Chapter 4

Question 1

What factors contribute to increasing vulnerability of organizational information resources?

Answer 1

1. Interconnected wireless networks
2. Cheaper, faster storage devices
3. Skills necessary to be a hacker decreasing in skills
4. International organized crime taking over cybercrime (cybercrime becoming international organized crime???)
5. lack of management support

Question 2

threat

Answer 2

any danger to which a system may be exposed

Question 3

security

Answer 3

the degree of protection against criminal activity and danger/ loss.

Question 4

information security

Answer 4

all of the processes and policies designed to protect an organizations information and information systems from unauthorized access.

Question 5

exposure

Answer 5

damage that can result if a threat compromises that resource.

Question 6

vulnerability

Answer 6

the possibility that the system will be harmed by a threat

Question 7

What are some of the unintentional threats to information systems?

Answer 7

1) Human error,

2) social engineering (pretending to be someone else to obtain a password).

Question 8

social engineering

Answer 8

attach in which the perpetrator uses social skills to trick or manipulate a legitimate employee into providing confidential company info (such as passwords).

Question 9

Espionage/trespass

Answer 9

unauthorized individual attempts to gain illegal access to organizational information.

Question 10

Information extortion

Answer 10

threatening to steal or actually stealing information from a company, the perpetrator usually demands payment to either not steal the info, to return the info, or to not disclose the information.

Question 11

Sabotage/vandalism

Answer 11

defacing an organizations website and ruining their reputation.

Question 12

theft of equipment or information

Answer 12

stealing mobile devices, laptops, tablets, etc.

Question 13

identity theft

Answer 13

assumption of another persons identity usually to gain access to the financial info.

Question 14

compromises to intellectual property

Answer 14

infringing on the rights of an individual or organization to a specific property ie patent, trade mark, trade secret.

Question 15

software attacks

Answer 15

malicious software to infect other computers. Virus, worms, phishing, Trojan horse, back door, logic bomb….

Question 16

alien software

Answer 16

clandestine software (pestware) that run on computers. Adware, spyware, spamware, cookies.

Question 17

supervisory control and data acquisition (SCADA) attacks

Answer 17

worms that target to interfere with the computers that are used for operations in chemical control and transportation processes. Ie oil refineries, water and sewage treatment plants, etc.

Question 18

What are some of the deliberate threats to information systems?

Answer 18

• Espionage/trespass
• Information extortion
• Sabotage/vandalism
• theft of equipment or information
• identity theft
• compromises to intellectual property
• software attacks
• alien software
• supervisory control and data acquisition (SCADA) attacks
• cyberterrorism/cyberwarfare

Question 19

intellectual property

Answer 19

property created by individuals or corporations. protected under trade secret, patent, and copyright laws.

Question 20

trade secret

Answer 20

an intellectual work not based on public information

Question 21

patent

Answer 21

official document that grants the holder exclusive rights for an invention for a specified period of time.

Question 22

copyright

Answer 22

statutory grant that provides the creators or owners with ownership.

Question 23

piracy

Answer 23

copying a software or program without making payment to the owner

Question 24

alien software

Answer 24

clandestine software that is installed on your computer through duplicitous methods.

Question 25

adware

Answer 25

software that causes pop ups. a vast majority of pastware

Question 26

spyware

Answer 26

software the collects personal information about users without their consent. keystroke loggers and screen scrapers.

Question 27

spamware

Answer 27

pestware the uses your computer as a launch pad for spammers

Question 28

spam

Answer 28

unsolicited email

Question 29

cookies

Answer 29

small amounts of information that websites store on your computer (usually temporary)

Question 30

cyberterrorism/ cyberwarfare

Answer 30

malicious acts in which attackers use a targets computer systems to cause physical, real world harm usually to carry out a political agenda.

Question 31

risk

Answer 31

probability that a threat will impact an information resource.

Question 32

risk management

Answer 32

identify, control, and minimize the impact of threats.

Question 33

risk analysis

Answer 33

ensures IS programs are cost effective. 1) ass the value of each asset 2) estimate the probability that each asset may be compormised 3)compoaring the probable costs of the assets being compromised with the costs of proteting that asset 4) mitigates risks

Question 34

risk mitigation

Answer 34

concrete actions against risks. 1) implementing controls to prevent identified threats from occurring 2) develpoing a means of recovery

Question 35

risk mitigation strategies

Answer 35

1) risk acceptance
2) risk limitation
3) risk transference

Question 36

risk acceptance

Answer 36

accept the potential risk, continue operating with no controls, and absorb any damages that occur.

Question 37

risk limitation

Answer 37

limit the risk by implementing controls that minimize the impact of the threat.

Question 38

risk transference

Answer 38

transfer the risk by using other means to compensate for the loss (ie purchasing insurance).

Question 39

What can organizations do to protect information resources?

Answer 39

risk mitigation

Question 40

risk controls

Answer 40

• physical controls
• access controls
• communication (network) controls
• Business continuity planning (disaster recovery plan)
• Information systems auditing

Question 41

physical controls

Answer 41

prevent unauthorized individuals form gaining access to a company’s facilities.

Question 42

access controls

Answer 42

restricts unauthorized individuals from using information resources. Implements authentication and authorization.

Question 43

authentication

Answer 43

confirms the identity of a person requiring access

Question 44

authorization

Answer 44

determines which actions a person has based on their verified identity.

Question 45

biometrics

Answer 45

authenticates based on something the user is ie physical characteristics. (finger print, retina scan, etc)

Question 46

passwords

Answer 46

authentication through something a user knows

Question 47

privilege

Answer 47

collection of related computer system operations that a user is authorized to perform.

Question 48

least privilege

Answer 48

users be granted the privilege for an activity only if there is a justifiable need for them to perform that activity.

Question 49

communication controls aka…

Answer 49

network controls

Question 50

firewall

Answer 50

prevents a specific type of information from moving between untrusted networks. such as the internet, private networks, and business networks.

Question 51

demilitarized zone

Answer 51

located between the two firewalls.

Question 52

whitelisting

Answer 52

a company identifies the software that it will allow to run on its computers.

Question 53

blacklisting

Answer 53

a company identifies softwares that it will not allow its computers to run

Question 54

encryption

Answer 54

process of converting an original message into a format that cannot be read by anyone except the intended receiver.

Question 55

public key encryption

Answer 55

uses public key and private key. both created simultaneously.

Question 56

certificate authority

Answer 56

acts as a trusted intermediary between companies.

Question 57

digital certificate

Answer 57

electronic document attached to a file that certifies the file is from the organization it claims to be and has not been modified from its orginial format.

Question 58

Virtual Private Network (VPN)

Answer 58

private network that uses a public network (ie internet) to connect to users

Question 59

tunneling

Answer 59

process used in Virtual Private Networks (VPN’s). Encrypts data packets to be sent. places each encrypted packet inside another encrypted packet.

Question 60

secure socket layer

Answer 60

encryption standard used for secure transactions such as credit card purchases or online banking.

Question 61

hot site

Answer 61

fully configured computer facility. Has all services, comm links, and physical plant operations.

Question 62

warm site

Answer 62

proves many services that hot sites do, but does include all the applications the company needs.

Question 63

cold site

Answer 63

provides only rudiementary services and facilities. such as a building or a room with a/c. has no computer hardware or user workstations.