Info Systems Quiz 2

Question 1

Security

Answer 1

degree of protection against criminal activity, danger, damage, or loss

Question 2

Information Security

Answer 2

all of the processes and policies designed to protect an organization’s information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction

Question 3

Threat

Answer 3

any danger to which a system may be exposed

Question 4

Exposure

Answer 4

harm, loss, or damage that can result if a threat compromises that resource

Question 5

Vulnerability

Answer 5

possibility that a threat will harm that resource

Question 6

Five key factors contributing to increasing vulnerability of organizational information resources

Answer 6

1. today’s interconnected, interdependent, wirelessly networked business environment
2. smaller, faster, cheaper computers and storage devices
3. decreasing skills necessary to be a computer hacker
4. International organized crime taking over cybercrime
5. lack of management support

Question 7

trusted vs untrusted network

Answer 7

trusted: any network within your organization
untrusted: any network external to your organization

Question 8

Cybercrime

Answer 8

illegal activites conducted over computer networks, particularly the internet

Question 9

Two categories of threats to information systems

Answer 9

unintentional threats and deliberate threats

Question 10

Unintentional threats

Answer 10

acts performed without malicious intent that nevertheless represent a serious threat to information security

Question 11

Human error

Answer 11

unintentional threat, higher level of employee=greater threat to security since more access to data
ex. carelessness with computing devices, opening questionable emails, careless internet surfing, poor passwords

Question 12

Social engineering

Answer 12

Attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information, such as passwords

Question 13

Social engineering techniques

Answer 13

tailgating: designed to allow the perpetrator to enter restricted areas that are controlled with locks or card entry
shoulder surfing: perpetrator watches an employee’s computer screen over the employee’s shoulder

Question 14

Deliberate threats to Information systems (ten)

Answer 14

1. espionage or trespass
2. information extortion
3. sabotage or vandalism
4. theft of equipment or information
5. identity theft
6. compromises to intellectual property
7. software attacks
8. alien software
9. supervisory control and data acquisition (SCADA) attacks
10. cyberterrorism and cyber warfare

Question 15

Espionage or trespass

Answer 15

unauthorized individual attempts to gain illegal access to organizational information

Question 16

Information extortion

Answer 16

occurs when an attacker wither threatens to steal or actually steals information from a company

Question 17

Sabotage or vandalism

Answer 17

deliberate acts that involve defacing an organization’s website, potentially damaging the organization’s image and causing its customer to lose faith

Question 18

Threat of equipment or information

Answer 18

computing devices and storage devices are becoming smaller yet more powerful with vastly increased storage

Question 19

Dumpster diving

Answer 19

involves rummaging through commercial or residential trash to find discarded information

Question 20

Identity theft

Answer 20

deliberate assumption of another person’s identity, usually to gain access to his or her financial information or to frame him or her for a crime
techniques: stealing mail or dumpster diving, stealing personal information from computer databases

Question 21

Intellectual property

Answer 21

property created by individuals or corporations that is protected under trade secret, patent, and copyright laws

Question 22

Trade work

Answer 22

intellectual work, such as a business plan, that is a company secret and is not based on public information

Question 23

patent

Answer 23

official document that grants the holder exclusive rights on an invention or a process for a specific period of time

Question 24

Copyright

Answer 24

statutory grant that provides the creators or owners of intellectual property

Question 25

Piracy

Answer 25

copying a software program without making payment to the owner-including giving a disc to a friend to install on his or her computer

Question 26

Malware

Answer 26

when attackers used malicious software, to infect as many computers worldwide as possible, to the profit-driven web-based attacks of today

Question 27

Three types of software attacks

Answer 27

remote attacks requiring user action, remote attacks requiring no user action, and software attacks initiated by programmers during the development of a system

Question 28

Ransomware

Answer 28

digital extortion, blocks access to a computer system or encrypts an organization's data until the organization pays a sum of money

Question 29

Spear phishing

Answer 29

employees receive hundreds of emails everyday many of their roles require them to download and open attachments

Question 30

Alien software

Answer 30

Clandestine software that is installed on your computer through duplicitous methods

Question 31

Adware

Answer 31

software that causes pop-up advertisements to appear on your screen

Question 32

Spyware

Answer 32

software that collects personal information about users without their consent; keystroke loggers and screen scrapers

Question 33

Spamware

Answer 33

pestware that uses your computer as a launch pad for spammers

Question 34

Spam

Answer 34

unsolicited e-mail, usually advertising for products and services

Question 35

Cookies

Answer 35

small amounts of information that websites store on your computer, temporarily or more or less permanently

Question 36

SCADA

Answer 36

Supervisory control and data acquisition; large-scale distributed measurement and control system

Question 37

Cyberterrorism and cyber warfare

Answer 37

refer to malicious acts in which attackers use a target's computer systems, particularly through the internet, to cause physical, real-world harm or severe disruption, often to carry out a political agenda

Question 38

Controls

Answer 38

defense mechanisms designed to protect all of the components of an information system, including data, software, hardware, and networks

Question 39

Three major information security controls

Answer 39

physical controls, access controls, and communications controls

Question 40

Physical controls

Answer 40

prevent unauthorized individuals from gaining access to a company's facilities ex. walls, doors, fencing, gates, locks

Question 41

access controls

Answer 41

restrict unauthorized individuals from information resources

Question 42

two functions of access controls

Answer 42

authentication: confirms the identity of the person requiring access authorization: determines which actions, rights, or has, based on his or her verified identity

