IS4550 CHAPTER 9 Flashcards
A leading technique, methodology, or technology that through experience has proved to be very reliable and tends to produce consistent and quality results is called ___.
BEST PRACTICE
Temporary workers who can be assigned to any role is called ___.
CONTRACTORS
Assets that are essential for the society and economy to function is called ___.
CRITICAL INFRASTRUCTURE
In the context of information security, this refers to a process by which senior leaders through a chain of command are apprised of a risk. This continues one level of organizational structure at a time until the issue is addressed or has reached the highest level of the organization is called ___.
ESCALATION
Granting elevated rights temporarily to enable a person to resolve a problem quickly and provides emergency access to unprivileged users is called ___.
FIRECALL-ID PROCESS
To eliminate as many security risks as possible by reducing access rights to the minimum needed to perform any task, ensuring access is authenticated to unique individuals, removing all nonessential software, and other configuration steps that eliminate opportunities for unauthorized access is called ___.
HARDEN
An employee, consultant, contractor, or vendor; the ___ may even be the IT technical people who designed the system, application, or security that is being hacked. The ___ know the organization and the applications.
INSIDER
An ___ is when two or more audit disciplines are combined to conduct a single audit
INTEGRATED AUDIT
Captures the keystrokes of a user is called ___.
KEYLOGGER SOFTWARE
___ is a separate platform used to collect logs from platforms throughout the network.
LOG SERVER
When a hacker outlines a story in which the employee is asked to reveal information that weakens the security is called ___.
PRETEXTING
Designed to heighten the awareness and accountability of those users with administrator rights is called ___.
PRIVILEGED-LEVEL ACCESS AGREEMENT (PAA)
Individuals responsible for designing and implementing a security program within an organization is called ___.
SECURITY PERSONNEL
.Manipulating or tricking a person into weakening the security of an organization is called ___.
SOCIAL ENGINEERING
A type of attack in which the hacker adds this code to a Web or application input box to gain access to or alter data in the database is called ___.
STRUCTURE QUERY LANGUAGE (SQL) INJECTION
Hardware and software that collects critical information to keep a facility operating is called ___.
SUPERVISORY CONTROL AND DATA ACQUISITION (SCADA) SYSTEM
A complete record of what access was granted and the business reason behind it in order to resolve a problem is called ___.
TROUBLE TICKET
- Pretexting is when a hacker breaks into a firewall.
TRUE OR FALSE
FALSE
- What can key logger software capture?
- Usernames
- Passwords
- Websites visited
- All the above
Usernames
Passwords
Websites visited
- You can use a ___ process to grant temporary elevated rights.
Firecall-ID
- Security awareness is required by which of the following?
- Law
- Customers
- Shareholders
- All the above
Law
- A(n) ___ looks at risk and issues an independent opinion.
Auditor
- A privileged-level access agreement (pas) prevents an administrator from abusing elevated rights.
TRUE OR FALSE
FALSE
- which of the following does an acceptable use policy relate to?
- Server to server communication
- Users accessing the Internet
- Encryption when transmitting files
- 1 and 2
Users accessing the Internet
- A(n) ___ has inside information on how an organization operates.
Insider
- Social engineering occurs when a hacker posts her victories on s social Web site.
TRUE OR FALSE
FALSE
- Typically in large organizations all administrators have the same level of authority.
TRUE OR FALSE
FALSE
- A CISO must ___ risks if the business unit is not responsive.
Escalate
