Chapter 7: Security

Question 1

Managers must understand that breaches occur to?

Answer 1

1. Clarify the picture of what is going on
2. To understand their organization’s vulnerabilities,
3. To protect their own company from damages caused by successful cyberattacks

Question 2

What are the five (5) key steps to a successful and holistic cybersecurity program?

Answer 2

1. Identify
2. Protect
3. Detect
4. Respond
5. Recover

Question 3

An organizations ability to understand and manage cybersecurity risks.

Answer 3

Identify

Question 4

Activities that safeguard critical infrastructure services

Answer 4

Protect

Question 5

Activities to identify the occurrence of a cybersecurity event

Answer 5

Detect

Question 6

Activities to take action regarding a detected cybersecurity incident

Answer 6

Respond

Question 7

Activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident

Answer 7

Recover

Question 8

What are the Five (5) Key Information Security Decisions?

Answer 8

1. Strategy
2. Infrastructure
3. Policy
4. Culture
5. Investments

Question 9

An information security decision that is based on such IT principles as protecting the confidentiality of customer information, strict compliance with regulations, and maintaining a security baseline that is above the industry benchmark.

Answer 9

Information security strategy

Question 10

involve selecting and configuring the right tools to achieve consistency in protection, economies of scale, and synergy among the components.

Answer 10

Information security infrastructure

Question 11

guidelines for the organization’s activities, both technical and organizational, to increase cyber resilience.

Answer 11

Information security policy

Question 12

Cybersecurity behaviors that are important to the success of the business

Answer 12

Cybersecurity culture

Question 13

applying the basic system updates and patches offered from the vendors of systems

Answer 13

cybersecurity hygiene

Question 14

decisions about the appropriate level of investment must be made jointly with the security expertise of the IT security managers and with the business priorities expertise of the business managers

Answer 14

Information security investments

Question 15

occur when unauthorized actors gain access to systems, passwords, data, or other assets.

Answer 15

Breach

Question 16

sends a person a counterfeit e‐mail that purports to be from a known entity

Answer 16

phishing attack

Question 17

targeted attack, mimic a situation or relationship highly familiar to the targeted user

Answer 17

spear phishing

Question 18

Software that tracks keystrokes and stores them for hackers to inspect later

Answer 18

key logger

Question 19

Wi‐Fi connection and that all incoming and outgoing Internet traffic becomes routed through the perpetrator’s system

Answer 19

evil twin connection

Question 20

Traps that appear to lead users to their goal, but in reality, they lead to a fraudulent site that requires a log‐in

Answer 20

cross‐site scripting (XSS)

Question 21

What are the 7 common security Access Tools

Answer 21

1.Physical Locks
2.Passwords
3.Biometrics
4.Challenge Questions
5. Token
6. Text Message
7. Multi-factor Authentication

Question 22

What are the 7 common storage and transmission security tools

Answer 22

1. Antivirus/Antispyware
2. Firewall
3. System Logs
4. System Alerts
5. Encryption
6. WEP/WPA
7. VPN

Question 23

Emphasizes security importance and instructs users on what they need to do to achieve safety

Answer 23

Security Policy

Question 24

What are the 7 Commonly used security Policies

Answer 24

1. Security updates
2. Networks
3. Passwords
4. Mobile Devices
5. Data Disposal
6. Social Media
7. Security services

Question 25

Are hired to try to break into systems in an effort to help the client firm uncover weaknesses

Answer 25

white hat hackers.

Question 26

Individuals who break in to systems for their own gain or to wreak havoc on a firm

Answer 26

Black Hat Hackers

Question 27

test organizational systems without any authorization and notify a company when they find a weakness

Answer 27

Grey Hat Hackers

Question 28

SETA stands for what?

Answer 28

Security Education Training and Awareness

Question 29

WHat are the four (4) major areas for Education and Training

Answer 29

1. Access Tools (Passwords/MFA Rules & How-to)
2. BYOD (Rules and How-to)
3. Social Media (Rules and Scenarios)
4. Vigilance (Scenarios and How-to)

Question 30

Security breach in which a hacker counterfeits an Internet address

Answer 30

Spoofing

Question 31

The concept of having multiple layers of different security policies and practices so when one layer fails to stop a perpetrator, another layer might be more effective.

Answer 31

Defense in Depth

Question 32

WHat are the 3 typical components of a Defense in Depth Plan (PTA)

Answer 32

1. Physical Barriers
2. Technical Barriers
3. Administrative Barriers