Question 43

Biometrics

Answer 43

an authentication method that examines a person's innate physical characteristics

Question 44

Active and passive biometric authentication

Answer 44

active: require the user to physically participate in the verification process by taking an action like speaking, placing a finger or eye in proximity passive: capable of identifying a person without their active participation ex. voice recognition and behavioral identification

Question 45

Communication controls

Answer 45

secure movement of data across networks

Question 46

firewall

Answer 46

system that prevents a specific type of information from moving between untrusted networks, such as the internet, and the private networks, such as your company's network, demilitarized zone: two firewalls

Question 47

Anti-malware systems

Answer 47

antivirus are software packages that attempt to identify and eliminate viruses and worms and other malicious software

Question 48

Whitelisting

Answer 48

process in which a company identifies the software that it will allow to run on its computers

Question 49

blacklisting

Answer 49

allows everything to run unless it is on the blacklist, includes certain types of software that are not allowed to run in the company environment

Question 50

Virtual private network

Answer 50

private network that uses a public network to connect users tunneling: encrypts each data packet to be sent and places each encrypted packet inside another packet

Question 51

Transport layer security

Answer 51

encryption standard used for secure transactions such as credit card purchases and online banking

Question 52

Public-key encryption

Answer 52

public key: publicly available in a directory that all parties can access private key: kept secret, never shared with anyone, and never sent across the internet

Question 53

Certificate authority

Answer 53

acts as a trusted intermediary between the companies

Question 54

Digital certificate

Answer 54

electronic document attached to a file that certifies that the file is from the organization it claims to be from and has not been modified from its original format

Question 55

Virtual private network (VPN)

Answer 55

private network that uses a public network to connect users

Question 56

Tunneling

Answer 56

encrypts each data packet to be sent and places each encrypted packet inside another packet

Question 57

Transport layer security

Answer 57

aka secure socket layer ; encryption standard used for secure transactions such was credit card purchases and online banking

Question 58

Employee monitoring system

Answer 58

scrutinize their employees' computers, email activities, and internet surfing activities

Question 59

Business continuity

Answer 59

chain of events linking planning protection and to recovery

Question 60

Bandwidth

Answer 60

transmission capacity of a network, stated in bits per second

Question 61

Computer network

Answer 61

system that connects computers and other services through communications media so that data and information can be transmitted among them

Question 62

Broadband

Answer 62

transmission capacity of communications medium faster than 25 megabits per second for download

Question 63

Local area network

Answer 63

connects two or more devices in a limited geographical region, usually within the dame building, so that every device on the network can communicate with every other device

Question 64

file/network server

Answer 64

contains various software and data for the network

Question 65

Wide area network

Answer 65

WAN, network that covers a large geographical area ex. at and t

Question 66

Routers

Answer 66

communications processor that routes messages from a LAN to the internet

Question 67

Enterprise network

Answer 67

displays a model of enterprise computing

Question 68

Backbone networks

Answer 68

high-speed central networks to which multiple smaller networks connect

Question 69

Communication channel

Answer 69

consists of two types of media: cable and broadcast

Question 70

wireline media

Answer 70

uses physical wires or cables to transmit data and information the alternative is broadcast media

Question 71

Twisted pair wire

Answer 71

used for almost all business telephone wiring, relatively inexpensive, slow for transmitting data, can be easily tapped

Question 72

Coaxial Cable

Answer 72

consist of insulated copper wire, less susceptible to electrical interference and carries more data, more expensive and harder to work with

Question 73

Fiber-optic cable

Answer 73

consists of thousands of very thin filaments of glass fibers that transmit information through pulses of light generated by lasers, can transmit far more data,

Question 74

Protocol

Answer 74

enable computing devices to communicate with one another

Question 75

ethernet

Answer 75

network provides data transmission speeds of 100 gigabits

Question 76

Transmission Control Protocol/internet protocol

Answer 76

IP, protocol of the internet, responsible for disassembling, delivering, and reassembling the data during transmission

Question 77

Hypertext transfer protocol

Answer 77

defines how message are formulated and how they are interpreted by their receivers

Question 78

Distributed processing

Answer 78

divides processing work among two or more computers, enables computers in different locations to communicate with one another through telecommunications links

Question 79

Client/server computing

Answer 79

links two or more computers in an arrangement in some machines, called servers, provide computing services for user pc's

Question 80

Intranet

Answer 80

network that uses internet protocols so that users can take advantage of familiar applications and work habits

Question 81

Extranet

Answer 81

connects parts of the intranets of different organizations, enables business partners to communicate securely over the internet using VPNs

Question 82

IP address

Answer 82

distinguishes computer from all other ones, consists of sets of numbers, in four parts, separated by dots

Question 83

World Wide Web

Answer 83

system of universally accepted standards for storing, retrieving, formatting, and displaying information through a client/server architecture

Question 84

Seven domains

Answer 84

user domain -> workstation domain -> LAN domain-> LAN-to-WAN domain-> WAN domain-> system/application domain-> remote access domain

Question 85

Packet switching

Answer 85

emails, never get sent in one "package", easier to transmit data in parts rather than one place

Question 86

Internet connection methods

Answer 86

Dial-up: still used in US where broadband is not available DSL: broadband access through telephone companies Cable modern: access over your cable TV coaxial cable. can have degraded performance if many of your neighbors are accessing the internet at once Satellite: access where cable and DSL are not available Wireless: very convenient, and WiMAX will increase the use of broadband wireless Fiber-to-the-home (FTTH): expensive and usually placed only in new housing developments