Part 9

Question 0

There are several reasons it is difficult to defend against today’s attacks. These reasons include the fact that virtually all devices are connected to the _____, the speed of the ____, greater sophistication of attacks, the availability and ____ of attack tools, faster detection of ____ by attackers, delays in ____, weak patch distribution, distributed attacks coming from multiple sources, and user ____.

Answer 0

Internet
attacks
simplicity
vulnerabilities
patching
confusion

Question 1

No computer system is ____ or can be considered entirely secure.

Answer 1

immune from attacks

Question 2

Information security may be defined as that which protects the ( 3 items) of information on the devices that store, manipulate, and transmit the information through (3 items)

Answer 2

integrity, confidentiality, and availability

products, people, and procedures.

Question 3

A ___ is an event or action that represents a danger to information assets, which is something that has value.

Answer 3

threat

Question 4

A ____ is a person or element that has the power to carry out a threat, usually by exploiting a vulnerability, which is a flaw or weakness.

Answer 4

threat agent

Question 5

A ___ is the likelihood that a threat agent will exploit the vulnerability.

Answer 5

risk

Question 6

The main goals of ___ are to prevent data theft, thwart identify theft, avoid the legal consequences of not securing information, maintain productivity, and foil cyberterrorism.

Answer 6

information security

Question 7

____ do their work by downloading automated attack software from Web sites and then using it to break into computers.

Answer 7

Script kiddies

Question 8

A ____ is a person who has been hired to break into a computer and steal information.

Answer 8

computer spy

Question 9

One of the largest information security threats to a business actually comes from its ____.

Answer 9

employees

Question 10

A new breed of computer attackers is known as ____, who are a loose-knit network of attackers, identity thieves, and financial fraudsters.

Answer 10

cybercriminals

Question 11

____ are motivated by their principles and beliefs, and turn their attacks to the network and computer infrastructure to cause panic among citizens.

Answer 11

Cyberterrorists

Question 12

There are a variety of types of attacks. Five general steps make up an attack:

Answer 12

probe for information, penetrate any defenses, modify security settings, circulate to other systems, and paralyze networks and devices.

Question 13

Although multiple defenses may be necessary to withstand the steps of an attack, these defenses should be based on five fundamental security principles:

Answer 13

layering, limiting, diversity, obscurity, and simplicity.

Question 14

The ability that provides tracking of events.

Answer 14

accounting

Question 15

An item that has value.

Answer 15

asset

Question 16

The act of ensuring that an individual or element is genuine.

Answer 16

authorization

Question 17

The steps that ensure that the individual is who they claim to be.

Answer 17

authentication

Question 18

Security actions that ensure that data is accessible to authorized users.

Answer 18

availability

Question 19

Security actions that ensure only authorized parties can view the information.

Answer 19

confidentiality

Question 20

Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information.

Answer 20

cybercrime

Question 21

A premeditated, politically motivated attack against information, computer
systems, computer programs, and data that results in violence.

Answer 21

cyberterrorism

Question 22

The act of taking advantage of a vulnerability.

Answer 22

exploiting

Question 23

A law that requires banks and financial institutions to

alert customers of their policies and practices in disclosing customer information.

Answer 23

Gramm-Leach-Bliley Act (GLBA)

Question 24

A law designed to guard protected health information and implement policies and procedures to safeguard it.

Answer 24

Health Insurance Portability and Accountability Act (HIPAA)

Question 25

Stealing another person’s personal information, such as a Social Security
number, and then using the information to impersonate the victim, generally for financial gain.

Answer 25

identity theft

Question 26

The tasks of securing information that is in a digital format.

Answer 26

information security

Question 27

Security actions that ensure that the information is correct and no unauthorized person or malicious software has altered the data.

Answer 27

integrity

Question 28

The likelihood that a threat agent will exploit the vulnerability.

Answer 28

risk

Question 29

A law designed to fight corporate corruption.

Answer 29

Sarbanes-Oxley Act (Sarbox)

Question 30

Individuals who want to break into computers to create damage, yet lack the advanced knowledge of computers and networks needed to do so.

Answer 30

script kiddies

Question 31

A person who has been hired to break into a computer and steal information

Answer 31

spy

Question 32

A type of action that has the potential to cause harm.

Answer 32

threat

Question 33

A person or element that has the power to carry out a threat.

Answer 33

threat agent

Question 34

A flaw or weakness that allows a threat agent to bypass security.

Answer 34

vulnerability