Chapter 6 Information Systems Security

Question 1

What is IS security?

Answer 1

Process of preventing unauthorized access to IS or modification of its data

Question 2

What are 2 negative characteristics of IS security?

Answer 2

1)Expensive
2)Inconvenient

Question 3

What is a IS security threath?

Answer 3

person or org that seeks to obtain/alter data or other assets illegally, without owner’s permission/knowledge

Question 4

Threaths use systems…

Answer 4

vulnerabilities

Question 5

What are the 3 scenarios of a safeguard situation?

Answer 5

1)Blocked by safeguards
2)Safeguard is ineffective
3)No safeguard

Question 6

What is a vulnerability?

Answer 6

Weakness in IS that provides opportunity for threats to gain access to assets

Question 7

What is a safeguard?

Answer 7

Measure to block threat from obtaining asset (type of control)

Question 8

What is data privacy?

Answer 8

Proper collection/processing of personnal data of individuals

Question 9

What is GDPR?

Answer 9

General data protection regulation

Question 10

What are the 2 common threats?

Answer 10

1)Human error (internal employees)
2)Computer crime (external attackers)

Question 11

What are the 3 components that can face losses?

Answer 11

1)Data
2)Software
3)Hardware/infrastructure

Question 12

What are the data losses related to human errors? (2)

Answer 12

1)Inadvertent
2)Deliberate (sabotage)

Question 13

What are the software losse related to human errors

Answer 13

Procedure problems

Question 14

What are the hardware losses related to human errors?

Answer 14

Accidents

Question 15

What are the data losses related to computer crime? (5)

Answer 15

1)Impersonation
2)Hacking
3)Injection
4)Man-in-the-middle
5)Malware

Question 16

What are the software losses related to computer crime? (4)

Answer 16

1)Denial service
2)Overflow
3)Usurpation
4)Malware

Question 17

What are the hardware losses related to computer crime? (3)

Answer 17

1)Theft
2)terrorism
3)ATP loss

Question 18

What is social engineering?

Answer 18

when employees are manipulated into divulging data or by passing security on behalf of others

Question 19

What are the 3 impersonation types?

Answer 19

1)Pretexting
2)Phishing
3)Evil twin

Question 20

What is pretexting?

Answer 20

When someone deceives by pretending to be someone else

Question 21

What is phishing?

Answer 21

When someone deceives by pretending to be someone else by email

Question 22

WHat is evil twin?

Answer 22

user who mistakes evil twin access point for legitimate one

Question 23

What is man-in-the-middle?

Answer 23

Attacker intercepts/may alter communication between 2 unsuspecting parties

Question 24

What is malware?

Answer 24

Decribe variety of software that damages/disables computers (virus, worm, ect)

Question 25

What is hacking?

Answer 25

Breaking into computer, server, network to steal data

Question 26

What is a brute force attack?

Answer 26

trial and error attack for password/PIN

Question 27

What is an injection attack?

Answer 27

When attackers inserts unwanted input into programs

Question 28

What is cross-site scripting (XSS)?

Answer 28

To infect target machines with malware

Question 29

What is a SQL injection?

Answer 29

When attacker enters SQL statement into a form on web page in which client is supposed to enter name/data

Question 30

What is Denial of service (DOS)?

Answer 30

Floods web server with milllions of bogus servce requests that so occupy server that ait cannot service legitimate requests

Question 31

What is usurpation?

Answer 31

Unauthorized control of some part of an IS

Question 32

What is an advanced persistent threat (APT)?

Answer 32

sophisticated, long-running computer hack that is perpetrated by large, well funded org such as gov (cyberespionage)

Question 33

What are the 4 challenges of IS security?

Answer 33

1)Attackers dont follow rules 2)Data designed to be copied/shared ez 3)Security depend on everyone in org 4)Business dont have time to thoroughly test security of new system before they are employed

Question 34

What are the threats unique to mobile devices? (2)

Answer 34

1)user 2)attacker

Question 35

What is the data loss related to the user threats to mobile devices?

Answer 35

Inadvertent data leakage

Question 36

What is the software losses related to the user threats to mobile devices? (3)

Answer 36

1)Inconsistent Android updates 2)Jailbreaking 3)Rooting

Question 37

What is the hardware losses related to the user threats to mobile devices? (2)

Answer 37

1)Accidents 2)Forgetfulness

Question 38

What dare the data losses related to the attacker threats to mobile devices? (4)

Answer 38

1)Location services camera 2)Microphones bluejacking 3)Bluesnafing 4)Spoofed QR code

Question 39

What is the software losses related to the attacker threats to mobile devices?

