Ch.1 CNt4406
the value of information comes from the characteristics it possesses. True False
True
List the four important organizational functions an information security program performs.
1. Protects the organization's ability to function 2. Enables the safe operation of applications implemented on the organization's IT systems 3. Protects the data the organization collects and uses 4. Safeguards the technology assets in use at the organization
___ means that information is free from mistakes or errors. a. Accuracy b. Integrity c. Confidentiality d. Availability
A. Accuracy
The CIA triad is based on three characteristics of information that form the foundation for many security programs: ____. a. confidentiality, integrity, and availability b. confidentiality, information, and availability c. communication, information, and asset d. confidentiality, integrity, and asset
A. Confidentiality, integrity, and availability
An individual who hacks the public telephone network to make free calls or disrupt services is called a ____. a. phreaker b. cyberterrorist c. hactivist d. packet monkey
A. Phreaker
Information is free from mistakes or errors.
Accuracy
There are two general methods for implementing technical controls within a specific application to enforce policy: ____ and configuration rules. a. authenticity control lists b. access control lists c. application control lists d. assessment control lists
B. Access control lists
Which resource is a physical asset? a. Information b. Computer system c. Data d. Web site
B. Computer system
A data ____ might be a specifically identified role or part of the duties of a systems administrator. a. owner b. custodian c. user d. manager
B. Custodian
End users are ____. a. often considered data custodians b. a part of the security project team c. not important to the security of an organization d. all risk assessment specialists
B. a part of the security project team
In a ____ attack, the attacker sends a large number of connection or information requests to a target in an attempt to overwhelm its capacity and make it unavailable for legitimate users. a. sniffer b. denial-of-service (DoS) c. dictionary d. man-in-the-middle
B. denial-of-service (DoS)
Component in a system that allows the attacker to access the system at will, bypassing standard login controls.
Back door
Involves operating an information system that meets the high level of availability sought by system users as well as the confidentiality and integrity needs of system owners and security professionals
Balance
Responsible for the storage, maintenance, and protection of the information.
Data custodian
Organizations must minimize ____ to match their risk appetite. a. access b. loss c. risk d. threats
C. Risk
Responsible for the security and use of a particular set of information.
Data owner
The ____________________ is primarily responsible for advising the chief executive officer, president, or company owner on the strategic planning that affects the management of information in the organization.
CIO chief information officer (CIO) chief information officer
____ refers to multiple layers of security controls and safeguards is called. a. A security perimeter b. Layered redundancy c. A DMZ d. Defense in depth
D. Defense in depth
In information security, ____ exists when a vulnerability known to an attacker is present. a. risk b. threat c. loss d. exposure
D. Exposure
A(n) ____ is a weakness or fault in the mechanisms that are intended to protect information and information assets from attack or damage. a. risk b. threat c. exploit d. vulnerability
D. Vulnerability
Which individual interferes with or disrupts systems to protest the operations, policies, or actions of an organization or government agency? a. Phreaker b. Packet monkey c. Cyberterrorist d. Hacktivist
D. hacktivist
An indirect attack involves a hacker using a personal computer to break into a system. True False
False
Discuss the layered implementation of security.
Layered security establishes multiple layers of security controls and safeguards, which can be organized into policy, training and education, and technology.
According the to CSI/FBI Computer Crime and Security Survey, the most dominant type of attack for the last decade was ____.
Malware attacks
What are the responsibilities of a data custodian?
They are responsible for storage, maintenance, and protection of the information
Software programs that reveals its designed behavior only when activated.
Trojan Horse
A(n) ____________________ defines the boundary between the outer limit of an organization's security and the beginning of the outside world.
Security perimeter
A(n) ____________________ is a program or device that monitors data traveling over a network.
Sniffer
____________ is a technique used to gain unauthorized access to computers, wherein the intruder sends messages whose IP addresses indicate to the recipient that the messages are coming from a trusted host.
Spoofing
Information is protected from disclosure or exposure to unauthorized individuals or systems.
confidentiality
Information remains whole, complete, and uncorrupted.
integrity
How does a distributed denial-of-service (DDoS) attack work and why are they so dangerous?
launches a coordinated stream of requests against a target from many locations at thesame time.DDoS attacks are the most difficult to defend against, and there arepresently no controls that any single organization can apply
Malicious program that replicates itself constantly.
worm