Part 1

Question 0

Maintaining a strong security posture can take advantage of numerous benefits namely:

Reduction in ______ being paid.

Answer 0

Insurance premiums

Question 1

Building a Secure Organization

Building a secure organization is important to long- term success:

Maintaining a strong ______can take advantage of numerous benefits

Answer 1

Security posture

Question 2

Maintaining a strong security posture can take advantage of numerous benefits namely:

Use its security program as a ____

Answer 2

marketing tool

Question 3

Maintaining a strong security posture can take advantage of numerous benefits

You will not have to spend time and money identifying _____

Answer 3

security breaches

Question 4

_____can cost an organization sig- nificantly through a tarnished reputation, lost business, and legal fees.

Answer 4

Security breaches

Question 5

HIPAA

Answer 5

Health Insurance Portability and Accountability Act (HIPAA)

Question 6

GLBA

Answer 6

Gramm-Leach-Bliley Act (GLBA)

Question 7

Name three regulations that require businesses to maintain the security of information.

Answer 7

Health Insurance Portability and Accountability Act (HIPAA)

Gramm-Leach-Bliley Act (GLBA)

Sarbanes-Oxley Act,

Question 8

OBSTACLES TO SECURITY

In attempting to build a secure organization, we should take a close look at the obstacles that make it challenging to build a totally secure organization.

Security Is _____

Answer 8

Inconvenient

Question 9

Security, by its very nature, is inconvenient, and the more _______, the more inconvenient the process becomes.

Answer 9

robust the security mechanisms

Question 10

Employees in an organization have a job to do; _________

Answer 10

they want to get to work right away

Question 11

Most security mechanisms, from passwords to multifactor authentication, are seen as ____

Answer 11

roadblocks to productivity

Examples:

# whole disk encryption to laptop
# second login step
# lost productivity

Question 12

To gain a full appreciation of the frustration caused by security measures security lines at any ____

Answer 12

airport

Question 13

Security implementations are based on a _____;

Answer 13

Sliding scale

Question 14

Security implementations are based on a sliding scale; one end of the scale is ____ , the other is _______.

Answer 14

total security and total inconvenience

And

total insecurity and complete ease of use

Question 15

When we implement any security mechanism, it should be placed on the scale where the _______ match the ________ for the organization.

Answer 15

level of security and ease of use

acceptable level of risk

Question 16

Computers Are Powerful and Complex

Most people are unfamiliar with the _____ and what goes on “behind the scenes.”

Answer 16

way computers truly function

Things such as the Windows Registry, ports, and services are completely unknown to most users and poorly understood by many computer industry professionals.

Question 17

For example, many indi- viduals still believe that a Windows login password pro- tects data on a computer. On the contrary—

Answer 17

someone can simply take the hard drive out of the computer, install it as a slave drive in another computer, or place it in a USB drive enclosure, and all the data will be readily accessible.

Question 18

Computers Are ____

Computer Users Are ____

Answer 18

Powerful and Complex

Unsophisticated

Question 19

Computer Users Are Unsophisticated

Many computer users believe that because they are skilled at generating spreadsheets, word processing documents, and presentations, they “know everything about comput- ers.” These “_____” have moved beyond application basics, but many still do not understand even basic security concepts.

Answer 19

power users

Question 20

Many users will indiscriminately ____ and visit _______despite the fact that these actions could violate company policies.

Answer 20

install software and questionable Web sites

Question 21

The “bad guys”— people who want to steal information from or wreak havoc on computers systems—have also identified that the aver- age user is a ____.

Answer 21

weak link in the security chain

Question 22

As companies began investing more money in perimeter defenses, attackers look to _____

Answer 22

the path of least resistance.

Question 23

They send malware as attachments to email, ____

Answer 23

asking recipients to open the attachment.

Question 24

Despite being told not to open attachments from unknown senders or simply not to open attachments at all, _____. The “I Love You Virus” spread very rapidly in this manner.

Answer 24

employees consistently violate this policy, wreaking havoc on their networks

Question 25

Computers Created ____

Answer 25

Without a Thought to Security

Question 26

Computers Created Without a Thought to Security

During the development of personal computers (PCs), _________ They were developed almost as curiosities.

Answer 26

no thought was put into security.

Question 27

Even as they became more advanced and complex, all effort was focused on developing greater sophistication and capabilities; _____

Answer 27

no one thought they would have security issues.

Question 28

_____ was not an issue back then

Answer 28

Security

Question 29

The develop-ment of computers was focused on _____

Answer 29

what they could do, not how they could be attacked.

Question 30

As computers began to be interconnected, the driving force was ____

Answer 30

providing the ability to share information, cer- tainly not to protect it.

Question 31

Current Trend Is to Share, ____

Answer 31

Not Protect

Question 32

Even now, despite the stories of compromised data, people still want to share their data with everyone. And _____ are making this easier to do than simply attaching a file to an email.

Answer 32

Web-based applications

Question 33

_____ sites pro- vide the ability to share files

Answer 33

Social networking

Question 34

These sites can allow proprietary data to leave an organization by ____.

Answer 34

bypassing security mechanisms