Free Essay

Chapter 2 Review Questions Principles of Information Security

In:

Submitted By sonofmork
Words 908
Pages 4
1. Information security is more of a management issue because it is up to management to decide what end users should have access to and what they should not. Also technology can only do what it is told to do but if management sets up training to teach end users about the threats of say opening an unknown email then the company is safer.
2. Without data an organization loses its record of transactions and/or its ability to deliver value to its customers. Page 42 Principles of Information Security
3. Both general and It management
4. It has created more and the reason why is it is much easier to spread viruses, worms, etc. now that the can get from system to system without having to attach to a physical disc.
5. Information extortion occurs when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. Page 60 Principles of Information Security. An example would be if someone would steal the latest album from a well-known artist before its release date and demanded to be paid or it would be released onto the internet.
6. Employees are one of the biggest threats for several reasons the can accidently allow someone access to the system by installing a back door or it is possible for them to become angry with the company and just hand out IP to rival companies. It is also possible that they could accidently delete valuable data from the system that has no backup.
7. Make sure nobody is looking over your shoulder when viewing valuable data also you can get a screen cover that only allows you to see the data on the screen if you are looking at it from straight ahead.
8. Because of television and movies hackers are normally perceived as heroes or heroines because they always crack a code that will “save the day” or reveals information to catching the bad guy. A modern hackers profile is Age 12-60 male or female unknown background with varying technological skill levels may be internal or external to an organization. Figure 2-6 page 53 Principles of Information Security
9. An expert hacker normally writes software and codes while a novice hacker uses the software to attack an organization. The protection against them is the same because most attacks are not done by expert hackers. If an expert hacker wants into your system it is very likely they will get in.
10. The most common malware are viruses worms and Trojan horses. The difference between a virus and a worm is that a virus needs a host file to replicate whereas a virus does not. A Trojan horse is a program that normally disguises itself as a helpful program and then releases either viruses or worms on to your system.
11. Polymorphism causes greater concern because the files are constantly changing things like file size to make it much harder to detect.
12. The most common IP breach is the unlawful use or duplication of software based intellectual property. Page 45 Principles of Information Security. Most organizations fight against it by using digital watermarks, embedded code, copyright codes, intentional placement of bad sectors, or an online registration process. Two agencies that fight against it are the SIIA and BSA.
13. Fire, Flood, Earthquake, lighting, land slide, tornado, hurricane etc. All major cities will have a certain force of nature that could affect their systems for example Miami would have to account for hurricanes while LA would worry more about earthquakes.
14. Antiquated or outdated infrastructure can lead to unreliable or untrustworthy systems. Page 64 Principles of Information Security. The IT professionals play the biggest role in making sure all technology is not outdated.
15. All IP has value for instance the company I work for remanufactures engines and we have certain specs to the way we do things if an attacker were to get ahold of those specs they could release them and then our competition would have our secrets.
16. Password Crack, brute force, dictionary attack. A system administrator can set up the system where passwords have to be complex which makes them harder to crack. For example the password unicorn is a lot easier to crack than Un1c0rn.
17. A DoS attacks a single target from a single attacker while a DDoS comes from several locations at the same time. A DDoS attack is much harder to defend against.
18. He/she would have to install a program or a device and they can be placed almost anywhere.
19. A big method used in social engineering to acquire a user name and password would be the help me. Give an employee a call and say hey I’m Paul I work in accounting and I can’t log onto the system because I have locked my account can I borrow your information for a minute so I can send the boss these important files. It would only vary if the administrator’s assistant had taken a course to learn about social engineering.
20. A buffer overflow or buffer over run is when more data is sent to a program than it is designed to handle. If the attack is on a web server everything that is sent after the server can handle comes out on the system which could be code that contains a virus.

Similar Documents

Premium Essay

Principles of Information Security Chapter 2 Review Questions

...implementing information security to protect the ability of the organization to function. They must set policy and operate the organization in a manner that complies with the laws that govern the use of technology. Technology alone cannot solve information security issues. Management must make policy choices and enforce those policies to protect the value of the organization’s data. 2. Data is important to an organization because without it an organization will lose its record of transactions and/or its ability to furnish valuable deliverables to its customers. Other assets that require protection include the ability of the organization to function, the safe operation of applications, and technology assets. 3. Both general management and IT management are responsible for implementing information security. 4. The implementation of networking technology has created more risk for businesses that use information technology because business networks are now connected to the internet and other networks external to the organization. This has made it easier for people to gain unauthorized access to the organization’s networks. 5. Information extortion is when an attacker steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. One example could be someone that gains access to PII such as SSN’s through a company’s database and ransoms the information for money. If not paid, he could sell the information on the black...

