hh

Question 1

“The quality or state of being secure—to be free from danger”

Answer 1

Security

Security

Question 2

Types of security

Answer 2

Physical security
– Personal security
– Operations security
– Communications security
– Network security
– Information security

Physical security
– Personal security
– Operations security
– Communications security
– Network security
– Information security

Question 3

Critical Characteristics of Information

Answer 3

Availability
– Accuracy
– Authenticity
– Confidentiality
– Integrity
– Utility
– Possession

Availability
– Accuracy
– Authenticity
– Confidentiality
– Integrity
– Utility
– Possession

Question 4

Components of an Information System

Answer 4

Software
– Hardware
– Data
– People
– Procedures
– Network

Software
– Hardware
– Data
– People
– Procedures
– Network

Question 5

SDLC

Answer 5

Systems Development Life Cycle

Systems Development Life Cycle

Question 6

methodology for design and implementation of information system within an organization

Answer 6

Systems Development Life Cycle (SDLC):

Methodology

Question 7

SLDC 6 general phrases

Answer 7

Investigation
Analysis
Logical design
Physical design
Implementation
Maintenance and change

Investigation
Analysis
Logical design
Physical design
Implementation
Maintenance and change

Question 8

Preliminary cost-benefit analysis is developed

Answer 8

Investigation

determine what new system is expected to do and how it will interact with existing systems

Question 9

determine what new system is expected to do and how it will interact with existing systems

Answer 9

Analysis

Data support and structures capable of providing the needed inputs are identified

Creates and develops blueprints for information security

Question 10

Data support and structures capable of providing the needed inputs are identified

Answer 10

Logical Design

Technologies to support the alternatives identified and evaluated in the logical design are selected

Components evaluated on make-or-buy decision

Question 11

Technologies to support the alternatives identified and evaluated in the logical design are selected

Answer 11

Physical Design

Needed software created

Components ordered, received, and tested

Users trained and documentation created

Question 12

Needed software created

Answer 12

Implementation

Longest and most expensive phase

Consists of tasks necessary to support and modify system for remainder of its useful life

Question 13

Longest and most expensive phase

Answer 13

Maintenance and Change

Maintenance and Change

Question 14

Information Security Project Team

Answer 14

• A number of individuals who are experienced in one or more facets of required technical and nontechnical areas:
  – Champion
  – Team leader
  – Security policy developers
  – Risk assessment specialists
  – Security professionals
  – Systems administrators
  – End user

responsible for the security and use of a particular set of information

Question 15

responsible for the security and use of a particular set of information

Answer 15

Data owner

ownership of ideas and control over the tangible or virtual representation of those ideas

Question 16

responsible for storage, maintenance, and protection of information

Answer 16

Data custodian

responsible for storage, maintenance, and protection of information

Question 17

end users who work with information to perform their daily jobs supporting the mission of the organization

Answer 17

Data users

end users who work with information to perform their daily jobs supporting the mission of the organization

Question 18

an object, person, or other entity that represents a constant danger to an asset

Answer 18

Threat

an object, person, or other entity that represents a constant danger to an asset

Question 19

control over tangible/virtual ownership of ideas

Answer 19

Intellectual property (IP):

Intellectual property (IP):

Question 20

Malware attacks

Answer 20

Viruses
– Worms
– Trojan horses
– Logic bombs
– Back door or trap door
– Polymorphic threats
– Virus and worm hoaxes

Develops software scripts and program exploits

Usually a master of many skills

Will often create attack software and share with others

Question 21

Develops software scripts and program exploits

Answer 21

Expert hacker

Many more unskilled hackers than expert hackers

Use expertly written software to exploit a system

Do not usually fully understand the systems they hack

Question 22

Many more unskilled hackers than expert hackers

Answer 22

TRUE

Unskilled hacker

Question 23

“cracks” or removes software protection designed to prevent unauthorized duplication

