Ch 8 Text

Question 1

What is identity theft?

Answer 1

A crime in which an imposter obtains key pieces of personal information, such as social security numbers, driver’s license numbers, or credit card numbers, to impersonate someone else

Question 2

What is phishing?

Answer 2

Involves setting up fake websites or sending e-mail messages that look like those of legitimate businesses to ask users for confidential personal data

The e-mail instructs recipients to update or confirm records by providing social security, bank and credit card information, and other confidential data either by responding to the e-mail, by entering the information at a bogus website, or calling a telephone number

Question 3

What is an evil twins attack?

Answer 3

Wireless networks that pretend to offer trustworthy Wi-fi connections to the Internet, such as those in airport lounges, hotels, or coffee shops

Looks identical to the public network

Question 4

What is pharming?

Answer 4

Redirects users to a bogus web page, even when the individual types the correct web page address in their browser

Question 5

What is click fraud?

Answer 5

Occurs when an individual or computer program fraudulently clicks an online ad without any intention of learning more about the advertiser or making a purchase

Question 6

What is cyberwarfare?

Answer 6

A state-sponsored activity designed to cripple and defeat another state or nation by penetrating its computers or networks to cause damage and disruption

Question 7

What are some mitigating controls?

Answer 7

Authentication
Passwords
Token
Biometric Authentication
Two-Factor Authentication
Firewalls
Intrusion Detection System
Antivirus Software

Question 8

What is authentication?

Answer 8

Refers to the ability to know that a person is who he or she claims to be

Question 9

What are passwords?

Answer 9

Known only to authorized users, used to log on to a computer and system

Question 10

What is a token?

Answer 10

A physical device, similar to an identification card, that is designed to prove the identity of a single user

Question 11

What is biometric authentication?

Answer 11

Uses systems that read and interpret individual human traits, such as fingerprints, irises, and voices to grant or deny access

Question 12

What is two-factor authentication?

Answer 12

Increases security by validating users through a multi-step process

Question 13

What is a firewall?

Answer 13

Prevent unauthorized users from accessing private networks; a combination of hardware and software that controls the flow of incoming and outgoing network traffic

Question 14

What is an intrusion detection system?

Answer 14

Full-time monitoring tools placed at the most vulnerable points or hotspots of corporate networks to detect and deter intruders continually

Question 15

What is antivirus software?

Answer 15

Prevents, detects, and removes malware, including computer viruses, computer worms, Trojan horses, spyware, and adware

Question 16

What are policies, procedures, and standards that can be put in place?

Answer 16

General Controls
Application Controls
Security Policy
Acceptable User Policy
Identity Management
Disaster Recovery Planning
Information Systems Audit

Question 17

What are general controls?

Answer 17

Govern the design, security, and use of computer programs and the security of data files in general throughout the organization’s information technology infrastructure

Ex. Software controls, hardware controls, computer operations control, data security controls, implementation controls, and administrative controls

Question 18

What are application controls?

Answer 18

Specific controls unique to each computerized application

Question 19

What is security policy?

Answer 19

Consists of statements ranking information risks, identifying acceptable security goals, and identifying the mechanisms for achieving these goals

Question 20

What is acceptable user policy?

Answer 20

Defines acceptable use of the firm’s information resources and computing equipment, including desktop and laptop computers, wireless devices, telephones, and the Internet

Question 21

What is identity management?

Answer 21

Business processes and software tools for identifying the valid users of a system and controlling their access to system resources

Question 22

What is disaster recovery planning?

Answer 22

Devises plan for the restoration of disrupted computing and communications services

Question 23

What is an information systems audit?

Answer 23

Examines the firm’s overall security environment as well as controls governing individual information systems

Question 24

What is the risk assessment process?

Answer 24

Determines the level of risk to the firm is a specific activity or process is not properly controlled

Question 25

What are the characteristics of a secure company?