MIS-5 Flashcards

1
Q

Spyware

A
  1. Software that secretly gathers information about users while they browse the Web
  2. Prevented by installing antivirus or antispyware software
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Adware

A
  1. Type of spyware that collects information about the user to determine which advertisements to display in the user’s Web browser
  2. Prevented by installing an ad-blocking feature in the Web browser
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Phishing

A
  1. Sending fraudulent e-mails that seem to come from legitimate sources
  2. E-mails direct recipients to false Web sites to capture private information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Pharming

A
  1. Hijacking and altering the IP address of an official Web site
  2. Users who enter the correct Web address are directed to the pharmer’s fraudulent Web site
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Baiting

A

What distinguishes it from phishing is the promise that the baiter gives to the recipient

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Quid pro quo

A

Involves a hacker requesting the exchange of critical data or login information in exchange for a service or prize

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Keystroke Loggers

A
  1. Monitor and record keystrokes
  2. Can be software or hardware devices
  3. Used by companies to track employees’ use of e-mail and the Internet, which is legal
  4. Used for malicious purposes
  5. Prevented by some antivirus and antispyware programs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Sniffing

A

Capturing and recording network traffic

Used by hackers to intercept information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Spoofing

A

Attempting to gain access to a network by posing as an authorized user in order to find sensitive information
Also happens when an illegitimate program poses as a legitimate one

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Computer Fraud

A

Unauthorized use of computer data for personal gain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Computer crimes include:

A
  1. Denial-of-service attacks
  2. Identity theft and software piracy
  3. Distributing child pornography
  4. E-mail spamming
  5. Writing or spreading malicious codes
  6. Stealing files for industrial espionage
  7. Changing computer records illegally
  8. Virus hoaxes
  9. Sabotage
  10. Holding a firm’s critical data for ransom
    Example: Ransomware
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Confidentiality from the CIA Triangle

A

System must prevent disclosing information to anyone who is not authorized to access it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Integrity from the CIA Triangle

A

Accuracy of information resources within an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Availability from the CIA Triangle

A

Ensuring that computers and networks are operational, and authorized users can access the information they need
Quick recovery in the event of a system failure or disaster

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

McCumber Cube

A

Framework for evaluating information security
Represented as a three-dimensional cube
Defines nine characteristics of information security
Includes different states in which information can exist in a system
Transaction, storage, and processing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Levels of Network Security

A

Level 1 - Front-end servers
Level 2 - Back-end systems
Level 3 - Corporate network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Level 1 - Front-end servers

A

Available to both internal and external users and must be protected against unauthorized access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Level 2 - Back-end systems

A

Must be protected to ensure confidentiality, accuracy, and integrity of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Level 3 - Corporate network

A

Must be protected against intrusion, denial-of-service attacks, and unauthorized access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Fault-tolerant systems

A

Ensure availability in the event of a system failure by using a combination of hardware and software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Commonly used methods of Fault-tolerant systems

A

Uninterruptible power supply (UPS)
Redundant array of independent disks (RAID)
Mirror disks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Intentional Threat: Virus

A

Consists of self-propagating program code that is triggered by a specified time or event:

a. Attaches itself to other files, and the cycle continues when the program or operating system containing the virus is used
b. Transmitted through a network, e-mail attachments, or message boards
c. Prevented by installing and updating an antivirus program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Intentional Threat: Worms

A
  1. Independent programs that can spread themselves without having to be attached to a host program
  2. Replicate into a full-blown version that could end up eating computing resources

Examples
Code Red, Melissa, and Sasser

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Trojan programs

A
  1. Contain code intended to disrupt a computer, network, or Web site
  2. Hidden inside a popular program
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Logic bombs

A
  1. Type of Trojan program used to release a virus, worm, or other destructive code
  2. Triggered at a certain time or by a specific event
26
Q

Backdoor

A

Programming routine built into a system by its designer

Enables the designer to bypass security and sneak back into the system later to access programs or files

27
Q

Blended threat

A

Combines the characteristics of computer viruses, worms, and other malicious codes with vulnerabilities on public and private networks

28
Q

Intentional Threat: Denial-of-Service (DoS) Attacks

A

Flood a network or server with service requests to prevent legitimate users’ access to the system

29
Q

Distributed denial-of-service (DDoS) attack

A

Thousands of computers work together to bombard a Web site with thousands of requests in a short period, causing it to grind to a halt

30
Q

Botnet - Network of computers and IoT devices:

A

Infected with malicious software

Controlled as a group without owners’ knowledge

31
Q

TDoS (telephony denial of service) attacks

A

Use high volumes of automated calls to tie up a target phone system, halting incoming and outgoing calls

32
Q

Intentional Threats: Social Engineering

A
  1. Using “people skills” to trick others into revealing private information
  2. Commonly used social-engineering techniques:
    Dumpster diving
    Shoulder surfing
    Tailgating
    Scareware
    Pretexting
33
Q

Constituents of a Comprehensive Security System:

A
  1. Biometric and non-biometric security measures
  2. Physical security measures
  3. Access controls
  4. VPNs
  5. Data encryption
  6. E-commerce transaction security measures
  7. Computer Emergency Response Team (CERT)
34
Q

Biometric Security Measures

A

Use a physiological element unique to a person that cannot be stolen, lost, copied, or passed on to others

35
Q

Nonbiometric Security Measure: Callback Modems

A
  1. Verify whether a user’s access is valid
    a. Done by logging the user off and then calling the user back at a predetermined number
  2. Useful in firms with many employees who work off-site and need to connect to the network from remote locations
36
Q