Words: 1112 - Pages: 5

Premium Essay

College

...Principles of Information Security Chapter 3 Review In: Computers and Technology Principles of Information Security Chapter 3 Review Chapter 3 Review 1. What is the difference between law and ethics? The difference between law and ethics is that law is a set of rules and regulations that are universal and should be accepted and followed by society and organizations. Ethics on the other hand was derived from the latin word mores and Greek word Ethos means the beliefs and customs that help shape the character of individuals and how people interact with one another 2. What is civil law, and what does it accomplish? A wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organisational and entities and people. 3. What are the primary examples of public law? Criminal, administrative and constitutional law. 4. Which law amended the Computer Fraud and Abuse Act of 1986, and what did it change? The National Information Infrastructure Protection of 1996 amended the Computer Fraud and Abuse Act of 1986. It modified several sections of the CFA Act, and increased the penalties for selected crime. 5. Which law was specifically created to deal with encryption policy in the United States? The Security and Freedom through Encryption Act of 1999. 6. What is privacy in an information security context? Privacy is not absolute freedom from observation, but rather it is a more precise “State of being free from...

Words: 550 - Pages: 3

Premium Essay

Hello Hello

...Principles of Information security textbook problems Chapter ... www.cram.com/.../principles-of-information-security-textbook-problems... Study Flashcards On Principles of Information security textbook problems Chapter 1 & 2 at ... What is the difference between a threat and a threat agent? A threat ... 01_Solutions - Principles of Information Security, 4 th Edition ... www.coursehero.com › ... › ISIT › ISIT 201 Unformatted text preview: Principles of Information Security, 4 th Edition Chapter 1 Review Questions 1. What is the difference between a threat agent and a ... Chapter 1-Introduction to Information Security Principles of ... www.termpaperwarehouse.com › Computers and Technology Jun 16, 2014 - Chapter 1-Introduction to Information Security: 1. What is the difference between a threat and a threat agent? A threat is a constant danger to an ... Category:Threat Agent - OWASP https://www.owasp.org/index.php/Category:Threat_Agent May 15, 2012 - The term Threat Agent is used to indicate an individual or group that can ... Organized Crime and Criminals: Criminals target information that is of value ... Threat Risk Modeling is an activity to understand the security in an application. ... NET Project · Principles · Technologies · Threat Agents · Vulnerabilities ... Threat (computer) - Wikipedia, the free encyclopedia https://en.wikipedia.org/wiki/Threat_(computer) A more comprehensive definition, tied to an Information assurance point of view, can be found ... National...

Words: 598 - Pages: 3

Premium Essay

Acct 424b

...Chapter 1 The Role of the Public Accountant True/False Questions 1. Independent audits of today place more emphasis on sampling for compliance with laws and regulations than the audits of the 19th century. Answer: True Difficulty: Medium 2. The American Institute of Certified Public Accountants issues CPA certificates and permits CPAs to practice. Answer: False Difficulty: Medium 3. A company is either audited by the GAO or internal auditors, but not both. Answer: False Difficulty: Easy 4. The SEC does not pass on the merits of the securities that are registered with the agency. Answer: True Difficulty: Medium 5. The American Institute of Certified Public Accountants has the primary authority to establish accounting standards. Answer: False Difficulty: Easy 6. An annual peer review is a requirement of the AICPA. Answer: False Difficulty: Medium 7. Many small companies elect to have their financial statements reviewed by a CPA firm, rather than incur the cost of an audit. Answer: True Difficulty: Easy 8. Staff assistants in CPA firms generally are responsible for planning and coordinating audit engagements. Answer: False Difficulty: Easy Whittington, Principles of Auditing, Fifteenth Edition 1 Chapter 1 The Role of the Public Accountant 9. The Sarbanes-Oxley Act requires that auditors of publicly traded companies in the United States perform an integrated audit that includes providing assurance on both the financial statements and on compliance with laws and regulations...

