Not a school group

A technique used to compromise a system is known as a(n)

Access method Asset Exploit (answer) Risk

An organizational resource that is being protected is sometimes logical, such as a Web site, software information, or data. Sometimes the resource is physical, such as a person, computer system, hardware, or other tangible object. Either way, the resource is known as a(n)

Access method Asset (answer) Exploit Risk

The protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology is known as ___________.

Communications security Network security Physical security Information security (answer)

__________ law comprises a wide variety of laws that govern a nation or state.

Criminal Civil (answer) Public Private

__________ law comprises a wide variety of laws that govern a nation or state.

Criminal Civil(answer) Public Private

Computer assets are the focus of information security and are the information that has value to the organization, as well as the systems that store, process, and transmit the information. ____________

False

Cost mitigation ​is the process of preventing the financial impact of an incident by implementing a control.

False

Knowing yourself means identifying, examining, and understanding the threats facing the organization.

False

The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.

ISO CIO CISO (answer) CTO

A mail bomb is a form of DoS attack.

True

During the early years of computing, the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage.

True

Laws, policies, and their associated penalties only provide deterrence if offenders fear the penalty, expect to be caught, and expect the penalty to be applied if they are caught.

True

The Department of Homeland Security works with academic campuses nationally, focusing on resilience, recruitment, internationalization, growing academic maturity, and academic research.

True

To determine if the risk to an information asset is acceptable or not, you estimate the expected loss the organization will incur if the risk is exploited.

True

__________ was the first operating system to integrate security as one of its core functions.

UNIX DOS MULTICS (answer) ARPANET

The Computer __________ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts.

Violence Fraud (answer) Theft Usage

Criminal or unethical __________ goes to the state of mind of the individual performing the act.

attitude intent (answer) accident All of the above

Acts of ____________________ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter.

bypass theft trespass (answer) security

Ideally, the _____, systems administrators, the chief information security officer (CISO), and key IT and business managers should be actively involved during the creation and development of all CP components

chief information officer (CIO)(answer) chief executive officer (CEO) chief financial officer (CFO) senior auditor

Incident _____ is the process of examining a potential incident, or incident candidate, and determining whether the candidate constitutes an actual incident.

classification (answer) category response strategy

A fundamental difference between a BIA and risk management is that risk management focuses on identifying threats, vulnerabilities, and attacks to determine which controls can protect information, while the BIA assumes _____.

controls have been bypassed controls have proven ineffective controls have failed All of the above (answer)

In a ____________________ attack, the attacker sends a large number of connection or information requests to disrupt a target from a small number of sources.

denial-of-service (answer) distributed denial-of-service virus spam

A business influence analysis (BIA) is an investigation and assessment of adverse events that can affect the organization.

false

A(n) DR plan ensures that critical business functions continue if a catastrophic incident or disaster occurs.

false

According to Sun Tzu, if you know yourself and know your enemy, you have an average chance to be successful in an engagement.

false

Baselining is the comparison of past security activities and events against the organization's current performance.

false

E-mail spoofing involves sending an e-mail message with a harmful attachment.

false

In the context of information security, confidentiality is the right of individuals or groups to protect themselves and their information from unauthorized access.

false

Information security can be an absolute

false

Information security's primary mission is to ensure that systems and their contents retain their confidentiality at any cost.

false

Residual risk is the risk that has not been removed, shifted, or planned for after vulnerabilities have been completely resolved.

false

Risk mitigation is the process of assigning a risk rating or score to each information asset.

false

Root cause analysis is the coherent application of methodical investigatory techniques to present evidence of crimes in a court or similar setting.

false

The Department of Homeland Security was created in 2003 by the 9/11 Memorial Act of 2002.

false

The Department of Homeland Security was created in 2003 by the 9/11 MemorialAct of 2002. _________________________

false

The Security Development Life Cycle (SDLC) is a general methodology for the design and implementation of an information system.

false

The U.S. Secret Service is currently within the Department of the Treasury.

false

The bottom-up approach to information security has a higher probability of success than the top-down approach

false

The continuity planning management team (CPMT) is the group of senior managers and project members organized to conduct and lead all contingency planning efforts.

false

Unethical and illegal behavior is generally caused by ignorance (of policy and/or the law), by accident, and by inadequate protection mechanisms.

false

According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except __________.

for purposes of commercial advantage for private financial gain to harass (answer) in furtherance of a criminal act

____________________ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data that result in violence against noncombatant targets by subnational groups or clandestine agents.

infoterrorism cyberterrorism (answer) hacking cracking

Digital forensics involves the _____, identification, extraction, documentation, and interpretation of digital media.

investigation determination confiscation preservation (answer)

Data backup should be based on a(n) ____ policy that specifies how long log data should be maintained .

replication business resumption incident response retention (answer)

Incident _____ is the set of activities taken to plan for, detect, and correct the impact of an incident on information assets.

response (answer) readiness mitigation recovery

The first phase of risk management is _________.

risk identification (answer) design risk control risk evaluation

"4-1-9" fraud is an example of a ____________________ attack.

social engineering (answer) virus worm spam

Human error or failure often can be prevented with training, ongoing awareness activities, and____________________.

threats education (answer) hugs paperwork

A breach of possession may not always result in a breach of confidentiality

true

A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information

true

Due care and due diligence require that an organization make a valid effort to protect others and continually maintain this level of effort, ensuring these actions are effective.

true

Forces of nature, sometimes called acts of God, can present some of the most dangerous threats because they usually occur with very little warning and are beyond the control of people.

true

Laws, policies, and their associated penalties only provide deterrence if, among other things, potential offenders fear the probability of a penalty being applied.

true

Laws, policies, and their associated penalties only provide deterrence if, among other things, potential offenders fear the probability of a penalty being applied. _________________________

true

Likelihood is the probability that a specific vulnerability within an organization will be the target of an attack

true

Privacy is the right of individuals or groups to protect themselves and their information from unauthorized access, providing confidentiality._________________________

true

Risk control is the application of controls that reduce the risks to an organization's information assets to an acceptable level.

true

In the ____________________ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network.

zombie-in-the-middle sniff-in-the-middle server-in-the-middle man-in-the-middle (answer)