IT: Chapter 7: Securing Information Systems

Question 1

Security

Answer 1

refers to the policies, procedures, and technical measures used to prevent unauthorized access, alternation, theft, or physical damage to information systems

Question 2

Controls

Answer 2

methods, policies, and organizational procedures that ensure the safety of the organization’s assets, the accuracy and reliability of its records, and operational adherences to management standards

Question 3

SSIDs (Service set identifiers)

Answer 3

identify the access points in a Wi-Fi network are broadcast multiple times and can be picked up fairly easily by intruders’ sniffer programs

Question 4

War Driving

Answer 4

eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic

Question 5

Rogue Access points

Answer 5

To force a user’s radio network interface controller to associate with the rogue access point.

Question 6

Malware

Answer 6

malicious software programs include a variety of threats, such as viruses, works, and Trojan horses

Question 7

Virus

Answer 7

rogue software program that attaches itself to other software programs or data files in order to be executed

Question 8

Worms

Answer 8

independent computer programs that copy themselves from one computer to other computers over a network

Question 9

Trojan Horses

Answer 9

software program that appears to be benign but then does something other than expected

Question 10

SQL injection attacks

Answer 10

take advantage of vulnerabilities in poorly coded Web application software to introduce malicious program code into a company’s systems and networks

Question 11

Spyware

Answer 11

small programs install themselves surreptitiously on computers to monitor user Web surfing activity and server up advertising

Question 12

Key loggers

Answer 12

record every keystroke on computer to steal serial numbers, passwords, launch internet attack

Question 13

Hacker

Answer 13

an individual who intends to gain unauthorized access to a computer system

Question 14

Cracker

Answer 14

typically used to denote a hacker with criminal intent

Question 15

Cybervandalism

Answer 15

the intentional disruption, defacement, or even destruction of a Web site or corporate information systems

Question 16

Spoofing

Answer 16

misrepresenting oneself by using fake e-mail addresses or masquerading as someone else

Question 17

Sniffer

Answer 17

eavesdropping program that monitors information traveling over network

Question 18

Denial-of-service attacks (DoS)

Answer 18

flooding server with thousands of false requests to crash the network

Question 19

Distributed Denial-of-service attacks ((DDoS)

Answer 19

uses numerous computers to inundate and overwhelm the network from numerous launch points

Question 20

Botnets

Answer 20

networks of “zombies” PCs infiltrated by bot malware

Question 21

Computer Crime

Answer 21

any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution

Question 22

Identity theft

Answer 22

an imposter obtains key pieces of personal information (social security ID, driver’s license, or credit card numbers) to impersonate someone else

Question 23

Phishing

Answer 23

setting up fake Web sites or sending e-mail messages that look like legitimate businesses to ask users for confidential personal data

Question 24

Evil Twins

Answer 24

wireless networks that pretend to offer trustworthy Wi-Fi connections to the internet

Question 25

Pharming

Answer 25

redirects users to a bogus Web page even when individual types correct Web page address to his or her browser

Question 26

Click fraud

Answer 26

an individual or a computer program fraudulently clicks on an online ad without any intention of learning more about the advertiser

Question 27

Cyberware

Answer 27

state-sponsored activity designed to cripple and defeat another state or nation by penetrating its computers or networks for the purposes of causing damage and disruption

Question 28

Social engineering

Answer 28

tricking employees into revealing their passwords by pretending to be legitimate members of the company in need of information

Question 29

hidden bugs

Answer 29

program code defects

Question 30

patches

Answer 30

small pieces of software to repair flaws released by vendors

Question 31

HIPPA (Health Insurance Portability and Accountability Act)

Answer 31

outlines medical security and privacy rules and procedures for simplifying the administration of health care billing and automating the transfer of health care data between health care providers, payers, and plans

Question 32

Gramm-Leach-Biley Act

Answer 32

requires financial institutions to ensure the security and confidentiality of customer data

Question 33

Sarbanes-Oxley Act

Answer 33

imposes responsibility on companies and their management to safeguard the accuracy and integrity of financial information that is used internally and released externally

Question 34

Computer forensics

Answer 34

scientific collection, examination, authentication, preservation, and analysis of data held on or retrieved from computer storage media in such a way that the information can be used as evidence in court of law

Question 35

General Control

Answer 35

govern the design, security, and use of computer programs and the security of data files in general throughout the organization’s information technology infrastructure.