Words: 2367 - Pages: 10

Premium Essay

Intermediate Financial Accounting Chapter 1 Solution

...Chapter 1 Environment and Theoretical Structure of Financial Accounting AACSB assurance of learning standards in accounting and business education require documentation of outcomes assessment. Although schools, departments, and faculty may approach assessment and its documentation differently, one approach is to provide specific questions on exams that become the basis for assessment. To aid faculty in this endeavor, we have labeled each question, exercise and problem in Intermediate Accounting, 7e with the following AACSB learning skills: Questions 1–1 1–2 1–3 1–4 1–5 1–6 1–7 1–8 1–9 1–10 1–11 1–12 1–13 1–14 1–15 1–16 1–17 1–18 1–19 1–20 1–21 1–22 1–23 1–24 1–25 1–26 1–27 1–28 1–29 AACSB Tags Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking Reflective thinking 1–30 1–31 1–32 Reflective thinking Reflective thinking Reflective thinking Brief Exercises 1–1 1–2 1–3 1–4 1–5 1–6 AACSB Tags Analytic Reflective thinking Reflective thinking Reflective thinking...

Words: 7572 - Pages: 31

Premium Essay

Principle of Finance

...Principles of Managerial Finance The Prentice Hall Series in Finance Adelman/Marks Entrepreneurial Finance Andersen Global Derivatives: A Strategic Risk Management Perspective Bekaert/Hodrick International Financial Management Berk/DeMarzo Corporate Finance* Berk/DeMarzo Corporate Finance: The Core* Berk/DeMarzo/Harford Fundamentals of Corporate Finance* Boakes Reading and Understanding the Financial Times Brooks Financial Management: Core Concepts* Copeland/Weston/Shastri Financial Theory and Corporate Policy Dorfman/Cather Introduction to Risk Management and Insurance Eiteman/Stonehill/Moffett Multinational Business Finance Fabozzi Bond Markets: Analysis and Strategies Fabozzi/Modigliani Capital Markets: Institutions and Instruments Fabozzi/Modigliani/Jones/Ferri Foundations of Financial Markets and Institutions Finkler Financial Management for Public, Health, and Not-for-Profit Organizations Frasca Personal Finance Gitman/Joehnk/Smart Fundamentals of Investing* Gitman/Zutter Principles of Managerial Finance* * denotes Gitman/Zutter Principles of Managerial Finance— Brief Edition* Goldsmith Consumer Economics: Issues and Behaviors Haugen The Inefficient Stock Market: What Pays Off and Why Haugen The New Finance: Overreaction, Complexity, and Uniqueness Holden Excel Modeling and Estimation in Corporate Finance Holden Excel Modeling and Estimation in Investments Hughes/MacDonald International Banking:...

Words: 4858 - Pages: 20

Premium Essay

Drew

...solution for solving specific business problems. Common project management processes are applied to identify deliverables and outcomes of the project. MAJOR INSTRUCTIONAL AREAS 1. Project Management Techniques 2. A Fundamental Review of the Basics of Electronics in the AASNSA Program 3. Capstone Project 4. Research of Current and Emerging Technology COURSE OBJECTIVES 1. Apply important concepts of project management to the actual capstone project proposed for this course. 2. Use Microsoft Office Project to help plan and manage the actual capstone project. 3. Analyze the requirements for the capstone project. 4. Integrate and apply the knowledge acquired in the program to provide effective technological solutions for given problems. 5. Work in teams on a large-scope project. 6. Document solutions to a problem in detail by applying critical thinking and problem solving skills. 7. Present and defend a proposal or implementation in spoken, written, and panel formats in a professional manner. 8. Complete a comprehensive skills assessment for the program of study. LEARNING OUTCOMES 1. Apply important concepts of project management to the actual capstone project proposed for this course. 2....

