Business 4: Types of Info Systems and Tech Risks Flashcards Preview

BEC > Business 4: Types of Info Systems and Tech Risks > Flashcards

Flashcards in Business 4: Types of Info Systems and Tech Risks Deck (60)
1

What are the four main risks w/r/t systems?

1) Strategic risk
2) Operating risk
3) Financial risk
4) Information risk

2

What are the four main risks w/r/t systems?

1) Strategic risk
2) Operating risk
3) Financial risk
4) Information risk

3

What does strategic risk include w/r/t systems?

Risk of choosing inappropriate technology

4

What does operating risk include w/r/t systems?

risk of doing the right things in the wrong way

5

What does financial risk include w/r/t systems?

risk of having financial resources lost, wasted, or stolen

6

What does information risk include w/r/t systems?

risk of loss of data integrity, incomplete transactions, or hackers

7

What does information risk include w/r/t systems?

risk of loss of data integrity, incomplete transactions, or hackers

8

Can a virus run independently?

No

9

What is a virus?

Piece of a computer program that inserts itself into some other program to propagate and cause harm to files and programs

10

Can a worm run independently?

Yes

11

What do you call a program that can run independently and normally propagates itself over a network?

Worm

12

Can a worm attach itself to other programs?

No

13

Can a worm attach itself to other programs?

No

14

Does a Trojan horse normally replicate itself?

No

15

What is a Trojan horse?

Program that appears to have a useful f(x) but contains a hidden and unintended f(x) that presents a security risk

16

What is a Trojan horse?

Program that appears to have a useful f(x) but contains a hidden and unintended f(x) that presents a security risk

17

What do you call it when one computer or group of computers bombard another computer with a flood of network traffic?

Denial-of-Service Attack

18

What do you call it when one computer or group of computers (zombies) bombard another computer with a flood of network traffic?

Denial-of-Service Attack

19

What do you call it when one computer or group of computers (zombies) bombard another computer with a flood of network traffic?

Denial-of-Service Attack

20

What is phishing?

- Sending of phony emails to try to lure people to phony websites
- Where they are asked for info that will allow the phisher to impersonate the user

21

What is phishing?

- Sending of phony emails to try to lure people to phony websites
- Where they are asked for info that will allow the phisher to impersonate the user

22

Define risk

Possibility of harm or loss

23

Define threat.

Any eventually that represents a danger to an asset or a capability linked to hostile intent

24

What is the term for a characteristic of a design, implementation, or operation that renders the system susceptible to a threat?

Vulnerability

25

Safeguards and controls are put in place to minimize what?

Minimize vulnerabilities

26

Safeguards and controls are put in place to minimize what?

Minimize vulnerabilities

27

Before risks can be managed, what must be done?

They must be assessed

28

Before risks can be managed, what must be done first?

They must be assessed

29

Before risks can be managed, what must be done first?

They must be assessed

30

Access controls come in what two basic types?

1) Physical access
2) Electronic access

31

Access controls come in what two basic types?

1) Physical access
2) Electronic access

32

Is data integrity risk a type of reporting risk that an accountant must recognize as a threat to the accuracy of reports?

NO

33

Is strategic risk a type of reporting risk that an accountant must recognize as a threat to the accuracy of reports?

YES (includes risks such as choosing inappropriate technology)

34

Is financial risk a type of reporting risk that an accountant must recognize as a threat to the accuracy of reports?

YES (includes risks such as having financial resources lost, wasted, or stolen)

35

Is information risk a type of reporting risk that an accountant must recognize as a threat to the accuracy of reports?

YES (includes risks such as loss of data integrity, incomplete transactions, or hackers)

36

Is information risk a type of reporting risk that an accountant must recognize as a threat to the accuracy of reports?

YES (includes risks such as loss of data integrity, incomplete transactions, or hackers)

37

What do you call the system of user identification and authentication that prevents unauthorized users from gaining access to network resources?

Firewall

38

What is used to identify a user?

Login ID

39

What is use to authenticate a user?

Password

40

What is use to authenticate a user?

Password

41

True or false.

A network server is a type of resource protected by a firewall.

True

42

True or false.

A network server is a type of resource protected by a firewall.

True

43

What do you call a firewall designed to protect specific application services from attack?

Application firewalls

44

Firewall methodologies can be divided into what three categories?

1) Packet filtering
2) Circuit level gateways
3) Application level gateways

45

What is packet filtering?

Examines packets of data as they pass through the firewall according to rules that have been est. for the source of the data, the destination of the data, and the network ports the data was sent from

46

What is the simplest type of firewall configuration?

Packet filtering

47

What is IP spoofing?

Forging an acceptable address

48

Packet filtering can be circumvented by what?

IP spoofing

49

What allows data into a network only when computers inside the network request the data?

Circuit level gateways

50

What examines data coming into the gateway in a more sophisticated fashion?

Application level gateways

51

What are application level gateways also known as?

Proxies

52

What is a disadvantage of a proxy?

Slower

53

What is a disadvantage of a proxy?

Slower

54

What do network firewalls do?

Protect network as a whole

55

True or false.

Firewalls deter but cannot completely prevent intrusion from outsiders.

True

56

Do firewalls prevent or protect against viruses?

NO

57

What do you call a system, often both hardware and software, of user identification and authentication that prevents unauthorized users from gaining access to network resources?

Firewall

58

What do file-level access attributes control?

- Control the privileges a particular user has to a file (e.g. "read only")

59

What do file attributes control?

- Set to restrict writing, reading, and/or directory privileges for a file

60

What are common access controls?

Assignment and maintenance of security levels