Business 4: Types of Info Systems and Tech Risks Flashcards

1
Q

What are the four main risks w/r/t systems?

A

1) Strategic risk
2) Operating risk
3) Financial risk
4) Information risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the four main risks w/r/t systems?

A

1) Strategic risk
2) Operating risk
3) Financial risk
4) Information risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does strategic risk include w/r/t systems?

A

Risk of choosing inappropriate technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does operating risk include w/r/t systems?

A

risk of doing the right things in the wrong way

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does financial risk include w/r/t systems?

A

risk of having financial resources lost, wasted, or stolen

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does information risk include w/r/t systems?

A

risk of loss of data integrity, incomplete transactions, or hackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does information risk include w/r/t systems?

A

risk of loss of data integrity, incomplete transactions, or hackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Can a virus run independently?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a virus?

A

Piece of a computer program that inserts itself into some other program to propagate and cause harm to files and programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Can a worm run independently?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What do you call a program that can run independently and normally propagates itself over a network?

A

Worm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Can a worm attach itself to other programs?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Can a worm attach itself to other programs?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Does a Trojan horse normally replicate itself?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a Trojan horse?

A

Program that appears to have a useful f(x) but contains a hidden and unintended f(x) that presents a security risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a Trojan horse?

A

Program that appears to have a useful f(x) but contains a hidden and unintended f(x) that presents a security risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What do you call it when one computer or group of computers bombard another computer with a flood of network traffic?

A

Denial-of-Service Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What do you call it when one computer or group of computers (zombies) bombard another computer with a flood of network traffic?

A

Denial-of-Service Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What do you call it when one computer or group of computers (zombies) bombard another computer with a flood of network traffic?

A

Denial-of-Service Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is phishing?

A
  • Sending of phony emails to try to lure people to phony websites
  • Where they are asked for info that will allow the phisher to impersonate the user
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is phishing?

A
  • Sending of phony emails to try to lure people to phony websites
  • Where they are asked for info that will allow the phisher to impersonate the user
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Define risk

A

Possibility of harm or loss

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Define threat.

A

Any eventually that represents a danger to an asset or a capability linked to hostile intent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is the term for a characteristic of a design, implementation, or operation that renders the system susceptible to a threat?

A

Vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Safeguards and controls are put in place to minimize what?
Minimize vulnerabilities
26
Safeguards and controls are put in place to minimize what?
Minimize vulnerabilities
27
Before risks can be managed, what must be done?
They must be assessed
28
Before risks can be managed, what must be done first?
They must be assessed
29
Before risks can be managed, what must be done first?
They must be assessed
30
Access controls come in what two basic types?
1) Physical access | 2) Electronic access
31
Access controls come in what two basic types?
1) Physical access | 2) Electronic access
32
Is data integrity risk a type of reporting risk that an accountant must recognize as a threat to the accuracy of reports?
NO
33
Is strategic risk a type of reporting risk that an accountant must recognize as a threat to the accuracy of reports?
YES (includes risks such as choosing inappropriate technology)
34
Is financial risk a type of reporting risk that an accountant must recognize as a threat to the accuracy of reports?
YES (includes risks such as having financial resources lost, wasted, or stolen)
35
Is information risk a type of reporting risk that an accountant must recognize as a threat to the accuracy of reports?
YES (includes risks such as loss of data integrity, incomplete transactions, or hackers)
36
Is information risk a type of reporting risk that an accountant must recognize as a threat to the accuracy of reports?
YES (includes risks such as loss of data integrity, incomplete transactions, or hackers)
37
What do you call the system of user identification and authentication that prevents unauthorized users from gaining access to network resources?
Firewall
38
What is used to identify a user?
Login ID
39
What is use to authenticate a user?
Password
40
What is use to authenticate a user?
Password
41
True or false. A network server is a type of resource protected by a firewall.
True
42
True or false. A network server is a type of resource protected by a firewall.
True
43
What do you call a firewall designed to protect specific application services from attack?
Application firewalls
44
Firewall methodologies can be divided into what three categories?
1) Packet filtering 2) Circuit level gateways 3) Application level gateways
45
What is packet filtering?
Examines packets of data as they pass through the firewall according to rules that have been est. for the source of the data, the destination of the data, and the network ports the data was sent from
46
What is the simplest type of firewall configuration?
Packet filtering
47
What is IP spoofing?
Forging an acceptable address
48
Packet filtering can be circumvented by what?
IP spoofing
49
What allows data into a network only when computers inside the network request the data?
Circuit level gateways
50
What examines data coming into the gateway in a more sophisticated fashion?
Application level gateways
51
What are application level gateways also known as?
Proxies
52
What is a disadvantage of a proxy?
Slower
53
What is a disadvantage of a proxy?
Slower
54
What do network firewalls do?
Protect network as a whole
55
True or false. Firewalls deter but cannot completely prevent intrusion from outsiders.
True
56
Do firewalls prevent or protect against viruses?
NO
57
What do you call a system, often both hardware and software, of user identification and authentication that prevents unauthorized users from gaining access to network resources?
Firewall
58
What do file-level access attributes control?
- Control the privileges a particular user has to a file (e.g. "read only")
59
What do file attributes control?
- Set to restrict writing, reading, and/or directory privileges for a file
60
What are common access controls?
Assignment and maintenance of security levels