Free Essay

Chapter 2 Review Questions

In:

Submitted By
Words 1152
Pages 5
Chapter 2 Review Questions 1. Why is information security a management problem? What can management do that technology cannot?
Managing information security has more to do with policy and enforcement rather than technology. Management must address information security in terms of business impact and the cost.

2. Why is data the most important asset an organization possesses? What other assets in the organization require protect?
Data in an organization represents its transaction records and its ability to deliver to its customer. Without this the organization would not be able to carry out day to day work.

3. Which management groups are responsible for implementing information security to protect the organization’s ability to function?
Both management and IT management are responsible for implementing security to protect an organizations ability to function.

4. Has the implementation of networking technology created more or less risk for businesses that use information technology? Why?
Networking is usually considered to have created more risk for businesses that use information security. The reason is that potential attackers have reader access to the information system.

5. What is information extortion? Describe how such an attack can cause losses, using an example not found in the text
Information extortion is the act of an attacker or trusted insider who steals information from a computer system and demand compensation for its return or for an agreement not to disclose the information. For example the hacking group Rex Mundi went on a public blitz, claiming it had managed to steal customer records for 650,000 European Domino's Pizza customers. The group said it stole the records from the pizza chain's website, which had used only an MD5 hash to encrypt the data. Rex Mundi threatened to release those records if the company didn't pay it a ransom of €30,000 ($40,800) by Monday of last week.

6. Why are employees one of the greatest threats to information security?
Employee mistakes can easily lead to the following, classified data, accidental deletion, or modification of data, storage of data in unprotected areas and failure to protect information.

7. How can you protect against shoulder surfing?
Some ways an individual can protect against shoulder surfing is to shield your computer when typing personal information, be aware of your surroundings.

8. How has the perception of the hacker changed over recent years? What is the profile of a hacker today?
Hackers can spend long hour examining type and structures of the targeted system. The profile of a hacker today is aged 12 to 60, male or female, unknown background with varying technical skill level.

9. What is the difference of a skilled hacker and an unskilled hacker, other than skills level? How does the protection against each differ?
Skilled hackers are those who develop software scripts and programs. Unskilled hackers have limited skills who use expertly written software to attack a system. As a result of preparation and continued vigilance, attacks by scripts are usually predictable and can be adequately defended against.

10. What are the various types of malware? How do worms differ from viruses? Do Trojan horses carry viruses or worms?
Types of malware are viruses, worm, Trojan horses, DOS attacks, logic bombs and back door. Worms differ from viruses because they do not require a host file to replicate. A worm will usually utilize flaws in a network. Trojan horses carry viruses.

11. Why does polymorphism cause greater concern that traditional malware? How does it affect detection?
Polymorphism causes greater concern the traditional malware because it changes it appears to anti-virus software programs making it undetectable. It affects detection because they change their size and the external file characteristics so they are not detected by anti-virus programs.

12. What is the most common violation of intellectual property? How does an organization protect against it? What agencies fight it?
The most common violation of intellectual property is the unlawful use or duplication pf software. Organizations protect against this with the use of copyright and license agreement that everyone must agree before they can use the purchased software.

13. What are the various forces of nature? Which type might be of greatest concern to an organization in Las Vegas? Jakarta? Oklahoma City? Amsterdam? Miami? Tokyo?
The various forces of nature are fire, floods, lightning, tornadoes, earthquakes, hurricanes.
Concerns in Las Vegas is earthquakes, Miami is flood, Oklahoma City is tornadoes, and LA is earthquake and lightning.

14. How is technological obsolescence a threat to information security? How can an organization protect against it?
Technological obsolescence is a threat to information technology because of outdated technology. Organizations can protected by keeping technology up to date.

15. Does the intellectual property owned by an organization usually have value? If so, how can attackers threaten that value?
Yes, many organizations create or support the development of intellectual property as a part of their business operations. Intellectual property losses may result from the successful exploitation of vulnerabilities in asset protection controls.

16. What are the types of password attacks? What can a systems administrator do to protect against them?
The types of password attacks are brute force, cracking, and dictionary and rainbow table. Using best practice polices like the 10.3 password rule and systems that allow case-sensitive passwords.

17. What is the difference between a denial-of-service attack and a distributed denial-of-service attack? Which is more dangerous? Why?
The difference is denial-of-service attack is a hacker compromises a system uses that system to attack the target computer. Distributed denial-of-service attacks dozen or even hundreds of computers. The distributed denial-of-service (DDoS) is more dangerous because they are difficult to defend against and currently there are no controls that any single organization can apply.

