ITM 102 Chap 8

Question 2

Security

Answer 2

The policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.

Question 3

Controls

Answer 3

Methods, policies, and organizational procedures that ensure the safety of the organization’s assets; the accuracy and reliability of its records; and operational adherence to management standards.

Question 4

War Driving

Answer 4

Technique in which eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic.

Question 5

Malware

Answer 5

Malicious software programs such as computer viruses, worms, and Trojan horses.

Question 6

Computer Virus

Answer 6

Rogue software program that attaches itself to other software programs of data files in order to be executed, often causing hardware and software malfunctions.

Question 7

Worms

Answer 7

Independent software programs that propagate themselves to disrupt the operation of computer networks or destroy data and other programs.

Question 8

Trojan Horse

Answer 8

A software program that appears legitimate but contains a second hidden function that may cause damage.

Question 9

SQL injection attack

Answer 9

The largest malware threat that takes advantage of vulnerabilities in poorly coded Web application software to introduce malicious program code into a company’s systems and networks.

Question 10

Spyware

Answer 10

Technology that aids in gathering information about a person or organization without their knowledge.

Question 11

Keyloggers

Answer 11

Spyware that records every keystroke made on a computer to steal personal information or passwords or to launch Internet attacks.

Question 12

Hacker

Answer 12

A person who gain unauthorized access to a computer network for profit, criminal mischief, or personal reasons.

Question 13

Cybervandalism

Answer 13

Intentional disruption, defacement, or destruction of a Web site or corporate information system.

Question 14

Spoofing

Answer 14

Attempts by hackers to hide their true identities by using fake e-mail address or masquerading as someone else; might involve redirection a Web line to an address different from the intended one, with the site masquerading as the intended destination.

Question 15

Sniffer

Answer 15

Type of eavesdropping program that monitors information traveling over a network.

Question 16

Denial-of-service (DoS) Attack

Answer 16

Flooring a network server of Web server with false communications or requests for services in order to crash the network.

Question 17

Distributed Denial-of-service (DDoS) Attack

Answer 17

Numerous computers inundating and overwhelming a network from numerous launch points.

Question 18

Botnet

Answer 18

A group of computers that have been infected with bot malware without users’ knowledge, enabling a hacker to use the amassed resources of the computers to launch distributed denial of service attacks, phishing campaigns, or spam.

Question 19

Computer Crime

Answer 19

The commission of illegal acts through the use of a computer or against a computer system.

Question 20

Identity Theft

Answer 20

Theft of key pieces on personal information, such as credit card or social insurance numbers, in order to obtain merchandise and services in the name of the victim or to obtain false credentials.

Question 21

Phishing

Answer 21

Form of spoofing involving setting up fake Web sites of sending e-mail messages that resemble those of legitimate businesses that ask users for confidential personal data.

Question 22

Evil Twins

Answer 22

Wireless networks that pretend to be legitimate to entice participants to log on and reveal passwords or credit card numbers.

Question 23

Pharming

Answer 23

Phishing technique that redirects users to a bogus Web page, even when an individual enters the correct Web page address.

Question 24

Click Fraud

Answer 24

Fraudulently clicking on an online as in pay-per-click advertising to generate an improper charge per click.

Question 25

Social Engineering

Answer 25

Tricking people into revealing their passwords by pretending to be legitimate users or members of a company in need of information.

Question 26

Bugs

Answer 26

Software program code defects.

Question 27

Patches

Answer 27

Small pieces of software to repair the software flaws without disturbing the proper operation of the software.

Question 28

Personal Information Protection and Electronic Documents Act (PIPEDA)

Answer 28

Act of Parliament that governs the protection of personal information and electronic privacy and the use of electronic documents.

Question 29

Canadian SOX (C-SOX)

Answer 29

Act passed by Parliament that imposes responsibility on companies and their managements to safeguard the accuracy and integrity of financial information that is uses internally and released externally.

Question 30

Computer Forensics

Answer 30

The scientific collection, examination, authentication, preservation, and analysis of data held on or retrieved from computer storage media in such a way that the information can be used as evidence in a court of law.

Question 31

General Controls

Answer 31

Overall control environment governing that design, security, and use of computer programs and the security of data files in general throughout the organization’s information technology infrastructure.