Answer 23

Cracker

Question 24

hacks the public telephone network

Answer 24

Phreaker

Question 25

much more sinister form of hacking

Answer 25

Cyberterrorism ## Footnote much more sinister form of hacking

Question 26

Illegal taking of another’s physical, electronic, or intellectual property

Answer 26

Theft ## Footnote Illegal taking of another’s physical, electronic, or intellectual property

Question 27

Acts or actions that exploits vulnerability (i.e., an identified weakness) in controlled system

Answer 27

Attacks ## Footnote

Question 28

includes execution of viruses, worms, Trojan horses, and active Web scripts with intent to destroy or steal information

Answer 28

Malicious code ## Footnote includes execution of viruses, worms, Trojan horses, and active Web scripts with intent to destroy or steal information

Question 29

transmission of a virus hoax with a real virus attached; more devious form of attack

Answer 29

Hoaxes ## Footnote transmission of a virus hoax with a real virus attached; more devious form of attack

Question 30

Types of attacks

Answer 30

Types of attacks ## Footnote Back door Password crack Brute force: Dictionary: Denial-of-service (DoS): Distributed denial-of-service (DDoS) Spoofing: Man-in-the-middle: Spam Mail bombing: Sniffers Phishing: Pharming: Social engineering:

Question 31

Back door

Answer 31

Back door ## Footnote gaining access to system or network using known or previously unknown/newly discovered access mechanism

Question 32

attempting to reverse calculate a password

Answer 32

Password crack ## Footnote attempting to reverse calculate a password

Question 33

trying every possible combination of options of a password

Answer 33

Brute force ## Footnote trying every possible combination of options of a password

Question 34

selects specific accounts to attack and uses commonly used passwords (i.e., the dictionary) to guide guesses

Answer 34

Dictionary ## Footnote selects specific accounts to attack and uses commonly used passwords (i.e., the dictionary) to guide guesses

Question 35

attacker sends large number of connection or information requests to a target Target system cannot handle successfully along with other, legitimate service requests May result in system crash or inability to perform ordinary functions

Answer 35

Denial-of-service (DoS): ## Footnote attacker sends large number of connection or information requests to a target Target system cannot handle successfully along with other, legitimate service requests May result in system crash or inability to perform ordinary functions

Question 36

attacker sends large number of connection or information requests to a target

Answer 36

Distributed denial-of-service (DDoS) ## Footnote coordinated stream of requests is launched against target from many locations simultaneously

Question 37

technique used to gain unauthorized access; intruder assumes a trusted IP address

Answer 37

Spoofing ## Footnote technique used to gain unauthorized access; intruder assumes a trusted IP address

Question 38

attacker monitors network packets, modifies them, and inserts them back into network

Answer 38

Man-in-the-middle ## Footnote attacker monitors network packets, modifies them, and inserts them back into network

Question 39

unsolicited commercial e-mail; more a nuisance than an attack, though is emerging as a vector for some attacks

Answer 39

Spam ## Footnote unsolicited commercial e-mail; more a nuisance than an attack, though is emerging as a vector for some attacks

Question 40

also a DoS; attacker routes large quantities of e-mail to target

Answer 40

Mail bombing ## Footnote also a DoS; attacker routes large quantities of e-mail to target

Question 41

program or device that monitors data traveling over network; can be used both for legitimate purposes and for stealing information from a network

Answer 41

Sniffers ## Footnote program or device that monitors data traveling over network; can be used both for legitimate purposes and for stealing information from a network

Question 42

an attempt to gain personal/financial

Answer 42

Phishing ## Footnote

Question 43

Spam

Answer 43

unsolicited commercial e-mail; more a nuisance than an attack, though is emerging as a vector for some attacks ## Footnote Example: Man-in-the-middle attacks can intercept sensitive information.

Question 44

Mail Bombing

Answer 44

also a DoS; attacker routes large quantities of e-mail to target ## Footnote Example: Spam emails can overload a recipient's inbox.