18. For a sniffer attack to succeed, what must the attacker do? How can an attacker gain access to a network to use the sniffer system?
The attacker must first gain access to a network to install the sniffer. This is done by using social engineering to get into the building to plant a physical sniffer device.

19. What methods does a social engineering hacker use to gain information about a user’s login D and password? How would this method differ if it targeted an administrator’s assistant versus a data-entry clerk?
Methods of how a social engineering hacker use to gain information is posing as an organization’s IT professional to gain access to systems by contacting low-level employees. Posing as a friendly help-desk or repair technician, asks for their username and password.

20. What is a buffer overflow, and how is it used against a Web server?
A buffer overflow is an application error that occurs when more data is sent to a program buffer than it is designed to handle. On the webserver the attacker runs a executable code to manipulate files directly or creating backdoor for later use.

Similar Documents

Premium Essay

Chapter 2 Review Questions

...Chapter 1 PLD Review questions Multiple choice 1. A program is a set of instructions that a computer follows to perform a task. 2. The physical devices that a computer is made of are referred to as Hardware. 3. The part of a computer that runs programs is called the CPU. 4. Today, CPUS are small chips known as Microprocessors. 5. The computer stores a program while the program is running, as well as the data that the program is working with, in Main memory. 6. This is a volatile type of memory that is used only for temporary storage while a program is running. A. RAM 7. A type of memory that can hold data for long periods of time—even when there is no power to the computer—is called Secondary storage. 8. A component that collects data from people or other devices and sends it to the computer is called an input device. 9. A video display is a(n)output device. 10. A byte is enough memory to store a letter of the alphabet or a small number. 11. A byte is made up of eight bits. 12. In a binary numbering system, all numeric values are written as sequences of 0s and 1s. 13. A bit that is turned off represents the following value: 0 14. A set of 128 numeric codes that represent the English letters, various punctuation marks, and other characters is ASCII. 15. An extensive encoding scheme that can represent the characters of many of the languages in the world is Unicode. 16. Negative numbers...

Words: 727 - Pages: 3

Premium Essay

Chapter 2 Review Question

...Applications in Info Security Chapter 4 Review Questions: 1)It might depend on the risk, although all risks should be addressed. The conditions that an organization might have is if they don't have a risk management plan or if they don't have the money to identify and mitigate the risk 2) 3)Alignment is important because it can align organizational goals with ICT works. The benefits to an organization as a whole is that it can align security processes with business goals. 4)Evaluation is important because it can determine if your team is achieving the objectives and this is usually done through gathering data and then analyzing it. Organizations benefit by collecting quantitative data because it can be used to evaluate the options and implications of a decision. 5)A contract is an agreement between a customer and a supplier, while the RFP is technically a bid solicitation. 6)Typically a subcontractor role is to perform specific tasks given by a general contractor. They can be controlled by the supplier to follow the right procedures that are given in the contract. 7)The problem resolution is important because it involves two parties in agreeing that all problems are identified, analyzed, managed, and controlled to resolution. 8)There are two types of reviews: Formal Reviews Informal Reviews In a formal review, the ICT is presented to a team or to an individual before the actual review. In the other hand the informal review allows the producer to control...

Words: 334 - Pages: 2

Premium Essay

Chapter 2 Review Question

...chapter 2 1. Why is information security a management problem? What can management do that Technology cannot? Management is an information problem due to the fact that policymaking and training of securing systems from users fall into the responsibility of their role. These responsibilities can include limiting access as well as disabling certain functions that are not related to the organizations’ function. Management can set policies that may arise due to improper uses or manipulations of systems and asses the threats that are unknown due to the introduction of new hardware and software. 2. Why is data the most important asset an organization possesses? What other assets in the organization require protection? The integrity of the data is most important because it relates to the overall company operations. Securing the data from people not authorized to see or change it ensures that the correct information about the company is being generated without interference or manipulations of data. Other important assets that requires protection are the computer terminals, networking infrastructure, which need to be protected from misuse from internal and external threats whether intentional or not. 3. Which management groups are responsible for implementing information security to protect the organization’s ability to function? The responsibility relies on several management groups such as CIO, who is responsible for the overall protection of system, but the CEO...

