itself, not only from file to file, but also from computer to computer. Trojan-horse virus => Hides inside other software, usually as an attachment or a downloadable file. Distributed denial-of-service attack (DDoS) => Attacks from multiple computers that flood a website with so many requests for service that it slows down or crashes. Polymorphic viruses => Viruses and worms change their form as they propagate Denial-of-service attack => Floods a website with so many requests for service that it slows down or crashes the site.
_________ is the identification of a user based on physical characteristics, such as fingerprints, iris, face, voice, or handwriting.
Biometrics
What is the electronic defacing of an existing website?
Cybervandalism
______ ethics govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself.
Information
What is the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity?
Information secrecy
What details how an organization will implement the information security policies?
Information security plan
What occurs when a government attempts to control Internet traffic, thus preventing some material from being viewed by a country's citizens?
Internet censorship
What requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification)?
Multifactor authentication
Which institute introduced encryption standard (AES) designed to keep government information secure?
National Institute of Standards and Technology (NIST)
What is an exclusive right to make, use, and sell an invention and is granted by a government to the inventor?
Patent
Match the area on the left with its contents on the right.
People => Authentication and authorization Data => Prevention and resistance Attacks => Detection and response
What is a form of social engineering in which one individual lies to obtain confidential data about another individual?
Pretexting
What is the right to be left alone when you want to be, to have control over your personal possessions, to not be observed without your consent?
Privacy
What uses two keys: a public key that everyone can have and a private key for only the recipient?
Public key encryption
______ is a form of malicious software that infects your computer and asks for money.
Ransomware
_______ is a special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission.
Spyware
What is an anti-spamming approach where the receiving computer launches a return attack against the spammer, sending email messages back to the computer that originated the suspected spam?
Teergrubing
A(n) ______ card is a device about the size of a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing.
smart
What is an act or object that poses a danger to assets?
Threat
______ bombs are computer viruses that wait for a specific data before executing their instructions.
Time
________ are small electronic devices that change user passwords automatically.
Tokens
_____-factor authentication requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token).
Two
_______ is a problem that occurs when someone registers purposely misspelled variations of well-known domain names.
Typosquatting
What is software written with malicious intent to cause annoyance or damage?
Virus
What is the primary difference between a worm and a virus?
Viruses attach to something, worms tunnel themselves
What is a phone scam that attempts to defraud people by asking them to call a bogus telephone number to confirm their account information?
Vishing
What is a set of measurable characteristics of human voice that uniquely identifies an individual?
Voiceprint
What is the theft of a website's name that occurs when someone, posing as a site's administrator, changes the ownership of the domain name assigned to the website to another website owner?
Website name stealing
________ is a program that secretly takes over another computer for the purpose for the purpose of launching attacks on other computers.
Zombie
A(n) _______ use policy requires a user to agree to follow it to be provided access to corporate email, information systems, and the Internet.
acceptable
A(n) ______ policy simply state that email users will not send unsolicited emails.
anti-spam
A mail ______ sends a massive amount of emails to a specific person or system that can cause that user's server to stop functioning.
bomb
_______ is an attempt by one country to hack another countries system....?
cyberwar
To ______ information is to decode it and is the opposite of encrypt.
decrypt
Intrusion _______ software features full-time monitoring tools that search for patterns in network traffic to identify intruders.
detection
Bring your own _______ policy allows employees to use their personal mobile devices and computers to access enterprise data and applications.
device
A(n) _______ monitoring policy states explicitly how, when, and where the company monitors its employees.
employee
Information _______ examines the organizational resource of information and regulates its definitions, uses, value, and distribution ensuring it has the types of data/information required to function and grow effectively.
management
A contractual stipulation which ensures that ebusiness participants do not deny their online actions is called a ______ clause.
nonrepudiation
A user can opt _____ of receiving emails by choosing to deny permission to incoming emails.
out
Organizations address security risks through two lines of defense; the first is _______ and the second is ________.
people, technology
An information _______ policy contains general principles regarding information privacy.
privacy
Information ________ is an ethical issue that focuses on who own information about individuals an how information can be sold and exchanged.
property
Match the common type of hacker on the left with its correct definition on the right.
Black-hat hackers => Break into other people's computer system and may just look around or may steal and destroy information. White-hat hackers => Work at the request of the system owners to find system vulnerabilities and plus the holes. Script kiddies => Find hacking code on the Internet and click-and-point their way into systems to cause damage or spread viruses. Hactivist => Have philosophical and political reasons for breaking into systems and will often deface the website as a protest. Cyberterrorist => Seek to cause harm to people or destroy critical systems or information and us the Internet as a weapon of mass destruction. Cracker => Have criminal intent when hacking
_______ is the legal protection afforded an expression of an idea, such as a song, book, or video game.
Copyright
________ software is software that is manufactured to look like the real thing and sold as such.
Counterfeit
______ is the science that studies encryption, which is the hiding of messages so that only the sender and receiver can read them.
Cryptography
______ includes threats, negative remarks, or defamatory comments transmitted via the Internet or posted on the website.
Cyberbullying
What is the use of computer and networking technologies against persons or property to intimidate or coerce governments, individuals, or any segment of society to attain political, religious, or ideological goals?
Cyberterrorism
Match the Internet monitoring technology on the left with its correct definition on the right.
Key logger => A program that records every keystroke and mouse click. Hardware key logger => A hardware device that captures keystrokes on their journey from the keyboard to the motherboard. Cookie => a small file deposited on the hard drive by a website containing information about customers and their web activities. Adware => Software that generates ads that install themselves on a computer when a person downloads some other program from the Internet. Spyware => Software that come hidden in free downloadable software and tracks online movements. Web log => Consists of one line of information for every visitor to a website and is usually stored on a web server. Clickstream => Records information about a customer during a web surfing session such as what websites are visited.