Question 36

Application control

Answer 36

specific controls unique to each computerized application, such as payroll or order processing

Question 37

Input Controls

Answer 37

check data for accuracy and completely when they enter the system

Question 38

Processing Controls

Answer 38

establish that data are complete and accurate during updating

Question 39

Output Controls

Answer 39

ensure that the results of computer processing are accurate, complete, and properly distributed

Question 40

Risk Assessment

Answer 40

determines level of risk to firm if specific activity or process is not properly controlled

Question 41

Security Policy

Answer 41

consists of statements ranking information risk, identifying acceptable security goals, and identifying the mechanisms for achieving goals

Question 42

Acceptable Use Police (AUP)

Answer 42

defines acceptable uses of the firm’s information resources and computing equipment, including desktop and laptop computers, wireless devices, telephones, and the Internet

Question 43

Identity management

Answer 43

consists of business processes and software tools for identifying the valid users of a system and controlling their access to system resources

Question 44

Disaster recovery planning

Answer 44

devises plans for the restoration of computing and communications services after they have been disrupted

Question 45

Business continuity planning

Answer 45

focuses on how the company can restore business operations after a disaster strikes

Question 46

MIS Audit

Answer 46

examines the firm’s overall security environment as well as controls governing individual information systems

Question 47

Authentication

Answer 47

refer to the ability to know that a person is who he or she claims to be

Question 48

Tokens

Answer 48

physical device, similar to an identification card that is designed to prove the identity of a single user

Question 49

Smart Cards

Answer 49

a device about the size of a credit card that contains a chip formatted with access permission and other data

Question 50

Biometric authentication

Answer 50

uses systems that read and interpret individual human traits such as fingerprints, irises, and voices ,in order to grant or deny access

Question 51

Firewall

Answer 51

combination of hardware and software that controls the flow of incoming and outgoing network traffic

Question 52

Packet filtering

Answer 52

examines selected fields in the headers of data packets flowing back and forth between the trusted network and the internet

Question 53

Stateful inspection

Answer 53

provides additional security by determining whether packets are part of an ongoing dialogue between a sender and a receiver

Question 54

Network Address Translation (NAT)

Answer 54

conceals the IP addresses of the organizations internal host computers to prevent sniffer programs outside the firewall from ascertaining them and using that information to penetrate internal systems

Question 55

Application proxy filtering

Answer 55

examines the application content of packets.

Question 56

Intrusion detection Systems

Answer 56

feature full-time monitoring tools placed at the most vulnerable points or “hot spots” of corporate networks to deter intruders

Question 57

Antivirus software

Answer 57

prevents, detects, and removes malware, and can often eliminate it as well

Question 58

Unified Threat Management Systems (UTM)

Answer 58

security vendors combined into a single appliance various security tools, including firewalls, virtual private networks intrusion detection systems, and Web content filtering and antispam software to help businesses reduce costs and improve manageability

Question 59

Encryption

Answer 59

the process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the intended receiver

Question 60

Secure Sockets Layer (SSL) and successor Transport Layer Security (TLS)

Answer 60

enable client and server computers to manage encryption and decryption activities as they communicate with each other during a secure Web session.

Question 61

Secure Hypertext Transfer Protocol (S-HTT)

Answer 61

used for encrypting data flowing over the Internet, but it is limited to individual messages

Question 62

Symmetric Key Encryption

Answer 62

sender and receiver use single, shared key

Question 63

Public key encryption

Answer 63

uses two mathematically related keys: public key or private key

Question 64

Digital Certificate

Answer 64

data file used to establish the identity of users and electronic assets for protection of online transactions

Question 65

Public Key infrastructure

Answer 65

use of public key cryptography working with certificate authority

Question 66

Fault-tolerate Computer Systems

Answer 66

contain redundant hardware, software, and power supply components that create an environment that provides continuous, uninterrupted service

Question 67

High-availability computing

Answer 67

helps recover quickly from crash, minimizes, does not eliminate, down time

Question 68

Recovery-oriented computing

Answer 68

designing systems that recover quickly with capabilities to help operators pinpoint and correct faults in multicomponent systems

Question 69

Deep packet inspected (DPI)

Answer 69

examines data files and sorts out low-priority online material while assigning higher priority to business-critical files

Question 70

Managed security service provider (MSSPs)

Answer 70

monitor network activity and perform vulnerability testing and intrusion detection

Question 71

Software Metrics

Answer 71

objective assessments of system in form of quantified measurements

Question 72

Walkthrough

Answer 72

review of specification or design document by small group of qualified people

Question 73

Debugging

Answer 73

process by which errors are eliminated