Words: 1762 - Pages: 8

Premium Essay

Chapter 2 Review Questions

...1. Both general management and IT management are responsible for implementing information security that protects the organization's ability to function. Management is responsible for implementing information security to protect the ability of the organization to function. They must set policy and operate the organization in a manner that complies with the laws that govern the use of technology. Technology alone cannot solve information security issues. Management must make policy choices and enforce those policies to protect the value of the organizations data. 2. Data is important to an organization because without it an organization will lose its record of transactions and/or its ability to furnish valuable deliverables to its customers. Other assets that require protection include the ability of the organization to function, the safe operation of applications, and technology assets. 3. Both general management and IT management are responsible for implementing information security. 4. The implementation of networking technology has created more risk for businesses that use information technology because business networks are now connected to the internet and other networks external to the organization. This has made it easier for people to gain unauthorized access to the organization’s networks. 5. Information extortion occurs when an attacker steals information from a computer system and demands compensation for its return or for an agreement not to disclose...

Words: 1114 - Pages: 5

Premium Essay

Chapter 2 Review Questions Solutions

...Chapter 2 Review Questions Solutions 1. Describe and compare the six sources of software. The six sources of software identified in the textbook are: (1) information technology services firms, (2) packaged software providers, (3) vendors of enterprise solution software, (4) application service providers and managed service providers, (5) open-source software, and (6) in-house development. IT services firms help companies develop custom information systems for internal use; they develop, host, and run applications for customers; or they provide other services. An IT services firm may be chosen if the system can’t be developed internally or requires customer support. Packaged software providers are companies that produce software exclusively, like Microsoft or Intuit, and are preferable if the task needing the system is generic. Vendors of enterprise solution software create a system that is composed of a series of integrated modules. Each module supports a business function, such as accounting, or human resources. ERP systems may be appropriate if a complete system is required that can cross functional boundaries. A more intense option for larger, more customizable solutions are Managed service providers who can provide more services than application service providers. ASPs and MSPs may be appropriate when instant access to an application is desired, and in the case of ASPs, when the task is generic. Open-source software is a type of software that is developed by...

Words: 897 - Pages: 4

Free Essay

Intro to Business Chapter 2 Review Questions

...to provide mortgage loans to, previously, undesirable borrowers. Now the demand for houses rose & so did the prices for the houses making these subprime loans attractive to lenders because of the high return. So the Banks & investment houses continued to invest in mortgage securities but the financial institutions did not maintain enough reserves in case the housing market crashed. Naturally, the housing market came crashing down leaving borrowers “upside down” in their loans & they were forced to foreclose. When this happened, the banks became unwilling to lend money so funds were not available for businesses. Without funds for everyday operations, businesses struggled causing layoffs & raising the unemployment rate. 2. What steps did the Federal government and the Federal Reserve take to mitigate the crisis? The Federal Reserve bailed out Bear Stearns & AIG. The U.S. Department of the Treasury seized Fannie Mae & Freddie Mac. Congress passes the economic bailout plan TARP which spent $700 billion investing in banks & bailing out the auto industry. Congress also passed an $825 billion economic stimulus package called the American Recovery & Reinvestment Act which included cutting taxes, building infrastructure, & investing in green energy. 3. Compare and contrast microeconomics and macroeconomics. How do the two approaches interrelate? Microeconomics is...

Words: 489 - Pages: 2

Premium Essay

Principles of Information Security Chapter 2 Review Questions

...cannot solve information security issues. Management must make policy choices and enforce those policies to protect the value of the organization’s data. 2. Data is important to an organization because without it an organization will lose its record of transactions and/or its ability to furnish valuable deliverables to its customers. Other assets that require protection include the ability of the organization to function, the safe operation of applications, and technology assets. 3. Both general management and IT management are responsible for implementing information security. 4. The implementation of networking technology has created more risk for businesses that use information technology because business networks are now connected to the internet and other networks external to the organization. This has made it easier for people to gain unauthorized access to the organization’s networks. 5. Information extortion is when an attacker steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. One example could be someone that gains access to PII such as SSN’s through a company’s database and ransoms the information for money. If not paid, he could sell the information on the black market. This not only harms the company monetarily, but also questions their information security practices and ultimately their trust. 6. Employees can be one of the greatest threats to information security because their mistakes...

