CHAPTER 8 SECURING INFORMATION SYSTEMS

Question 1

Protocol used for encrypting data flowing over the internet; limited to individual messages

Answer 1

S-HTTP (Secure Hypertext Transfer Protocol)

Question 2

Enables client and server computers to manage encryption and decryption activities as they communicate with each other during a web session

Answer 2

SSL (Secure Sockets Layer)

Question 2

Data file used to establish the identity of users and electronic assets for protection of online transactions. Uses certification authority (CA) to validate a user’s identity. CA verifies user’s identity, stores information in CA server, which generates encrypted digital certificate containing owner ID information and copy of owner’s public key

Answer 2

Digital certificate

Question 2

• Uses two, mathematically related keys: public key and private key
• Sender encrypts message with recipient’s public key
• Recipient decrypts with private key

Answer 2

Public key encryption

Question 2

Use of public key cryptography working with certificate authority. Widely used in e-commerce

Answer 2

Public key infrastructure (PKI)

Question 3

Sender and receiver use single, shared key

Answer 3

Symmetric key encryption

Question 4

Two methods of encryptions are:

Answer 4

• Symmetric key encryption
• Public key encryption

Question 4

Transforming text or data into cipher text that cannot be read by unintended recipients

Answer 4

Encryption

Question 4

Are products that include multiple security features integrated into one box

Answer 4

Unified Threat Management (UTM) systems

Question 5

Check computers for presence of malware and can often eliminate it as well. Require continual updating.

Answer 5

Antivirus and antispyware software

Question 6

Monitor hot spots on corporate networks to detect and deter intruders. Examine events as they are happening to discover attacks in progress.

Answer 6

Intrusion detection systems

Question 7

Combination of hardware and software that prevents unauthorized access to network

Answer 7

Firewall

Question 8

Uses systems that read and interpret individual human traits, such as fingerprints, irises, and voices, in order to grant or deny access

Answer 8

Biometric authentication

Question 9

A device about the size of a credit card that contains a chip formatted with access permission and other data

Answer 9

Smart card

Question 10

A physical device, similar to an identification card, that is designed to prove the identity of a single user

Answer 10

Token

Question 11

Authentication is often established by using passwords known only to authorized users

Answer 11

Passwords

Question 12

Refers to the ability to know that a person is who he or she claims to be

Answer 12

Authentication

Question 13

Business process and technologies for identifying valid users of system. Creates different levels or roles of system user and access. Allows each user access only to those portions of system under that user role

Answer 13

Identity management

Question 14

A policy that a user must agree to follow in order to be provided access to a network or to the internet

Answer 14

Acceptable use policy (AUP)

Question 15

Ranks information risks, Identifies acceptable security goals, Identifies mechanisms for achieving these goals, Drives other policies

Answer 15

Security policy

Question 16

Determines level of risk to firm if specific activity or process is not properly controlled

Answer 16

Risk management

Question 17

Application controls

Answer 17

Specific controls unique to each computerized application, such as payroll or order processing.
* Includes both automated and manual procedures.
* Ensure that only authorized data are completely and accurately processed by that application.
- Includes: Input controls, processing controls, Output controls

Question 18

Tricking employees into revealing their passwords by pretending to be legitimate members of the company in need of information

Answer 18

Social engineering

Question 19

What is click fraud?

Answer 19

Fraudulent clicks on online ads

Question 20

What is cyberwarfare?

Answer 20

Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption

Question 21

Redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser

Answer 21

Pharming

Question 22

Wireless networks that pretend to offer trustworthy Wi-Fi connections to the Internet

Answer 22

Evil twins

Question 23

Setting up fake Web sites or sending e-mail messages that look like legitimate businesses to ask users for confidential personal data

Answer 23

Phishing

Question 24

Networks of “zombie” PCs infiltrated by bot malware

Answer 24

Botnets

Question 25

Use of numerous computers to launch a DoS

Answer 25

Denial-of-service attacks (DoS)

Question 26

Eavesdropping program that monitors information traveling over network; Enables hackers to steal proprietary information such as e-mail, company files, and so on

Answer 26

Sniffer

Question 27

Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else; Redirecting Web link to address different from intended one, with site masquerading as intended destination

Answer 27

Spoofing

Question 28

Intentional disruption, defacement, destruction of Web site or corporate information system

Answer 28

Cybervandalism

Question 29

Record every keystroke on computer to steal serial numbers, passwords, launch Internet attacks

Answer 29

Keyloggers

Question 30

Small programs install themselves surreptitiously on computers to monitor user Web surfing activity and serve up advertising

Answer 30

Spyware

Question 31

Software program that appears to be benign but then does something other than expected

Answer 31

Trojan horses

Question 32

Independent computer programs that copy themselves from one computer to other computers over a network

Answer 32

Worms

Question 33

Rogue software program that attaches itself to other software programs or data files in order to be executed

Answer 33

Viruses

Question 34

What is war driving?

Answer 34

Eavesdroppers drive by buildings and try to intercept network traffic; With access to SSID, has access to network’s resources

Question 35

Power failures, flood, fires, and so on

Answer 35

Disasters

Question 36

Breakdowns, configuration errors, damage from improper use or crime

Answer 36

Hardware problems

Question 37

Programming errors, installation errors, unauthorized changes

Answer 37

Software problems