Chapter 7

Ace your homework & exams now with Quizwiz!

1. Crafting email and websites to specifically target certain victims is called dive bombing. True or False

False

Funcrypt is a free tool that can be used to encrypt drives, folders, or partitions. True or False

False

Sending a forged email asking for sensitive data is an example of steganography. True or False

False

The Patriot Act was the first U.S. law to criminalize theft of commercial trade secrets. True or False

False

A key logger can be hardware-based or software-based. True or False

True

Employees with access to any sensitive information should be asked to sign nondisclosure agreements. True or False

True

Hiding a message in images is an example of stenography. True or False

True

Industrial espionage is the use of spying techniques to find out key information that is of economic value. True or False

True

Microsoft Windows includes BitLocker in some editions, so entire hard drives can be encrypted. True or False

True

VI (value of information) = C (cost to produce) + VG (value gained). True or False

True

The single greatest security risk to any organization is _________. a. A distruntled employee b. Lack of antivirus software c. Out-of-date software d. Lack of a disaster recovery plan

a. A distruntled employee

What is the highest level of security you can expect to obtain? a. A level of security that makes the effort required to get information more costly than the value of the information. b. A level of security comparable with government security agencies, such as the Central Intelligence Agency. c. A level of security that has a 92.5% success rate in stopping intrusion. d. A level of security that has a 98.5% success rate i stopping intrusion.

a. A level of security that makes the effort required to get information more costly than the value of the information.

In the context of preventing industrial espionage, why might you want to limit the number of company CD burners and control access to them in your organization? a. An employee could use such media to take sensitive data. b. An employee could use such media to copy software from the company. c. CDs could be a vehicle for spyware to get on your system. d. CDs could be a vehicle for a virus to get on your system.

a. An employee could use such media to take sensitive data.

Data stored in computer systems has a high value because there is a great deal of time and effort that goes into creating and analyzing it, and ________________. a. Data often has intrinsic value. b. Data lasts forever c. Data is an asset that appreciates. d. Data are often sharable among businesses.

a. Data often has intrinsic value.

Giving personnel access to only data that they absolutely need to perform their jobs is referred to as _________. a. Least privileges b. Business espionage c. Business continuation planning d. Job rotation

a. Least privileges

Which of the following is the best definition for spyware? a. Software that monitors activity on a computer. b. Software that logs computer keystrokes c. Software that steals data d. Software that assists in corporate espionate.

a. Software that monitors activity on a computer.

Quick Stego can be used for __________. a. Steganography b. Key logging c. Port scanning d. Scamming

a. Steganography

The process to list assets that you believe support your organization is called ________. a. Marketing a balance sheet b. Asset identification c. Business planning d. Organizational charting

b. Asset identification

The company involved in an attack by Oleg Zezev from Kazahkstan, in which Zezev accessed computer data and copied personal information for purposes of blackmail was ______. a. Interactive Television Technologies, Inc. b. Bloomberg, Inc. c. General Motors d. Microsoft Corp.

b. Bloomberg, Inc.

Data stored in computer systems has a high value because there is a great deal of time and effort that goes into creating and analyzing it, and ________________. a. Data is an asset that appreciates. b. Data often has intrinsic value. c. Data are often sharable among businesses. d. Data lasts forever

b. Data often has intrinsic value.

For security reasons, when an employee leaves a company, you should conduct a(n) ________ interview. a. Employment b. Exit c. Scanning d. Security

b. Exit

Accurate statistics on corporate espionage are difficult to obtain. One reason is that the victims don't always report the crime, as they often don't want the incidents to become public. Which of the following is a likely reason that an organization might be reluctant to admit it has been a victim of corporate espionage? a. It might lead to involvement in a criminal prosecution. b. It might cause stock value to decline. c. It would embarrass the CEO. d. It would embarrass the IT department.

b. It might cause stock value to decline.

The chief executive officer of Oracle defends his practice to hire private investigators to sift through the garbage of which competitor? a. Red Hat b. Microsoft c. Norton d. McAfee

b. Microsoft

What is the difference between corporate and industrial espionage? a. Corporate espionage only refers to executive activities. b. None, they are interchangeable terms. c. Corporate espionage only refers to publicly treaded companies. d. Industrial espionage only only reffers to heavy industry, such as factories.

b. None, they are interchangeable terms.

