ISYS 209 Chp 8

Ace your homework & exams now with Quizwiz!

Information systems controls are both manual and automated and consist of general and application controls. Which of the following best describes general controls?

General controls govern the design, security, and use of computer programs and the security of data files in general throughout the organization's information technology infrastructure.

Which act requires financial institutions to ensure the security and confidentiality of customer data and mandates that data must be stored on a secure medium and protected during storage and transmittal?

Gramm-Leach-Billey Act

Which of the following best describes HIPAA?

HIPAA outlines medical security and privacy rules and procedures for simplifying the administration of health care billing and automating the transfer of health care data between health care providers, payers, and plans.

Which of the following statements about information systems security vulnerability is true?

Hackers can unleash denial-of-service (DoS) attacks or penetrate corporate networks, causing serious system disruptions.

Which of the following scenarios illustrates a drive-by download?

Milly copies a file from the Internet to her PC, and, in the process, her PC gets infected by malware.

_______________ is an increasing problem where hackers lock parts of your computer and then demand money to unlock the system.

Ransomware

Which of the following best describes a firewall?

It is a combination of hardware and software that controls the flow of incoming and outgoing network traffic.

A __________ is a program that seems like a normal program, but does something completely unexpected

Trojan horse

Which of the following is an opportunity for threats to gain access to assets

vulnerability

A _____________ is a unique type of malware that replicates itself from one computer to another

worm

The ________ virus, a rather nice sounding virus, was one of the most famous malwares that was detected in 2000.

ILOVEYOU

Electronic evidence on computer storage media that is not visible to the average user is called ____________

ambient data

Based on the information provided in this​ video, which of the following usually happens in a​ denial-of-service attack?

A hacker floods a Web server with so many requests that it becomes unavailable to its intended users.

Caroline's personal laptop was attacked by malware. When she got it fixed from the service center, the computer technician advised her to install software that would detect and prevent malware from attacking her system. Which of the following software did the technician advise her to install?

Antivirus software

___________________ is the ability to determine that a person is who he or she claims to be through a variety of means

Authentication

__________________ requires that your patient records be protected and saved for six years

HIPAA

Which of the following best describes public key encryption?

Public key encryption is a more secure form of encryption that uses two keys, one shared and one totally private. The keys are mathematically related so that data encrypted with one key can be decrypted using only the other key.

Which of the following best describes risk assessment?

Risk assessment determines the potential frequency of the occurrence of a problem and the potential damage if the problem were to occur. It is used to determine the cost/benefit of a control.

A particular malware threat looks for weaknesses in poorly coded Web application software that get exposed when the Web application fails to filter the data entered by a user on a Web page. This results in malicious program code entering into the company's systems and networks. Which of the following best refers to this malware threat?

SQL injection attack

____________ provides rules related to the creation of financial statement to help avoid fraud

Sarbanes-Oxley Act

__________ refers to software that covertly gathers information about a user through an Internet connection without the user's knowledge.

Spyware

According to the information provided in this​ video, any business that has an online presence is at risk of​ _____.

all of the above

Although it may seem innocent enough, _________is a serious problem for companies that are involved with pay-per-click advertising.

click fraud

Taking over computers and directing those systems to overload a network is defined as a(n) ____________ attack.

denial-of-service

A __________ is a type of spyware that records keystrokes to steal sensitive information such as social security numbers.

keylogger

According to the DHS agent portrayed in this​ video, the Secret Service has responded to network intrusions at businesses throughout the United States that have been impacted by​ _____ through their​ point-of-sale systems.

malware

If you receive an email asking for your social security number in return for a million dollars, this is an example of _____________.

phishing

Which of the following is FALSE regarding digital certificates?

