Deck 4: Information Security and Controls

A)Smaller computing devices
B)Downstream liability
C)The Internet
D)Limited storage capacity on portable devices
E)Due diligence

A)vulnerability
B)risk
C)control
D)danger
E)compromise

A)Microsoft; intended
B)Microsoft; unintended
C)OpenSSL; intended
D)OpenSSL; unintended

A)vulnerability
B)risk
C)control
D)threat
E)compromise

A)Stolen information
B)Stolen identities
C)Financial loss
D)Loss of service
E)All of the above are consequences of poor information security practices.

A)Malicious software
B)Tailgating
C)Power outage
D)Lack of user experience
E)Tornados

A)Human resources, finance
B)Human resources, information systems
C)Finance, marketing
D)Operations management, management information systems
E)Finance, management information systems

A)consultants and temporary hires.
B)secretaries and consultants.
C)contract labourers and executive assistants.
D)janitors and guards.
E)executives and executive secretaries.

A)Robbery - white-collar crime - cybercrime
B)White-collar crime - extortion - robbery
C)Cybercrime - white-collar crime - robbery
D)Cybercrime - robbery - white-collar crime
E)White-collar crime - burglary - robbery

A)More information systems and computer science departments are teaching courses on hacking so that their graduates can recognize attacks on information assets.
B)Computer attack programs, called scripts, are available for download from the Internet.
C)International organized crime is training hackers.
D)Cybercrime is much more lucrative than regular white-collar crime.
E)Almost anyone can buy or access a computer today.

A)Viruses
B)Worms
C)Trojan horses
D)Back doors
E)Logic bombs

A)Copyrighted material
B)Patented material
C)A trade secret
D)A knowledge base
E)Public property

A)copyright
B)patent
C)trade secret
D)knowledge base
E)private property

A)copyright
B)patent
C)trade secret
D)knowledge base
E)private property notice

A)Virus
B)Denial-of-service
C)Distributed denial-of-service
D)Phishing
E)Brute force dictionary

A)alien software
B)virus
C)worm
D)back door
E)logic bomb

A)Loss of intellectual property
B)Loss of data
C)Backup costs
D)Loss of productivity
E)Replacement cost

A)risk management
B)risk analysis
C)risk mitigation
D)risk acceptance
E)risk transference

A)Viruses
B)Worms
C)Trojan horses
D)Back doors
E)Logic bombs

A)Tailgating
B)Hacking
C)Spoofing
D)Social engineering
E)Spamming

A)Credit card companies usually block stolen credit cards rather than prosecute.
B)People tend to shortcut security procedures because the procedures are inconvenient.
C)It is easy to assess the value of a hypothetical attack.
D)The online commerce industry isn't willing to install safeguards on credit card transactions.
E)The cost of preventing computer crimes can be very high.

A)Viruses
B)Worms
C)Trojan horses
D)Back doors
E)Logic bombs

A)Risk management
B)Risk analysis
C)Risk mitigation
D)Risk acceptance
E)Risk transference

A)Spyware
B)Spamware
C)Adware
D)Viruses
E)Worms

A)Continue operating with no controls and absorb any damages that occur.
B)Transfer the risk by purchasing insurance.
C)Implement controls that minimize the impact of the threat.
D)Install controls that block the risk.
E)All of the above are strategies for mitigating risk.

A)phishing
B)virus
C)worm
D)back door
E)distributed denial-of-service

A)infiltrating an organization that stores large amounts of personal information.
B)phishing.
C)hacking into a corporate database.
D)stealing mail.
E)All of the above are strategies to obtain information to assume another person's identity.

A)Virus
B)Worm
C)Phishing
D)Denial-of-service attack
E)Spear phishing

A)keyloggers; screen scrapers
B)screen scrapers; uninstallers
C)keyloggers; spam
D)screen scrapers; keyloggers
E)spam; keyloggers

A)always illegal because it is considered trespassing.
B)never illegal because it is not considered trespassing.
C)typically committed for the purpose of identity theft.
D)always illegal because individuals own the material in the dumpster.
E)always legal because the dumpster is not owned by private citizens.

A)something the user is.
B)something the user wants.
C)something the user has.
D)something the user knows.
E)something the user does.

A)The message could be an industrial espionage attack.
B)The message could be a phishing attack.
C)The message could be a denial-of-service attack.
D)The message could be a back-door attack.
E)The message could be a Trojan horse attack.

A)They are difficult to guess.
B)They contain special characters.
C)They are not a recognizable word.
D)They are not a recognizable string of numbers
E)They tend to be short so they are easy to remember.

A)the Heartbleed bug
B)FireEye
C)Shodan
D)SpyEye

A)biometrics, signature recognition
B)authentication, authorization
C)iris scanning, voice recognition
D)strong passwords, biometrics
E)authorization, authentication

A)public, public
B)public, private
C)private, private
D)private, public
E)None of these

A)Firewalls prevent unauthorized Internet users from accessing private networks.
B)Firewalls examine every message that enters or leaves an organization's network.
C)Firewalls filter network traffic according to categories of activities that are likely to cause problems.
D)Firewalls filter messages the same way as anti-malware systems do.
E)Firewalls are sometimes located inside an organization's private network.

A)The site will not have any servers.
B)The site will not have any workstations, so you need to bring your laptop.
C)The site is probably in the next town.
D)The site should be an almost exact replica of the IT configuration at headquarters.
E)The site will not have up-to-date data.

A)whitelisting, blacklisting
B)whitelisting, encryption
C)encryption, whitelisting
D)encryption, blacklisting
E)blacklisting, whitelisting

A)something the user is.
B)something the user wants.
C)something the user has.
D)something the user knows.
E)something the user does.

A)A cold site has no equipment.
B)A warm site has no user workstations.
C)A hot site needs to be located close to the organization's offices.
D)A hot site duplicates all of the organization's resources.
E)A warm site does not include actual applications.

A)IloveIT
B)08141990
C)9AmGt/*
D)Rainer
E)InformationSecurity

A)something the user is.
B)something the user wants.
C)something the user has.
D)something the user knows.
E)something the user does.

A)The name of the company
B)Your last name
C)Your birthdate
D)Your initials (capitalized)and the number of the floor you are on
E)The name of the company spelled backward

A)creating a backdoor
B)SCADA attacks
C)spreading viruses
D)phishing

A)Access
B)Physical
C)Data security
D)Administrative
E)Input

A)risk management
B)risk analysis
C)risk mitigation
D)risk acceptance
E)risk transference

A)Computing resources are typically decentralized.
B)Computer crimes often remain undetected for a long period of time.
C)Rapid technological changes ensure that controls are effective for years.
D)Employees typically do not follow security procedures when the procedures are inconvenient.
E)Computer networks can be located outside the organization.

A)to be a hacker website
B)to be a service that searches the Internet for devices connected to the Internet
C)to be a website that shows which devices are vulnerable to hackers
D)to help users search for other people who use similar devices