ISMN Exam 2

Question 1

GDPR (General Data Protection Regulation)

Answer 1

Toughest privacy and security law in the world

Question 2

Security

Answer 2

Degree of protection against criminal activity, danger, damage, loss

Question 3

Information Security

Answer 3

All the processes and policies designed to protect and organization’s information and information systems from unauthorized access, use, disclosure, disruption, modification, destruction

Question 4

Threat to an information resource

Answer 4

Any danger to which a system may be exposed

Question 5

Exposure of Information Resource

Answer 5

Harm, loss, damage that can result if a threat compromises that resource

Question 6

Vulnerability to a information resource

Answer 6

Possibility that a threat will harm that will harm that resource

Question 7

5 key contributors to the increasing vulnerability of organizational informational resources:

Answer 7

• Interconnected, wirelessly networked business environment
• Smaller, faster, cheaper computers/devices
• Decreasing skills necessary to be a computer hacker
• Int’l organized crime becoming cybercrime
• Lack of management support

Question 8

Espionage/Trespass

Answer 8

Attacker/unauthorized individual attempts to gain illegal access to organizational information.

Question 9

Information Extortion

Answer 9

Attacker threatens to steal or actually steals information from a company.

Question 10

Sabotage/Vandalism

Answer 10

Deliberate acts that involve defacing an organization’s website [web defacement attack]

Question 11

Intellectual Property

Answer 11

Property created by individuals or corporations that is protected under trade secret, patent, and copyright laws.

Question 12

Identity Theft

Answer 12

Deliberate assumption of another person’s identity, usually to gain access to his/her financial information or to frame them for a crime

Question 13

Malware

Answer 13

Malicious software designed to wreak havoc

Question 14

What do Viruses do?

Answer 14

Damage programs, delete files, reformat hard drives and/or restrict access to programs/internet

Question 15

What do Worms do?

Answer 15

Self replicate & spread to other computers (modifies/deletes files and/or depletes
system resources [hard drive space / bandwidth

Question 16

Ransomware

Answer 16

[Form of digital extortion]
Blocks access to an individual computer or an organization’s computer system/network
Encrypts an organization’s data until the organization pays a sum
of money (usually in bitcoin).

Question 17

Doxxing

Answer 17

Sometimes, rather than threatening to delete data if ransom isn’t
paid, cybercriminals threaten to release the data to the public
(private / sensitive customer data).

Question 18

Botnets

Answer 18

collection of infected computers [bots] controlled by a remote player [bot
master/herder]

Question 19

Distributed Denial of Service (DDoS)

Answer 19

Aims to make a website or network unusable by
flooding it with malicious traffic or data from multiple infected computers [botnets

Question 20

Phishing Attacks

Answer 20

Use deception to acquire sensitive personal information by masquerading
as official-looking e-mails, instant messages or tex

Question 21

Spear Phishing Attacks

Answer 21

Personalized phishing attacks that target specific individuals or
organizations

Question 22

Whale Phishing Attacks

Answer 22

Spear phishing towards high-value individuals to steal sensitive info from
companies (usually targeting executives and HR department

Question 23

Alien Software (Pestware)

Answer 23

Adware, spyware, Spamware, cookies
software secretly installed on a computer without the knowledge of the user
Typically, not as malicious as viruses/worms – mainly used for advertising/marketing
Allows others to track your web surfing habits and other personal behaviors

Question 24

Spyware

Answer 24

collects personal information about users without their consent

Question 25

Keystroke loggers (keyloggers)

Answer 25

Records your keyboard strokes & internet
browsing history

Question 26

Screen scrapers

Answer 26

record a “movie” of screen contents and activities

Question 27

Stalkerware

Answer 27

Powerful surveillance functions which include keylogging, making
screenshots, monitoring internet activity, recording location, recording video and
phone calls, and intercepting app (Skype, Facebook, WhatsApp, Snapchat
iMessage,etc) communications

Question 28

Spamware

Answer 28

sends unsolicited emails to everyone in your email address book that looks
like it came from you. Mainly used for advertising but can include viruses/worms

Question 29

Adware

Answer 29

Software that causes pop-ups

Question 30

SCADA (Supervisory Control and Data Acquisition attacks)

Answer 30

Attacks big power grids and other infrastructure

Question 31

Cyberterrorism/warfare

Answer 31

Use computer systems to harm real people/places, often for political agenda

Question 32

Single Most Valuable Control is

Answer 32

User Education and Training

Question 33

3 major ways companies protect against threats

Answer 33

Education
Information Security Controls
Risk Management

Question 34

Information Security Controls

Answer 34

Designed to protect all of the
components of an information system – including data, software,
hardware, and networks.

Question 35

3 main types of Information Security Control

Answer 35

Physical Controls
Access Controls
Communications Controls

Question 36

Firewalls

Answer 36

Systems that prevent unauthorized internet users from accessing private networks

Question 37

Anti-Malware Systems (Antivirus software):

Answer 37

Software that attempts to identify and eliminate viruses, worms and other
malicious software.

Question 38

Whitelisting

Answer 38

Process in which a company (IT Dept) identifies the only applications/websites that it will allow to run/access on

Question 39

Blacklisting

Answer 39

process in which a company IT Dept identifies applications/websites that it will not allow to run/access on
computers

Question 40

Encryption

Answer 40

process of converting (scrambling) an original message into a form that cannot be read by anyone except the
intended receiver
Uses a public key (locking) and private key (unlocking)
Digital Certificates (certified by a 3rd party certificate authority)

Question 41

Virtual Private Network (VPN)

Answer 41

private/secure network (out on
the internet) that remote users (internal employees/external
vendors/customers) can connect to & access/share information.

Question 42

Transport Layer Security (TLS)

Answer 42

Secures transactions on the
internet (credit card purchases/online banking); encrypts and
decrypts data between a Web server and browser

Question 43

Employee Monitoring Systems

Answer 43

proactive approach of protecting
against human mistakes. Monitors e-mail activities & internet
browsing activities.

Question 44

Information System Auditing

Answer 44

Examination of information systems, their inputs, outputs, and processing. Considers all the potential hazards and controls in information systems. Focuses on issues such as operations, data integrity, software applications, security and privacy, budgets &
expenditures, cost control, and productivity.

Question 45

What affects your organization’s cyber insurance costs?

Answer 45

Size and Industry
* Amount and Sensitivity of Data
* Annual Revenue
* Strength of Information Security Measures

Question 46

Functions of Risk Mitigation

Answer 46

Implementing controls to prevent identified threats from
occurring (protect it from happening)
* Developing a means of recovery if the threat becomes a reality
(steps to take if it does happen)

Question 47

3 Steps of Risk Analysis

Answer 47

Assessing the value of each asset being protected
* Estimating the probability that each asset will be compromised
* Comparing the probable costs of the asset’s being
compromised with the costs of protecting the asset

Question 48

3 most common Risk Mitigation strategies:

Answer 48

Risk Acceptance
Risk Limitation
Risk Transference (Insurance)