Words: 7871 - Pages: 32

Premium Essay

Principles of Managerial Finance

...Principles of Managerial Finance The Prentice Hall Series in Finance Adelman/Marks Entrepreneurial Finance Andersen Global Derivatives: A Strategic Risk Management Perspective Bekaert/Hodrick International Financial Management Berk/DeMarzo Corporate Finance* Berk/DeMarzo Corporate Finance: The Core* Berk/DeMarzo/Harford Fundamentals of Corporate Finance* Boakes Reading and Understanding the Financial Times Brooks Financial Management: Core Concepts* Copeland/Weston/Shastri Financial Theory and Corporate Policy Dorfman/Cather Introduction to Risk Management and Insurance Eiteman/Stonehill/Moffett Multinational Business Finance Fabozzi Bond Markets: Analysis and Strategies Fabozzi/Modigliani Capital Markets: Institutions and Instruments Fabozzi/Modigliani/Jones/Ferri Foundations of Financial Markets and Institutions Finkler Financial Management for Public, Health, and Not-for-Profit Organizations Frasca Personal Finance Gitman/Joehnk/Smart Fundamentals of Investing* Gitman/Zutter Principles of Managerial Finance* * denotes Gitman/Zutter Principles of Managerial Finance— Brief Edition* Goldsmith Consumer Economics: Issues and Behaviors Haugen The Inefficient Stock Market: What Pays Off and Why Haugen The New Finance: Overreaction, Complexity, and Uniqueness Holden Excel Modeling and Estimation in Corporate Finance Holden Excel Modeling and Estimation in Investments Hughes/MacDonald International Banking:...

Words: 4858 - Pages: 20

Premium Essay

Management Information Systems

...MIIZ04, ME001-S : Analysis and Design of Management Information System by Dr. Eric C.C. Tsang (曾祥財 曾祥財) 曾祥財 FIT, MUST 1 Chapter 4 Ethical and Social Issues in Information Systems 2 Management Information Systems Chapter 4 Ethical and Social Issues in Information Systems LEARNING OBJECTIVES • Identify the ethical, social, and political issues that are raised by information systems. • Identify the principles for conduct that can be used to guide ethical decisions. • Evaluate the impact of contemporary information systems and the Internet on the protection of individual privacy and intellectual property. • Assess how information systems have affected everyday life. 3 Management Information Systems Chapter 4 Ethical and Social Issues in Information Systems Is Your Student Loan Data on Loan? • Problem: Insufficient privacy protections for sensitive data related to student loans. • Solutions: Improve system security and protect student information to restore confidence in the system. • Revoke over 52,000 user IDs suspected of misusing access to students’ private information. • Demonstrates IT’s role in providing quick and convenient access to data. • Illustrates how the very same technology has the potential to threaten privacy and cause more harm than good. 4 Management Information Systems Chapter 4 Ethical and Social Issues in Information Systems Understanding Ethical and Social Issues Related to Systems • Past five years: One of the...

Words: 2655 - Pages: 11

Premium Essay

Acc Chpt 1 Guide

...CHAPTER 1 Auditing and Assurance Services LEARNING OBJECTIVES | | |Exercises and | | | |Problems | | |Review Checkpoints | | | | | | |Define information risk and explain how auditing and assurance services play|1, 2, 3 |48, 50 | |a role in reducing this business risk. | | | | | | | |Define and contrast accounting, auditing, and assurance services. |4, 5, 6, 7, 8 |47 | | | | | |Describe and define the management assertions embodied in financial |9, 10, 11 |52, 54 | |statements, and why auditors use them as a focal point of the audit. ...

Words: 4570 - Pages: 19

Premium Essay

Assign

...Color profile: Disabled Composite Default screen BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Wm. Arthur Conklin / 619-8 / Chapter 2 2 General Security Concepts “The only real security that a man can have in this world is a reserve of knowledge, experience and ability.” —HENRY FORD In this chapter, you will learn how to ■ Define basic terms associated with computer and information security ■ Identify the basic approaches to computer and information security ■ Distinguish among various methods to implement access controls ■ Describe methods used to verify the identity and authenticity of an individual ■ Describe methods used to conduct social engineering ■ Recognize some of the basic models used to implement security in operating systems 20 P:\010Comp\BaseTech\619-8\ch02.vp Wednesday, November 09, 2011 2:01:20 PM I n Chapter 1, you learned about some of the various threats that we, as security professionals, face on a daily basis. In this chapter, you start exploring the field of computer security. Color profile: Disabled Composite Default screen BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Wm. Arthur Conklin / 619-8 / Chapter 2 ■ Basic Security Terminology The term hacking has been used frequently in the media. A hacker was once considered an individual who understood the technical aspects of computer operating systems...