Question 32

Application Controls

Answer 32

Specific controls unique to each computerized application that ensure that only authorized data are completely and accurately processed by that application.

Question 33

Risk Assessment

Answer 33

Determining the potential frequency of the occurrence of a problem and the potential damage id the problem were to occur.

Question 34

Security Policy

Answer 34

Statements ranking information risks, identifying acceptable security goals, and identifying the mechanisms for achieving these goals.

Question 35

Acceptable Use Policy (AUP)

Answer 35

Defines acceptable uses of the firm’s information resources and computing equipment, including desktop and laptop computers, wireless devices, telephones, and the Internet, and specifies consequences for noncompliance.

Question 36

Identity Management

Answer 36

Businesses processes and software tools for identifying the valid users of a system and controlling their access to system resources.

Question 37

Disaster Recovery Planning

Answer 37

Planning for the restoration os computing and communications services after they have been disrupted.

Question 38

Business Continuity Planning

Answer 38

Planning that focuses on how the company can restore business operations after a disaster strikes.

Question 39

MIS Audit

Answer 39

Identifies all the controls that govern individual information systems and assesses their effectiveness.

Question 40

Authentication

Answer 40

The ability for each party in a transaction to ascertain the identity of the other party.

Question 41

Password

Answer 41

A group of characters that are used to log on to a computer system and may also be used to access specific systems and files.

Question 42

Token

Answer 42

Physical device similar to an identification card that is designed to prove the identity of a single user.

Question 43

Smart Card

Answer 43

A credit-card-sized plastic card that stores digital information and that can by used for electronic payments in place of cash.

Question 44

Biometric Authentication

Answer 44

Technology for authentication system users that compares a person’s unique characteristics such as fingerprints, face, or retinal image, against a stored set profile of these characteristics.

Question 45

Firewall

Answer 45

Hardware and software placed between and organization’s internal network and an external network to prevent outsiders from invading private networks.

Question 46

Intrusion Detection Systems

Answer 46

Tools to monitor the most vulnerable points in a network to detect and deter unauthorized intruders.

Question 47

Antivirus Software

Answer 47

Software designed to detect and often eliminate computer viruses from an information system.

Question 48

Unified Threat Management (UTM)

Answer 48

Comprehensive security management tool that combines multiple security tools, including firewalls, virtual private networks, intrusion detection systems, and Web content filtering and antispam software.

Question 49

Encryption

Answer 49

The coding and scrambling of messages to prevent them being read or accesses without authorization.

Question 50

Secure Sockets Layer (SSL)

Answer 50

Enables client and server computers to manage encryption and decryption activities as the communicate with each other during a secure Web session.

Question 51

Secure Hypertext Transfer Protocol (S-HTTP)

Answer 51

Protocol used for encrypting data flowing over the Internet; limited to individual messages.

Question 52

Public Key Encryption

Answer 52

Secure encryption method that uses two keys: one shared (or public) and one private.

Question 53

Digital Certificates

Answer 53

An attachment to an electronic message to verify the identity of the sender and to provide the receiver with the means to encode a reply.

Question 54

Public Key Infrastructure (PKI)

Answer 54

System for creating public, and private keys using a certificate authority (CA) and digital certificates for authentication.

Question 55

Online Transaction Processing

Answer 55

Transaction processing made in with transactions entered online are immediately processed by the computer.

Question 56

Fault-tolerant Computer Systems

Answer 56

Systems that contain extra hardware, software, and power supply components that can back a system up and keep it running to prevent system failure.

Question 57

High-availability Computing

Answer 57

Tools and technologies, including backup hardware resources, to enable a system to recover quickly from a crash.

Question 58

Downtime

Answer 58

Period of time in which and information system is not operational.

Question 59

Recovery-oriented Computing

Answer 59

Computer systems designed to recover rapidly when mishaps occur.

Question 60

Deep Packet Inspection (DPI)

Answer 60

Technology for managing network traffic by examining data packets, sorting out low-priority data from higher priority business-critical data, and sending packets in order of priority.

Question 61

Managed Security Service Providers (MSSPs)

Answer 61

Companies that provide security management services for subscribing clients.