Words: 1112 - Pages: 5

Premium Essay

Week 2 Chapter 3 & 4 Review Questions

...Week 2 Problems/Exercises: Chapters 3 & 4 Michael LaBarge DeVry University Chapter 3 2. List and describe the common skills and activities of a project manager. Which skill do you think is most important? Why? Common skills of a project manager include: interpersonal skills, leadership skills and technical skills. Interpersonal skills include the skills needed to effectively communicate with others what needs to be done and the process that should be taken to get it done. Leadership skills are important because as the project manager is in charge of the project, they must be able to successfully lead their team from initiation to completion of the project as efficiently as possible. Technical skills are the skills needed to understand all aspects of the system that is to be created or modified and what it takes to make that happen. Common activities of a project manager include: leadership, management, customer relations, technical problem solving, conflict management, team management and risk and change management. I believe that the most important skill that a project manager must possess is leadership. I think that with the right team, the PM can get assistance on the interpersonal and technical aspects of the project. However without the proper leadership, even the best team will ultimately fail, or at least have many difficulties. Also, many of the activities that a project manager must do are leader/management based. 4. Describe the activities performed by...

Words: 766 - Pages: 4

Free Essay

Chapter 2 Review Questions Principles of Information Security

...1. Information security is more of a management issue because it is up to management to decide what end users should have access to and what they should not. Also technology can only do what it is told to do but if management sets up training to teach end users about the threats of say opening an unknown email then the company is safer. 2. Without data an organization loses its record of transactions and/or its ability to deliver value to its customers. Page 42 Principles of Information Security 3. Both general and It management 4. It has created more and the reason why is it is much easier to spread viruses, worms, etc. now that the can get from system to system without having to attach to a physical disc. 5. Information extortion occurs when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. Page 60 Principles of Information Security. An example would be if someone would steal the latest album from a well-known artist before its release date and demanded to be paid or it would be released onto the internet. 6. Employees are one of the biggest threats for several reasons the can accidently allow someone access to the system by installing a back door or it is possible for them to become angry with the company and just hand out IP to rival companies. It is also possible that they could accidently delete valuable data from the system that has no backup. 7. Make sure nobody...

Words: 908 - Pages: 4

Premium Essay

Gmat Syllabus

...Complete Course Contents Do a page a week → Page(s) Bird's Eye View......................................................................... 2 Do This Homework..................................................... 3 - 11 Try Easier Quant............................................ 12 - 20 Only do as needed or → wanted (and if you have time) Try Easier Verbal............................................ 21 - 29 Try Harder Quant............................................. 30 - 36 Try Harder Verbal............................................ 37 - 42 Try More IR.................................................... 43 Try More Essay............................................. 44 Page 1 of 44 Bird's Eye View of Class Attended In Class Quant Verbal Topics & Methods Sentence Correction Critical Reasoning Reading Comprehension Other IR / Essay Preparing for the GMAT Session 1 □ DS Methods & Computation Methods 2 □ FDPs 3 □ Algebra 1 4 □ Algebra 2 5 □ Word Probs 1 6 □ Word Probs 2 7 □ Geometry 8 □ Num Props 1 9 □ Num Props 2 Subj-Verb Parallelism Pronouns Arg. Structure Assumption Modifiers Verbs Evaluate Comparisons Str/Weaken Idioms etc. Evidence Short Long IR Basics Essay Review Assess Gameplan Build "Do This" Checklist At Home Quant FoM Odds After Session 1 2 3 4 5 6 x 7 x 8 x 9 x x x □ □ □ □ □ □ □ x x x x □ □ □ □ □ □ □ □ □ x x □ □ □ □ □ □ □ □ □ x x □ □ □ □ □ □ □ x x □ □ □ □ □ x...

Words: 10013 - Pages: 41

Premium Essay

International Business

...LL.M INTERNATIONAL BUSINESS TRANSACTIONS LAW 5901 Kazakhstan Institute of Management, Economics, and Strategic Research School of Law REQUIRED TEXT: International Business and Trade [4th ed.] Ricky W. Griffen, Michael W. Pustay COURSE MATERIALS: http://www.eilfe.com/online-courses/kimep.html International Business Transactions REQUIRED TEXT: International Business and Trade [4th ed.] Ricky W. Griffen, Michael W. Pustay COURSE MATERIALS: http://www.eilfe.com/online-courses/kimep.html International Business Transactions KIMEP SUMMER I 2010 COURSE NUMBER: LAW5901 COURSE NAME: INTERNATIONAL BUSINESS TRANSACTIONS CLASS TIME: MTWTHF 20:15 – 21:45, HALL, NEW BUILDING FINAL EXAM: WEEK SIX; Time and date TBA KIMEP SUMMER I 2010 COURSE NUMBER: LAW5901 COURSE NAME: INTERNATIONAL BUSINESS TRANSACTIONS CLASS TIME: MTWTHF 20:15 – 21:45, HALL, NEW BUILDING FINAL EXAM: WEEK SIX; Time and date TBA Instructor: Prof. Dr. John JA Burke BA, JD, Ph.D. E-Mail: jburke@kimep.kz Office: 119, New Building Hours: Appointment Only Instructor: Prof. Dr. John JA Burke BA, JD, Ph.D. E-Mail: jburke@kimep.kz Office: 119, New Building Hours: Appointment Only INTRODUCTION AND OVERVIEW Joseph E. Stiglizt, the winner of the 2001 Nobel Prize in Economics, states, “We have a process of “globalisation” analogous to the earlier processes in which national...

