L22 - Cyber Security Flashcards
Georgia Tech account passwords should be changed periodically.
a) True
b) False
a) True
A compromise of a computer should be reported to someone responsible for cyber security at Georgia Tech
a) True
b) False
a) True
Georgia Tech computers cannot be used to download illegal content
a) True
b) False
a) True
A botnet operator compromises a number of computers in a company. The malware executed by the bots only sends large amounts of spam email but does not exfiltrate sensitive data or interfere with legitimate activities. Choose the appropriate action by the company in this situation:
a) The company should detect and prevent abuse of its resources by unauthorized parties
b) Since it poses no risk to company’s sensitive data or normal operations, it can be ignored
a) The company should detect and prevent abuse of its resources by unauthorized parties
Why does the VA fail at security?
a) The need to manage cyber security for over a million devices each running many services
b) Lack of sense of urgency in fixing cyber vulnerabilities
c) Choosing to support key functions even when this could introduce vulnerabilities
A and C
Did Target have a Chief Information Security Officer (CISA) when it suffered the serious breach?
a) Yes
b) No
b) No
Does Gatech’s computer and network use policy prohibit personal use of university resources?
a) Yes
b) No
b) No
Personal use is allowed to some degree
Gatech systems store student data such as grades. The Institute must protect such data due to…
a) Regulatory reasons
b) Because the data is sensitive it can only be disclosed to student and his/her family
a) Regulatory reasons
Due to FERPA (like HIPA for academia)
Anthem suffered from a major breach in 2015. Based on an analysis of its response to the breach, did Anthem respond well to the breach?
a) Yes
b) No
a) Yes
They discovered it themselves and reached out to law enforcement and the people affected.
A company stores sensitive customer data. The impact of a breach of such data must include
a) Cost of purchasing identity theft protection for customers
b) Loss of business due to reduced customer confidence
c) Compensation for new cyber security personnel the company hires to better manage cyber security in the future
A and B
A company is considering 2 possible IDS solutions to reduce its exposure to attacks on its network. The first one costs $100k and reduces risk exposure by $150k. The second one costs $250k but reduces risk exposure by $500k. Which solution would you recommend.
a) Cheaper solution costs $100k
b) More expensive solution that costs $250k
b) More expensive solution that costs $250k
Cyber insurance is still not very popular. Based on a 2014 survey, what percentage of customers of major insurance brokers were interested in buying cyber insurance?
a) Less than 25%
b) Over 50%
a) Less than 25%
Are cyber security budgets increasing as the number of reported incidents increases?
a) Yes
b) No
b) No
An example of proactive security measure is…
a) Making sure the company complies with all regulatory requirements
b) Chief Risk Officer of the company addressing cyber risk regularly at highest level (e.g. board) when other risks are discussed
b) Chief Risk Officer of the company addressing cyber risk regularly at highest level (e.g. board) when other risks are discussed
