Deck 5: Security and Controls

A) policies on putting test applications into production
B) monitoring employee emails for personal messages
C) requiring passwords to access important applications
D) requiring users to change passwords every thirty days
E) documenting backup policies and procedures

A) can result in very severe security risks.
B) has little to do with security since it is internal.
C) should generally be outsourced for security reasons.
D) should always be kept encrypted.
E) requires the same security procedures as purchased software.

A) physical controls
B) logical access controls
C) general access controls
D) security management controls
E) all of the above

A) digital certificates, encryption, and certificate authorities
B) random key generators, and encryption
C) certificate authorities, government key authority, and encryption
D) digital certificates, digital keys, and digital encryption
E) all of the above

A) both the sender and receiver of data have the same key.
B) the sender and receiver of data each have their own key.
C) the sender and receiver of data share a public-private key pair.
D) trading partners agree to outsource their security to a specialist.
E) trading partners directly link their servers with a VPN.

A) a password is required to log onto the network
B) the security manager has written an internet-use policy
C) email is backed up on a storage area network
D) an input mask ensures data is entered appropriately
E) none of the above

A) operations controls
B) physical controls
C) backup hardware locations
D) the number of check digits there should be in the application controls
E) none of the above

A) the responsibility for security issues in the firm.
B) types of controls to be used.
C) computing policies for users to follow.
D) disaster recovery issues.
E) all of the above

A) the inability to safely answer questionnaires.
B) carelessness, errors, or omissions.
C) having email read by unauthorized persons.
D) failure to lock the web browsers.
E) not having a firewall to protect the data .

A) identify who a user is and share their public key.
B) identify who a user is and share their private key.
C) let email recipients know what email program you use.
D) encrypt corporate data before it leaves the firewall.
E) encrypt outside data before it comes in through the firewall.

A) destruction of data.
B) inappropriate access to data.
C) slowing of network traffic.
D) employee downtime.
E) all of the above

A) a security company hired to monitor your website.
B) a hardware device used to monitor traffic between a network and the internet.
C) a software application that determines how often backups should be made and ensures that they are stored offsite.
D) a protective barrier in the wall outside of the network room.
E) a high risk area of a network.

A) the user is permitted to look at specific directories on the server.
B) the password has expired.
C) the server is using VPN technology.
D) the client computer is recognized by the server.
E) all of the above

A) physical controls
B) authentication
C) non-repudiation
D) authorization
E) data management

A) ensure that employees don't shop online while at work.
B) encrypt data sent over the internet.
C) monitor website traffic for ecommerce purposes.
D) make the internal network of a company more secure.
E) none of the above

A) a section of a website requiring a username and password.
B) email being sent through the underground internet.
C) a component of internet security protocol used to securely connect clients and servers.
D) a component of the internet used to connect desktops to wireless applications.
E) none of the above

A) Encryption completely protects your data.
B) Encryption assists in an overall security program.
C) Encryption only works on an intranet.
D) Encryption only works for email.
E) none of the above

A) physical controls
B) non-repudiation
C) developmental controls
D) digital signatures
E) firewall errors

A) they can break through any protective measure.
B) they can be embarrassing to companies.
C) they cause a risk of loss of data.
D) they can infect home computers.
E) firewalls cannot protect against viruses.

A) general and applications controls.
B) security and access controls.
C) firewall and biometric controls.
D) logical and operations controls.
E) management and business process

A) auto tagging
B) digital tagging
C) time stamping
D) authentication
E) auto stamping

A) false-positives
B) false-negatives
C) true-positives
D) true-negatives
E) all of the above

A) hacker attacks and viruses.
B) floods and storms.
C) unintentional errors.
D) power failure.
E) all of the above

A) GOTCHA
B) a digitial signature
C) CAPTCHA
D) a public key
E) encryption

A) Certificate Authorities (CAS).
B) check digits.
C) sniffing.
D) a digital certificate.
E) a disaster recovery plan.

A) operation
B) output
C) storage
D) access
E) processing

A) its users' security awareness
B) procedural guidance and training
C) compliance incentives
D) business process improvement
E) compliance monitoring.

A) signatures.
B) fingerprints.
C) passwords
D) voice recognition.
E) retina scans

A) communications.
B) access
C) authorization
D) performance
E) privacy