Business 4: Types of Info Systems and Tech Risks Flashcards
What are the four main risks w/r/t systems?
1) Strategic risk
2) Operating risk
3) Financial risk
4) Information risk
What are the four main risks w/r/t systems?
1) Strategic risk
2) Operating risk
3) Financial risk
4) Information risk
What does strategic risk include w/r/t systems?
Risk of choosing inappropriate technology
What does operating risk include w/r/t systems?
risk of doing the right things in the wrong way
What does financial risk include w/r/t systems?
risk of having financial resources lost, wasted, or stolen
What does information risk include w/r/t systems?
risk of loss of data integrity, incomplete transactions, or hackers
What does information risk include w/r/t systems?
risk of loss of data integrity, incomplete transactions, or hackers
Can a virus run independently?
No
What is a virus?
Piece of a computer program that inserts itself into some other program to propagate and cause harm to files and programs
Can a worm run independently?
Yes
What do you call a program that can run independently and normally propagates itself over a network?
Worm
Can a worm attach itself to other programs?
No
Can a worm attach itself to other programs?
No
Does a Trojan horse normally replicate itself?
No
What is a Trojan horse?
Program that appears to have a useful f(x) but contains a hidden and unintended f(x) that presents a security risk
What is a Trojan horse?
Program that appears to have a useful f(x) but contains a hidden and unintended f(x) that presents a security risk
What do you call it when one computer or group of computers bombard another computer with a flood of network traffic?
Denial-of-Service Attack
What do you call it when one computer or group of computers (zombies) bombard another computer with a flood of network traffic?
Denial-of-Service Attack
What do you call it when one computer or group of computers (zombies) bombard another computer with a flood of network traffic?
Denial-of-Service Attack
What is phishing?
- Sending of phony emails to try to lure people to phony websites
- Where they are asked for info that will allow the phisher to impersonate the user
What is phishing?
- Sending of phony emails to try to lure people to phony websites
- Where they are asked for info that will allow the phisher to impersonate the user
Define risk
Possibility of harm or loss
Define threat.
Any eventually that represents a danger to an asset or a capability linked to hostile intent
What is the term for a characteristic of a design, implementation, or operation that renders the system susceptible to a threat?
Vulnerability
Safeguards and controls are put in place to minimize what?
Minimize vulnerabilities
Safeguards and controls are put in place to minimize what?
Minimize vulnerabilities
Before risks can be managed, what must be done?
They must be assessed
Before risks can be managed, what must be done first?
They must be assessed
Before risks can be managed, what must be done first?
They must be assessed
Access controls come in what two basic types?
1) Physical access
2) Electronic access
Access controls come in what two basic types?
1) Physical access
2) Electronic access
Is data integrity risk a type of reporting risk that an accountant must recognize as a threat to the accuracy of reports?
NO
Is strategic risk a type of reporting risk that an accountant must recognize as a threat to the accuracy of reports?
YES (includes risks such as choosing inappropriate technology)
Is financial risk a type of reporting risk that an accountant must recognize as a threat to the accuracy of reports?
YES (includes risks such as having financial resources lost, wasted, or stolen)
Is information risk a type of reporting risk that an accountant must recognize as a threat to the accuracy of reports?
YES (includes risks such as loss of data integrity, incomplete transactions, or hackers)
Is information risk a type of reporting risk that an accountant must recognize as a threat to the accuracy of reports?
YES (includes risks such as loss of data integrity, incomplete transactions, or hackers)
What do you call the system of user identification and authentication that prevents unauthorized users from gaining access to network resources?
Firewall
What is used to identify a user?
Login ID
What is use to authenticate a user?
Password
What is use to authenticate a user?
Password
True or false.
A network server is a type of resource protected by a firewall.
True
True or false.
A network server is a type of resource protected by a firewall.
True
What do you call a firewall designed to protect specific application services from attack?
Application firewalls
Firewall methodologies can be divided into what three categories?
1) Packet filtering
2) Circuit level gateways
3) Application level gateways
What is packet filtering?
Examines packets of data as they pass through the firewall according to rules that have been est. for the source of the data, the destination of the data, and the network ports the data was sent from
What is the simplest type of firewall configuration?
Packet filtering
What is IP spoofing?
Forging an acceptable address
Packet filtering can be circumvented by what?
IP spoofing
What allows data into a network only when computers inside the network request the data?
Circuit level gateways
What examines data coming into the gateway in a more sophisticated fashion?
Application level gateways
What are application level gateways also known as?
Proxies
What is a disadvantage of a proxy?
Slower
What is a disadvantage of a proxy?
Slower
What do network firewalls do?
Protect network as a whole
True or false.
Firewalls deter but cannot completely prevent intrusion from outsiders.
True
Do firewalls prevent or protect against viruses?
NO
What do you call a system, often both hardware and software, of user identification and authentication that prevents unauthorized users from gaining access to network resources?
Firewall
What do file-level access attributes control?
- Control the privileges a particular user has to a file (e.g. “read only”)
What do file attributes control?
- Set to restrict writing, reading, and/or directory privileges for a file
What are common access controls?
Assignment and maintenance of security levels