The CA verifies a digital certificate user's identity online

tricking employees to reveal their password by pretending to be a legitimate member of a company is referred to as_________.

social engineering

Gaining access to a safety deposit box using iris scanning is an example of ___________________ authentication

biometric

Which of the following is FALSE regarding public-key encryption

on receiving the message, the recipient uses the public key to decrypt it

Establishing a risk level of malware threats to an organization is an example of _____________.

risk assessment

In this​ video, Agent Macey explains how a​ _____ pretends to be a legitimate company and sends email requesting users to update their confidential information such as passwords or account numbers.

spoofer

Which of the following examines data files and sorts out low-priority online material while assigning higher priority to business-critical files

Deep packet inspection

Which of the following is NOT a security threat posed by the use of the iPhone, iPad, and other mobile computing devices in the workplace?

Dictating what kind of data an app can access inside its sandbox domain

Which of the following is the process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the intended receiver?

Encryption

Which of the following is a critical security function of senior management in an organization

Establishing the security policy and managing risk

_________________ is a general security term that includes computer viruses, worms, and Trojan horses

Malware

__________ imposes responsibility on companies and their management to protect investors by safeguarding the accuracy and integrity of financial information that is used internally and released externally.

The Sarbanes-Oxley Act

Which of the following statements about the business value of security and control is true?

Lack of sound security and control can cause firms relying on computer systems for their core business functions to lose sales and productivity

Which of the following best describes a security policy?

A security policy consists of statements ranking information risks, identifying acceptable security goals, and identifying the mechanisms for achieving these goals.

Symphoniz, Inc., a software company, has installed a new device at the company's entrance. This device replaces the smart cards that provided access to the company's premises. This device requires every employee to place their palm on a scanner-like device. Once an individual's palm is scanned, the fingerprints are compared with the ones stored in the database. If they match, the individual would be granted access. If not, the individual would be required to report to the security office to complete entry formalities. Which of the following processes is being illustrated in this scenario?

Biometric authentication

__________ focuses on how the company can restore business operations after a disaster strikes.

Business continuity planning

Which of the following statements about the business value of security and control is true?

Information assets, such as confidential employee records, trade secrets, or business plans, lose much of their value if they are revealed to outsiders or if they expose the firm to legal liability.

Jamie uses a form of encryption technique that requires him to have two keys. He shares one key with the senders of the message, so that they can use it to encrypt the message. He uses his private key to decrypt the received message. Which of the following encryption methods is being exemplified in this scenario?

Public key encryption

Which of the following is NOT addressed by a business continuity plan?

The technical issues involved in keeping systems up and running

In this​ video, Special Agent Macey says the single largest threat to the Internet is​ _____.

denial-of-service attacks

Someone hacking into your facebook account to add terrible photos and messages is taking part in ____________.

cybervandalism

__________ defines acceptable uses of the firm's information resources and computing equipment, including desktop and laptop computers, wireless devices, telephones, and the Internet, and specifies consequences for noncompliance.

An acceptable use policy (AUP)

Which of the following scenarios illustrates denial of service (DOS), a type of security loss?

Computer worms infiltrating a network with so much artificial traffic that legitimate traffic cannot get through.

Which of the following best describes the Gramm-Leach-Bliley Act?

The Gramm-Leach-Bliley Act requires financial institutions to ensure the security and confidentiality of customer data. Data must be stored on a secure medium, and special security measures must be enforced to protect such data on storage media and during transmittal.

__________ requires that controls are put in place to secure the corporate network, prevent unauthorized access to systems and data, and ensure data integrity and availability in the event of a disaster or other disruption of service.

The Sarbanes-Oxley Act

An individual posing as an online gamer accesses information stored in an unsuspecting user's computer by placing a program in his hard disk that appears to be legitimate. The system functions normally with the program performing underlying functions. The malware used by the individual is referred to as a(n) __________.

Trojan horse


Related study sets

Chapter 31: Transcultural and Social Aspects of Nutrition

View Set

AP GOV REVIEW: Interest Groups, Political Parties and Elections

View Set

Wk 5 - Practice: Fiscal and Monetary Policy Homework [due Day 5]

View Set

Quantitative Methods: CH6 & CH7 Quizzes

View Set

CK-12 Biology Interactive Edition Chapter 3

View Set