MIS Test 3 (Chapter 7)

Question 1

Is the internet vulnerable?

Answer 1

The Internet is more vulnerable than internal networks because it is virtually open to anyone, making the organization’s information systems more vulnerable to actions from outsiders.

Question 2

Are wireless networks vulnerable?

Answer 2

Vulnerable to penetration because radio frequency bands are easy to scan (e.g., war driving)

Question 3

What is Malware?

Answer 3

malicious software programs including:

• virus
• Worm
• trojan horse

Question 4

What is a virus?

Answer 4

A software program that attaches itself to other software programs or data files in order to be executed, often causing hardware and software malfunctions

Question 5

What is a worm?

Answer 5

Independent software programs that propagate themselves to disrupt the operation of computer networks or destroy data and other programs

Question 6

What is a trojan horse?

Answer 6

A software program that appears legitimate but contains a second hidden function that may cause damage.

Question 7

What is a computer crime?

Answer 7

“any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution.”

Question 8

What is a hacker?

Answer 8

An individual who intends to gain unauthorized access to a computer system.

Question 9

What is click fraud?

Answer 9

Occurs when an individual or computer program fraudulently clicks on an online ad without any intention of learning more about the advertiser or making a purchase.

Question 10

What is cyberterrorism?

Answer 10

The use of computer and networking technologies against persons or property to intimidate or coerce governments, civilians, or any segment of society in order to attain political, religious, or ideological goals.

Question 11

What is a cyberwar?

Answer 11

An organized attempt by a country’s military to disrupt or destroy the information and communications systems of another country.

Question 12

What is the health insurance probability and accountability act (HIPAA) of 1996?

Answer 12

outlines medical security and privacy rules and procedures

Question 13

What is the gramm-leach-billey act of 1999?

Answer 13

requires financial institutions to ensure the security and confidentiality of customer data

Question 14

What is the sarbanes-oxley act of 2002?

Answer 14

imposes responsibility on companies and their management to safeguard the accuracy and integrity of financial information that is used internally and released externally.

Question 15

What is the security policy?

Answer 15

• Outlines how the company is going to protect its assets.
• Consists of statements ranking information risks, identifying acceptable security goals, and identifying the mechanisms for achieving those goals.

Question 16

What is the acceptable use policy?

Answer 16

• Defines acceptable use of the firm’s information resources and computing equipment as well as the consequences for noncompliance
• Should clarify company policy regarding privacy, user responsibility, and personal use of company equipment and networks

Question 17

What is authentication?

Answer 17

• The ability of each party in a transaction to ascertain the identity of the other party
• Often established using passwords, but this is problematic
• New authentication technologies:
• ——-Token
• ——-Smart Card
• ——Biometrics

Question 18

What is a token?

Answer 18

a physical device, usually small enough to fit on a key ring, designed to prove the identity of a single user

Question 19

What is a smart card?

Answer 19

a device about the size of a credit card that contains a chip formatted with access permission and other data

Question 20

What is biometric authentication?

Answer 20

based on the measurement of a physical or behavioral trait that makes each individual unique

Question 21

What is a firewall?

Answer 21

A combination of hardware and software that acts as a gatekeeper and prevents unauthorized users from accessing private networks.

Question 22

What are intrusion detection systems?

Answer 22

feature full-time monitoring tools placed at the most vulnerable points, or “hot spots”, of corporate networks to protect against suspicious network traffic and attempts to access files and databases

Question 23

What is antivirus software?

Answer 23

software designed to detect, and often eliminate, malware from an information system.

Question 24

What is encryption?

Answer 24

The process of encoding messages before they enter the network or airwaves, and then decoding at the receiving end

Question 25

What is symmetric key encryption?

Answer 25

- Also known as secret key encryption - Both the sender and receiver use the same digital key to encrypt and decrypt message - Requires a different set of keys for each entity with whom communication takes place - Assumes the medium over which the key is shared is secure

Question 26

What is public key encryption?

Answer 26

- Solves symmetric key encryption problem of having to exchange secret key - Uses two mathematically related digital keys – public key (widely disseminated) and private key (kept secret by owner) - Once key used to encrypt message, same key cannot be used to decrypt message - For example, sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt it

Question 27

What are two methods for encrypting network traffic on the web?

Answer 27

- Secure Sockets Layer (SSL) and successor Transport Layer Security (TLS) - Secure Hypertext Transfer Protocol (S-HTTP)

Question 28

What is Secure Sockets Layer (SSL) and successor Transport Layer Security (TLS)?

Answer 28

Works by using public key encryption to create a secure connection between a client and  a server thereby enabling any amount of data to be sent securely.

Question 29

What is Secure Hypertext Transfer Protocol (S-HTTP)?

Answer 29

Allows messages to be encapsulated in various ways, which may include encryption or the use of digital certificates. Differs from SSL in that it is designed only to transmit individual messages securely.