Question 45

Sniffers

Answer 45

program or device that monitors data traveling over network; can be used both for legitimate purposes and for stealing information from a network ## Footnote Example: Mail bombing can be used for network security monitoring.

Question 46

Phishing

Answer 46

an attempt to gain personal/financial information from individual, usually by posing as legitimate entity ## Footnote Example: Sniffers can be used to steal login credentials.

Question 47

Pharming

Answer 47

redirection of legitimate Web traffic (e.g., browser requests) to illegitimate site for the purpose of obtaining private information ## Footnote Example: Phishing emails often lead to fake login pages.

Question 48

Social Engineering

Answer 48

using social skills to convince people to reveal access credentials or other valuable information to attacker ## Footnote Example: Pharming can involve impersonating a trusted individual.

Question 49

Laws

Answer 49

rules that mandate or prohibit certain societal behavior ## Footnote Example: Social engineering tactics can manipulate human behavior.

Question 50

Ethics

Answer 50

define socially acceptable behavior ## Footnote Example: Laws are enforced by legal authorities.

Question 51

Cultural Mores

Answer 51

fixed moral attitudes or customs of a particular group; ethics based on these ## Footnote Example: Ethics guide decision-making in professional settings.

Question 52

legal obligation of an entity extending beyond criminal or contract law; includes legal obligation to make restitution ## Footnote Example: Liability can result in financial compensation.

Answer 52

Liability

Question 53

to compensate for wrongs committed by an organization or its employees ## Footnote Example: Liability insurance protects against legal claims.

Answer 53

Restitution

Question 54

insuring that employees know what constitutes acceptable behavior and know the consequences of illegal or unethical actions ## Footnote Example: Restitution can involve disciplinary actions.

Answer 54

Due Care insuring that employees know what constitutes acceptable behavior and know the consequences of illegal or unethical actions ## Footnote Example: Restitution can involve disciplinary actions.

Question 55

making a valid effort to protect others; continually maintaining level of effort ## Footnote Example: Due care involves proactive risk management.

Answer 55

Due Diligence

Question 56

court's right to hear a case if the wrong was committed in its territory or involved its citizenry ## Footnote Example: Due diligence is essential in legal proceedings.

Answer 56

Jurisdiction

Question 57

right of any court to impose its authority over an individual or organization if it can establish jurisdiction ## Footnote Example: Jurisdiction determines which court has legal authority.

Answer 57

Long-arm Jurisdiction

Question 58

body of expectations that describe acceptable and unacceptable employee behaviors in the workplace ## Footnote Example: Policies set guidelines for employee conduct.

Answer 58

Policy

Question 59

- Dissemination (distribution) - Review (reading) - Comprehension (understanding) - Compliance (agreement) - Uniform enforcement ## Footnote Example: Policy dissemination ensures all employees are informed.

Answer 59

Criteria for policy enforcement

Question 60

Types of Law

Answer 60

Civil - Criminal - Private - Public ## Footnote Example: Different types of law govern various aspects of society.

Question 61

governs nation or state; manages relationships/conflicts between organizational entities and people ## Footnote Example: Civil law covers disputes between individuals.

Answer 61

Civil

Question 62

addresses violations harmful to society; actively enforced by the state ## Footnote Example: Criminal law punishes illegal actions.

Answer 62

Criminal

Question 63

regulates relationships between individuals and organizations ## Footnote Example: Private law governs contracts between parties.

Answer 63

Private

Question 64

regulates structure/administration of government agencies and relationships with citizens, employees, and other governments ## Footnote Example: Public law governs government operations.

Answer 64

Public

Question 65

One of the hottest topics in information security - Is a “state of being free from unsanctioned intrusion” - Ability to aggregate data from multiple sources allows creation of information databases previously impossible ## Footnote Example: Privacy laws protect personal data.

Answer 65

Privacy

Question 66

occurring when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes ## Footnote Example: Identity theft can lead to financial loss.

Answer 66

Identity Theft