Words: 16889 - Pages: 68

Premium Essay

Tutorial Program

...Australian School of Business School of Taxation and Business Law LEGT 2741 BUSINESS ENTITIES TUTORIAL GUIDE SESSION ONE 2012 1 LEGT 2741 BUSINESS ENTITIES Tutorial Guide TUTORIALS PURPOSE The purpose of the questions in the tutorial guide is to help interpret and apply the lecture material. Additionally, the tutorial problems and questions also allow you to practice for the final exam which will consist of similar questions. Note: there will be no answers given out to the tutorial questions or past exam papers in class or posted to Blackboard. The purpose of the questions is to allow you to apply the course material and gauge your own level of competence. Simply giving you the suggested answers will defeat this purpose. It is your responsibility to attend tutorials prepared so that you can gauge your own level of competence and are able to contribute to class discussion. However, if you are uncertain and wish to explore a topic further or test your understanding of past exam questions, please do not hesitate to consult with your tutor or lecturer. The purpose of this tutorial guide is also to allow students to develop the skills (both verbal and written) necessary to analyse problems which may arise in practice. The guide is designed to allow each student to reach the goal of being able to apply theory, knowledge and problem solving technique to fact situations that may arise in company law. It is essential that students learn to select the important issues...

Words: 9850 - Pages: 40

Premium Essay

Test Paper

...CompTIA Security+: Get Certified Get Ahead SY0-401 Study Guide Darril Gibson Dedication To my wife, who even after 22 years of marriage continues to remind me how wonderful life can be if you’re in a loving relationship. Thanks for sharing your life with me. Acknowledgments Books of this size and depth can’t be done by a single person, and I’m grateful for the many people who helped me put this book together. First, thanks to my wife. She has provided me immeasurable support throughout this project. The technical editor, Steve Johnson, provided some good feedback throughout the project. If you have the paperback copy of the book in your hand, you’re enjoying some excellent composite editing work done by Susan Veach. I’m extremely grateful for all the effort Karen Annett put into this project. She’s an awesome copy editor and proofer and the book is tremendously better due to all the work she’s put into it. While I certainly appreciate all the feedback everyone gave me, I want to stress that any technical errors that may have snuck into this book are entirely my fault and no reflection on anyone who helped. I always strive to identify and remove every error, but they still seem to sneak in. About the Author Darril Gibson is the CEO of YCDA, LLC (short for You Can Do Anything). He has contributed to more than 35 books as the sole author, a coauthor, or a technical editor. Darril regularly writes, consults, and teaches on a wide variety of technical...

Words: 125224 - Pages: 501

Premium Essay

Dfhdfh

... |[pic]www.csudh.edu | | |[pic] | |[pic] |College of Natural and Behavioral Sciences | | |Department of Computer Science | | |http://csc.csudh.edu | |Course Title: |Communication Systems Security | |Course Number: |CTC 362 | |Instructor Name: | Mehrdad S. sharbaf, ph.d. msharbaf@csudh.edu, Office: tba, phone: tba, office Hours: tba | |Date: |Spring Semester, 2016 | |Course Length: |_15_ Weeks | |Web Companion |N/A ...

Words: 1433 - Pages: 6

Premium Essay

Ksyllab

...office hours and I have provided an “important telephone” number. If you would like to meet with me, let me know and we will arrange a mutually satisfactory time. For some students, telephone “meetings” are easier. To this end, you may call me at reasonable hours (i.e., before 10:00 p.m.). NOTE: It is the student’s responsibility to read, understand and abide by all of the course information and policies listed below. Failure to do so could result in you failing this course or being withdrawn from this course by your instructor, School of Business Dean’s Office or by the Graduate Studies Department. The course syllabus provides a general plan for the course; deviations may be necessary. COURSE PREREQUISITE: All MBA Foundations classes must be completed or waived before enrollment in FIN 611. REQUIRED MATERIALS: 1. Textbook – Corporate Finance: The Core, by J. Berk and P. DeMarzo, published by Prentice Hall, ISBN (10‐digit) 0132153688. Available in loose leaf (3‐ring) format in the U Tampa bookstore. Textbook are also available as an e‐book from coursesmart: 1 Revised 08/21/2012 2. Cases and readings: available from www.study.net – available by 8/27/12 3. Additional files and readings will be distributed via Blackboard 4. Calculator - A financial calculator is required for this class. A Hewlett Packard 10B or a Texas Instruments BAII+ is ideal. Other brands/models may also suffice. Bring your calculator to class every day. Be sure you know how to use it...

Words: 2490 - Pages: 10