Nonbiometric Security Measure: Firewall

A
  1. Combinations of hardware and software that acts as a filter between a private network and external networks
  2. Network administrator defines rules for access, and all other data transmissions are blocked
37
Q

Types of Firewalls

A

Packet-filtering firewalls, application-filtering firewalls, and proxy servers

38
Q

Nonbiometric Security Measure: Intrusion Detection System (IDS)

A
  1. Protects against external and internal access
  2. Placed in front of a firewall
  3. Identifies attack signatures, traces patterns, and generates alarms for the network administrator
  4. Causes routers to terminate connections with suspicious sources
  5. Prevents DoS attacks
39
Q

Physical Security Measures

A
  1. Control access to computers and networks
  2. Include devices for securing computers and peripherals from theft
    a. Cable shielding and room shielding
    b. Corner bolts and steel encasements
    c. Electronic trackers, identification (ID) badges, and proximity-release door openers
40
Q

Access Controls

A
  1. Designed to protect systems from unauthorized access in order to preserve data integrity
  2. Types
    a. Terminal resource security: Erases the screen and signs the user off automatically after a specified length of inactivity
    b. Passwords: Combination of numbers, characters, and symbols that is entered to allow access to a system
41
Q

Virtual Private Network (VPN)

A
  1. Provides a secure tunnel through the Internet for transmitting messages and data via a private network
  2. Used so that remote users have a secure connection to the organization’s network
  3. Used to provide security for extranets
  4. Data is encrypted before it is sent with a protocol, such as:
    a. Layer Two Tunneling Protocol (L2TP)
    b. Internet Protocol Security (IPSec)
  5. Set-up costs are low
42
Q

Disadvantages of VPNs

A
  1. Slow transmission speed

2. Lack of standardization

43
Q

Data Encryption

A

Transforms data, called plaintext or cleartext, into a scrambled form called ciphertext that cannot be read by others. The Receiver unscrambles data using a decryption key

44
Q

Rules for Encryption

A
  1. Known as the encryption algorithm

2. Determine how simple or complex the transformation process should be

45
Q

Commonly used Encryption Protocols

A
  1. Secure Sockets Layer (SSL)
    Manages transmission security on the Internet
  2. Transport Layer Security (TLS)
    Cryptographic protocol that ensures data security and integrity over public networks, such as the Internet
46
Q

Asymmetric Encryption

A

Uses two keys

a. Public key known to everyone
- Encrypted message can be decrypted only with the same algorithm used by the public key and requires the recipient’s private key
b. Private or secret key known only to the recipient

47
Q

Drawback of Asymmetric Encryption

A

Slow and requires a large amount of processing power

48
Q

Symmetric (Secret Key) Encryption

A

Same key is used to encrypt and decrypt the message

  • Sender and receiver must agree on the key and keep it secret
  • Can be used to create digital signatures
49
Q

Drawback of Symmetric (Secret Key) Encryption

A

Sharing the key over the Internet is difficult

50
Q

E-Commerce Transaction Security Measures are concerned with the issues such as:

A
Confidentiality
Authentication
Integrity
Nonrepudiation of origin
Nonrepudiation of receipt
51
Q

Computer Emergency Response Team (CERT)

A

1, Developed by the Defense Advanced Research Projects Agency

  1. Focuses on security breaches and DoS attacks
  2. Offers guidelines on handling and preventing attacks
  3. Conducts public awareness campaigns and researches Internet security vulnerabilities
52
Q

Before establishing a security program, organizations should:

A
  1. Understand the principles of the Sarbanes-Oxley Act of 2002
  2. Conduct a basic risk analysis, which makes use of financial and budgeting techniques
    a. Information obtained helps organizations weigh the cost of a security system
53
Q

Guidelines of a Comprehensive Security Plan:

A
  1. Set up a security committee
  2. Post security policy in a visible place
  3. Raise employee awareness
  4. Use strong passwords
  5. Install software patches and updates
  6. Revoke terminated employees’ passwords and ID badges immediately
  7. Keep sensitive data and information locked in secured location
  8. Exit programs and systems promptly
    Limit computer access to authorized personnel only
  9. Compare communication logs with communication billings periodically
  10. Install antivirus programs, firewalls, and intrusion detection systems
  11. Use only licensed software
  12. Ensure fire protection systems and alarms are up to date, and test them regularly
  13. Check environmental factors
    a. Temperature and humidity levels
  14. Use physical security measures
  15. Corner bolts on workstations, ID badges, and door locks
54
Q

Business Continuity Planning

A

Outlines procedures for keeping a firm operational in the event of a natural disaster or network attack

55
Q

Disaster recovery plan

A

Lists the tasks that must be performed to restore damaged data and equipment and steps to prepare for disaster

56
Q

Steps to Follow When Disaster Strikes

A
  1. Put together a management crisis team
  2. Contact the insurance company
  3. Restore phone communication systems
  4. Notify all affected people that recovery is underway
  5. Set up a help desk to assist affected people
  6. Document all actions taken
57
Q

Risks associated with information technologies can be minimized by:

A

Installing operating system updates regularly
Using antivirus and antispyware software
Using e-mail security features

58
Q

Comprehensive security system protects:

A

an organization’s resources, including information, computer, and network equipment

59
Q

Network security threats can be categorized by whether they are:

A

Unintential or Intentional

60
Q

Unintentional Network Security Threats:

A

Natural disasters, accidental deletion of data, and structural failures

61
Q

Intentional Network Security Threats:

A

Hacker attacks and attacks by disgruntled employees