Why would you want to scan an employee's computer when he leaves the organization? a. To check the workflow prior to his leaving. b. To check for signs of corporate espionage. c. To check for pornography d. To check for illegal software.

b. To check for signs of corporate espionage.

Terrance is trying to explain industrial espionage to a group of new security techs. What is the ultimate goal of espionage? a. To subvert a rival business b. To obtain information not otherwise available c. To subvert a rival government d. To obtain information that has value

b. To obtain information not otherwise available

In order to truly understand industrial espionage, you need to understand the mindset of the spy. What is the best outcome for a spy attempting an espionage activity? a. To obtain information and cause harm to the target. b. To obtain information without the target even realizing he did so. c. To obtain infromation and discredit the target. d. To obtain information with or without the target realizing he did so.

b. To obtain information without the target even realizing he did so.

What is the reason for encrypting hard drives on laptop computers? a. To ensure that data transmissions are secure. b. To prevent a thief from getting data off of a stolen laptop. c. To prevent a hacker from reading the data while you are online. d. To ensure that data transmissions are secure.

b. To prevent a thief from getting data off of a stolen laptop.

VI (value of information) = C (cost to produce) + ___________. a. GM (gross margin) b. VG (value gained) c. VL (value lost) d. MU (markup)

b. VG (value gained)

Information is an asset to your company if it a. cost any sum of money to produce. b. might have economic value. c. cost a significant sum of money to produce. d. might cost significant money to reproduce.

b. might have economic value.

The company whose chief executive officer was indicted for copyright infringement of allegedly stealing technology from D-Link, which was one of its own customers, was _________. a. General Motors b. Interactive Television Technologies, Inc. c. Bloomberg, Inc. d. Apple, Inc.

c. Bloomberg, Inc.

Which of the following is NOT an example of industrial espionage? a. A list of a competitor's clients b. Details on a competitor's new project c. Denial-of-service attack

c. Denial-of-service attack

Information is a valuable asset. It can be useful to calculate that value in order to determine how much effort should be put into protecting it. What formula can you use to calculate the value of information? a. Time taken to derive the information multiplied by money needed to derive the information. b. Time taken to derive the information plus money needed to derive the information c. Resources needed to produce the information plus resources gained from the information. d. Resources needed to produce the information multiplied by resources gained from the information.

c. Resources needed to produce the information plus resources gained from the information.

Sending an email that claims to come from a different sender, and asking for sensitive data is an example of ___________. a. Phishing b. Key logging c. Social engineering d. Scamming

c. Social engineering

Cookies and key loggers are examples of ____________. a. Worms b. Blocking c. Spyware d. Viruses

c. Spyware

Invisible Secrets can be used for __________. a. Port scanning b. Scamming c. Steganography d. Key logging

c. Steganography

Which of the following is the best answer on describing types of information would be a likely target for industrial espionage? a. A new algorithm that the company's IT department has generated. b. A new marketing plan that the company has formulated c. A list of all the company's customers. d. All of the above

d. All of the above

What is the usual motivating factor for corporate/industrial espionage? a. Revenge b. Ideological c. Political d. Economic

d. Economic

______________ is the use of spying techniques to find out key information that is of economic value. a. Electronic monitoring b. Scanning c. Hacking d. Industrial espionage

d. Industrial espionage

The most obvious use of ________________involves talking to an employee and getting him to reveal sensitive data. a. Phishing b. Scamming c. Key logging d. Social engineering

d. Social engineering

If a company purchases a high-end UNIX server to use for its research and development department, what is probably the most valuable part of the system? a. The devices used to protect the server. b. The room to store the server. c. The high-end UNIX server hardware. d. The information on the server.

d. The information on the server.


Related study sets

GB 110 Chapter 8 Intellectual Property

View Set

Exam 1: Ch.1 Cellular Function & Ch.2 Immunity

View Set

A & P 1 lecture notes 1-9 (Final Exam)

View Set

Pediatric success, Saunders & Davis test 2 questions

View Set

Nutrition - Chapter 2 (Planning a Healthy Diet)

View Set

Business Law II Chapter 32 Practice Questions

View Set