Chapter 9

Question 1

A good hacker who focuses on securing and protecting IT systems is called a:

Answer 1

White-hat hacker

Question 2

A computer hacker whose activity is aimed at promoting a social or political cause is called a:

Answer 2

Hacktivist

Question 3

The ethical and moral issues arising from the development and use of info systems is called:

Answer 3

Information ethics

Question 4

A program that records keystrokes and mouse clicks is called a:

Answer 4

Key logger

Question 5

A device that captures keystrokes on their journey from the keyboard to the motherboard is called a:

Answer 5

Hardware key logger

Question 6

A file deposited on a hard drive by a website containing info about customers and their web activities is called a:

Answer 6

Cookie

Question 7

A program hidden in free downloadable software which tracks online movements, mines the info stores on a computer, etc, is called:

Answer 7

Spyware

Question 8

What are some of the negative effects of employee monitoring?

Answer 8

• Lower job satisfaction
• Rise in employee absenteeism
• Lack of trust between employee and employer

Question 9

What are some challenges of information privacy?

Answer 9

• People release info about themselves (credit card purchases, magazine subscriptions)
• Data storage costs are declining (cheap to keep databases on people)
• Info processing is becoming faster
• More accurate profiles of people are created (advances in data analysis techniques)
• Advances in networking

Question 10

What prohibits an organization from collecting personal info unless the user agrees to it?

Answer 10

Opt-in model

Question 11

What permits the collection of personal info until the consumer requests that it stops?

Answer 11

Opt-out model

Question 12

The Personal Information Protection and Electronic Documents Act is called:

Answer 12

PIPEDA

Question 13

What are PIPEDA’s 10 guiding principles?

Answer 13

1) Accountability (organization is responsible for personal info)
2) Identifying purposes (purpose for which person info is collected must be identified)
3) Consent (consent of the individual is required)
4) Limiting collection (collection of info is limited to what is necessary)
5) Limiting use, disclosure, and retention (personal info cannot be used for any purpose other than what it was identified for)
6) Accuracy (person info must be accurate)
7) Safeguards (personal info shall be protected)
8) Openness (organization should make its policies and practices available)
9) Individual access ( Person should be given access to the information)
10) Challenging compliance (person should be able to address a challenge)

Question 14

What identifies the rules required to maintain information security?

Answer 14

An information security policy

Question 15

What details how an organization will implement the information security policies?

Answer 15

An information security plan

Question 16

What are the 5 steps to creating an information security plan?

Answer 16

1) Develop the info security policies (telling users to log off systems before leaving, never share passwords)
2) Communicate the policies
3) Identify critical info assets and risks
4) Test and reevaluate risks
5) Obtain stakeholder support

Question 17

What actions should be taken to ensure information security?

Answer 17

Authentication, prevention and resistance, and detection and response

Question 18

What is a method used for confirming users’ identities?

Answer 18

Authentication

Question 19

A technique to gain personal info for the purpose of identity theft is called:

Answer 19

Phishing

Question 20

What is it called when a flood of messages are sent to a server in order to crash it?

Answer 20

Denial of service (DoS) attack

Question 21

What is it called when a flood of messages are sent to a server from numerous sites in order to crash it?

Answer 21

Distributed denial of service (DDoS) attack