Cyber Security Flashcards
Cyber security planning and management in an enterprise must define allowed computer and network use by employees. Georgia Tech’s computer and network use policy strives to do this for students, faculty, and staff. What is required by this policy
A) Georgia tech passwords should be changed periodically
B) A compromise of a computer should be reported to someone responsible for cyber security at Georgia Tech
C) Georgia Tech computers cannot be used to download illegal content (e.g. child porm)
A) Georgia tech passwords should be changed periodically
B) A compromise of a computer should be reported to someone responsible for cyber security at Georgia Tech
C) Georgia Tech computers cannot be used to download illegal content (e.g. child porm)
P3L1
A botnet operator compromises a number of computers in a company. The malware executed by the bots only sends large amounts of spam email but does not exfiltrate sensitive data or interfere with legitimate activities. What is the appropriate action:
A) The company should detect and prevent abuse of its resources by unauthorized parties
B) Since it poses no risk to company’s sensitive data or normal ops it can be ignored
A) the company should detect and prevent abuse of its resources by unauthorized parties
P3L1
A news story in 2014 reported that an inspector general’s report gave the VA a failing grade for the 16th straight year. The CIO of VA discussed a number of challenges that could explain this grade. What are some possible reasons?
A) The need to manage cyber security for over a million devices, each running many services
B) lack of sense of urgency in fixing cyber vulnerabilities
C) Choosing to support key functions even when this could introduce vulnerabilities
A) the need to manage cyber security for over a million devices, each running many services
and
C) Choosing to support key functions even when this could introduce vulnerabilities
P3L1
Chief Information Security Officer (CISO) is the executive who is responsible for information security in a company. Did target, the major retailer, have a CISO when it suffered the serious breach?
No.
P3L1
Does Georgia Tech’s computer and network use policy prohibit personal use of university resources?
No.
P3L1
GATech systems store student data such as grades. The Institute must protect such data due to:
A) Regulatory reasons (FERPA)
B) Because the data is sensitive it can only be disclosed to the student and his/her family
A) Regulatory reasons (FERPA)
P3L1
Anthem suffered a breach in 2015. Based on an analysis of its response to the breach, did Anthem respond well?
Yes.
P3L1
A company stores sensitive customer data. The impact of a breach of such data must include:
A) Cost of purchasing identity theft protection for customers
B) Loss of business due to reduced customer confidence
C) Compensation for new cyber security personnel the company hires to better manage cyber security in the future
A) Cost of purchasing identity theft protection for customers
and
B) loss of business due to reduced customer confidence
P3L1
A company is considering 2 possible IDS solutions to reduce its exposure to attacks on its network. The first one costs $100K and reduces risk exposure by $150K. The second costs $250K but reduces exposure by $500K. Which would you recommend?
The more expensive one.
P3L1
Risk leverage =
(Risk exposure without control - Risk exposure with control)/ cost of control
P3L1
Cyber insurance is not very popular. Based on a 2014 survey, what percentage of customers of major insurance brokers were interested in buying cyber insurance?
A) Less than 25%
B) over 50%
A) less than 25%
P3L1
Are cyber security budgets increasing as the number of reported incidents increase?
No.
P3L1
An example of a proactive security measure is:
A) Making sure the company complies with all regulatory requirements
B) Chief risk officer (CRO) of the company addressing cyber risk regularly at highest level (eg board) when other risks are discussed
B) Chief risk officer addressing the board
P3L1