Answer 39

Vulnerability in apps

Question 40

What is the hardware losses related to the attacker threats to mobile devices?

Answer 40

Theft

Question 41

Which of the losses is the most common in mobile devices?

Answer 41

Data

Question 42

What is bluejacking attack?

Answer 42

Harmless messages are sent to device

Question 43

What is bluesnarfing?

Answer 43

Data on user's device is stolen

Question 44

What is spoofed QR code?

Answer 44

Create their own QR code spoofing the legitimate restaurant QR code, place it in restaurant

Question 45

What is jailbreaking?

Answer 45

or rooting: alteration of manufacturer-designed security limitations on mobile devices by the the device user

Question 46

What is the best control to security threats?

Answer 46

Create a strong and multiple passwords

Question 47

What are the 4 organizational securty fundamentals for an organization ?

Answer 47

1)Security policy 2)Risk management/cost matrix 3)Layered defense 4)Graceful degradation of defenses

Question 48

What are the5 technical safeguards?

Answer 48

1)Identification/authorization 2)Encryption, keys, https 3)Firewalls 4)Malware protection 5)Hardening, VPN, secure design

Question 49

What are the 5 data safeguards?

Answer 49

1)Data rights and responsibilities 2)Passwords 3)Encryption 4)Backup/recovery 5)Physical security

Question 50

What are the 5 human safeguards?

Answer 50

1)Employees 2)Nonemployees 3)Account admin 4)Backup/recovery 5)Security monitoring

Question 51

What does a password do?

Answer 51

It authenticates: verifies credentials of individual seeking access

Question 52

What is a smart card?

Answer 52

Plastic card with mircrochip that is loaded with identifying data

Question 53

What is hash?

Answer 53

Scrambled series of characters generated from string of text to form unique digital fingerprint

Question 54

What is encryption?

Answer 54

Process of transforming clear text into coded, uninteligible text for secure storage/communication

Question 55

What is a key in encryption?

Answer 55

number used to encrypt data

Question 56

What is symmetric encryption?

Answer 56

The same key is used to encode/decode

Question 57

What is asymmetric encryption?

Answer 57

2 keys used: 1 for encode and 1 for decode

Question 58

What is a public/private key?

Answer 58

Special version used on the Internet

Question 59

What are the 5 elements of the essence of https?

Answer 59

1)Your computer obtains public key for website 2)Your computer generates key for symmetric encryption 3)Your computer encrypts symmetric key using web site public key 4)Website decodes your message using its private key. Obtains key for symmetric encryption 5)All communication between gov/website use symmetric key

Question 60

What is a firewall?

Answer 60

Computing device that prevents unauthorized access to parts of a network

Question 61

What are the 7 malware protection?

Answer 61

1)Antivirus/antispyware programs 2)Set up anti-malware programs to scan computer frequently 3)Update malware definitions 4)Open email attachments only from knwon sources 5)Promptly install software updates from legitimare sources 6)Browse only in reputable internet neighborhoods 7)Don't use questionable discussion boards

Question 62

What is hardening?

Answer 62

Process of reducing vulnerabilities of computer by restricting function/actions

Question 63

What is a virtual private network (VPN)?

Answer 63

Uses software/dedicated computer to create private network over the public Internet

Question 64

What are the 5 human safeguards for employees?

Answer 64

1)Position definition 2)Hiring/screening 3)Dissemination and enforcement 4)Termination 5)Enforce mobile device security policy

Question 65

What are the elements of position definition for human safeguards for employees? (4)

Answer 65

1)Separate duties/authorities 2)Determine least privilege 3)Document position sensitivity 4)Security sensitivity

Question 66

What are the 3 eleemts for dissemination and enforcement of human safeguards for employees?

Answer 66

1)Responsibility 2)Accountability 3)Compliance

Question 67

What is the human safeguards for nonemployee personnel?

Answer 67

Opening information to nonemployee/temporary personnel

Question 68

What is account administration tasks? (3)

Answer 68

1)User accounts 2)Passwords 3)Removal of unneeded accounts

Question 69

What is the elements of security monitoring?

Answer 69

Security audit

Question 70

What are the 4 attributed of successful disaster and incident reponse plans?

Answer 70

1)Have a plan in place 2)Centralized reporting 3)Practice response 4)Determine cause

Question 71

what are computer forensics used for?

Answer 71

Determine cause of disaster/incident

Question 72

What are the 3 challenges of IS security?

Answer 72

1)Attackers don't have to follow rules 2)Data is designed to be copied/shared ez 3)New tech are often less secure

Question 73

What are the 3 security challenges expected in 2031?

Answer 73

1)Blockchain 2)AI 3)Severe shortage of cyber security professionals