MIS 2021: LS 4
What is the abuse of pay-per-click, pay-per-call, and pay-per-conversion revenue models by repeatedly clicking on a link to increase charges or costs for the advertiser? Competitive click-fraud Cyberbullying Click-fraud
Click-fraud
What occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission of unauthorized information? Multiple choice question. Time bombs Public key encryption Content filtering Cryptography
Content filtering
Select three epolicies. Ethical computer use policy Social media policy Password protection policy Acceptable use policy COPA policy
Ethical computer use policy Social media policy Acceptable use policy
A(n) _________ computer use policy contains general principles to guide computer user behavior. nonrepudiation privacy information ethical
ethical
What is an ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged? Information management Information compliance Information governance Information property
Information property
What features full-time monitoring tools that search for patterns in network traffic to identify intruders? Antivirus software Intrusion detection software Cyberterrorism
Intrusion detection software
Organizations address security risks through two lines of defense; the first is _____________ and the second is ____________.
people; technology
What is the process of providing a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space? Resistance Authorization Prevention Authentication
Authorization
_________ (one word) is the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting. Tokens and smart cards Cards Biometrics
Biometrics
What is a method for confirming users' identities? Prevention Authentication Resistance
Authentication
Select three items contained in a typical Internet use policy. Describes user responsibility for citing sources. States the ramifications if the policy is violated. Not performing any nonrepudiation. Not posting commercial messages to groups without prior permission. Describes the Internet services available to users.
Describes user responsibility for citing sources. States the ramifications if the policy is violated. Describes the Internet services available to users.
________ rights management is a technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution. Digital Intellectual Information Pirated
Digital
Select the three reasons why organizations should develop written epolicies. Establish information ethics Establish employee guidelines Establish organizational rules Establish information management Establish employee procedures
Establish employee guidelines Establish organizational rules Establish employee procedures
Which policy contains general principles to guide computer user behavior? Information privacy policy Social media policy Ethical computer use policy Acceptable use policy
Ethical computer use policy
Match each category of computer downtime costs on the left with examples on the right. Financial performance Damaged reputation Revenue
Financial performance: Revenue recognition, cash flow, credit rating, stock price Damaged reputation: Customers, suppliers, banks, business partners Revenue: Lost future revenue, billing losses, investment losses, lost productivity
____________ ethics govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself. Information Intellectual Digital
Information
What governs the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself? Information ethics Digital rights management Copyright Pirated software
Information ethics
What is a method or system of government for information management or control? Information management Information property Information compliance Information governance
Information governance
What examines the organizational resource of information and regulates its definitions, uses, value, and distribution ensuring it has the types of data/information required to function and grow effectively? Information governance Information management Information property Information compliance
Information management
Which epolicy contains general principles regarding information privacy? Ethical computer use policy Acceptable use policy Social media policy Information privacy policy
Information privacy policy
Which of the following is a category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity? Information vishing Identity theft Information secrecy Spear phishing
Information secrecy
___________ are legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident. Customers Suppliers Insiders
Insiders
Which of the following are true of an employee monitoring policy? (Check all that apply.) It does not disclose the parameters on which an employee will be evaluated. It is developed solely on the basis of inputs obtained from managers. It is always the same for every employee. It states the consequences of violating the policy.
It is always the same for every employee. It states the consequences of violating the policy.
___________________ requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification). (Enter one word in each blank.)
Multi-factor authentication
What gathers an organization's computer network traffic patterns to identify unusual or suspicious operations? Public key encryption Certificate authority Network behavior analysis Antivirus software
Network behavior analysis
Which of the following do users agree to in an acceptable use policy (AUP)? (Check all that apply.) Not performing any nonrepudiation Not using the Internet while working in office Not using the service as part of violating any law Not posting official messages to groups without prior permission Not attempting to break the security of any computer network or user
Not performing any nonrepudiation Not using the service as part of violating any law Not attempting to break the security of any computer network or user
Match the focus areas on the right with the type on the left. People Data Attacks
People: Authentication and Authorization Data: Prevention and Resistance Attacks: Detection and Response
What is a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses? Vishing Pharming Phishing Information secrecy
Phishing
__________ is a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses. Pharming Phishing Vishing
Phishing
Which of the following uses their social skills to trick people into revealing access credentials or other valuable information? Hackers and viruses Social security policies Sniffers and spoofing Social engineering
Social engineering
Which policy outlines the corporate guidelines or principles governing employee online communications? Workplace monitoring policy Acceptable use policy Internet use policy Social media policy
Social media policy
Select the number that has the most widespread unintentional information reuse. Personal phone number Social security number Driver's license number Student identification number
Social security number
Select the three categories of authentication and authorization. Something that hides inside other software, usually as an attachment or a downloadable file. Something that is part of the user, such as a fingerprint or voice signature. Something the user knows, such as a user ID and password. Something the user has, such as a smart card or token. Something that opens a way into the network for future attacks.
Something that is part of the user, such as a fingerprint or voice signature. Something the user knows, such as a user ID and password. Something the user has, such as a smart card or token.
_________ are small electronic devices that change user passwords automatically. Cards Passwords Tokens
Tokens
True or false: The HIPAA Security Rule ensures national standards for securing patient data that is stored or transferred electronically. The HIPAA Security Rule requires the placement of both physical and electronic safeguards on sensitive PII health information. True False
True
Select two accurate statements relating to an ethical computer use policy. Users need to be informed of the rules Users need to accept the rules Users need to create the rules Users need to consent to following the rules
Users need to be informed of the rules Users need to consent to following the rules
_________ MIS monitoring tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed. Employee Workplace Adware
Workplace
What tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed? Workplace MIS monitoring Physical security Employee security
Workplace MIS monitoring
Which of the following are the three areas of information security? authentication and authorization access and detection detection and response prevention and resistance prevention and access
authentication and authorization detection and response prevention and resistance
Information ___________ examines the organizational resource of information and regulates its definitions, uses, value, and distribution ensuring it has the types of data/information required to function and grow effectively. governance property management compliance
management
A social ________ policy outlining the corporate guidelines or principles governing employee online communications. media network monitoring
media
Which authentication requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification)? multifactor authentication two-factor authentication single-factor authentication
multifactor authentication
What occurs when a network intrusion attacker takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications? zombie attack pharming expedition identity theft privilege escalation
privilege escalation
Information _________ is an ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged. governance management compliance property
property
Intellectual ___________ is intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents. ethics patent copyright property
property
Information __________ is the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity. security theft secrecy
secrecy
Information ___________ policies identify the rules required to maintain information security, such as requiring users to log off before leaving for lunch or meetings, never sharing passwords with anyone, and changing passwords every 30 days. defense security social
security
Which authentication is the traditional security process, which requires a username and password? multifactor authentication two-factor authentication single-factor authentication
single-factor authentication