Words: 2119 - Pages: 9

Premium Essay

Skfaifh

...Community College of City University CM20269 Financial Management – Semester B 2012/13 |Name |Office (AC 2) |Office Phone No. |E-mail | |Mr. Toby Butt |Room: 6217 |3442 4969 |mkbutt@cityu.edu.hk | |Mr. Joe Pong |Room: 5429 |3442 6943 |hkpong@cityu.edu.hk | |Mr. Kennix Chiu |Room: 5416 |3442 7585 |swchiu@cityu.edu.hk | |Ms. Maria Wong |Room: 5423 |3442 9762 |laikwong@cityu.edu.hk | Course Aims: Provide students with some fundamental concepts of modern financial management theory relevant to making operating and investment decisions. The course also introduces some of the core financial management and decision making techniques used in the business world. Course Intended Learning Outcomes (CILOs) Upon successful completion of this course, students should be able to: 1. Describe the financial environment, agency costs, the goals of the participants, and the basic structure of Hong Kong financial and banking systems 2. Explain working capital policies and apply working capital management tools 3. Apply the concepts of risk-return trade-off and time value of money in financial management decisions, and in...

Words: 1218 - Pages: 5

Premium Essay

Financial Management

...Community College of City University BUS20269 Financial Management – Semester A 2013/14 |Name |Office (AC 2) |Office Phone No. |E-mail | |Mr. Toby Butt |Room: 6217 |3442 4969 |mkbutt@cityu.edu.hk | |Mr. Joe Pong |Room: 5429 |3442 6943 |hkpong@cityu.edu.hk | |Mr. Kennix Chiu |Room: 5416 |3442 7585 |swchiu@cityu.edu.hk | |Mr. Peter Yip |Room: 5406 |3442 7903 |peteryip@cityu.edu.hk | Course Aims: Provide students with some fundamental concepts of modern financial management theory relevant to making operating and investment decisions. The course also introduces some of the core financial management and decision making techniques used in the business world. Course Intended Learning Outcomes (CILOs) Upon successful completion of this course, students should be able to: 1. Describe the financial environment, agency costs, the goals of the participants, and the basic structure of Hong Kong financial and banking systems 2. Explain working capital policies and apply working capital management tools 3. Apply the concepts of risk-return trade-off and time value of money in financial management decisions, and...

Words: 1220 - Pages: 5

Premium Essay

Cp3002

...Tutorial/Practical 2 (Week 3) – CP3302/CP5603 Remarks: • This tutorial/practical consists of some tutorial-type questions that are chosen from ‘Review Questions’ in Chapters 2 and 3 of the textbook, as well as some practical-type questions that are chosen from: Michael E. Whitman and Herbert J. Mattord, Hands-On Information Security Lab Manual, (third edition), Course Technology, Cengage Learning, USA, 2011. • This tutorial/practical may not be completed in the scheduled practical session for this subject. So you are strongly recommended to complete it in your own time (note that students are expected to work 10 hours per week on this subject, including 3 hours of contact time). • Due to security issues, you may not be allowed to practise all commands and programs of the practical-type questions with the university’s computers. So, interested students are encouraged to do this section on their own computers (if available). You will not be assessed for utilities/commands that cannot be practised on university computers. 1. (Review Question 1 – Chapter 2) Why is information security a management problem? What can management do that technology cannot? 2. (Review Question 2 – Chapter 2) Why is data the most important asset an organization possesses? What other assets in the organization require protection? 3. (Review Question 3 – Chapter 2) Which management groups are responsible for implementing information security to protect the organizations ability to function? 4. (Review Question 5 – Chapter...

Words: 3431 - Pages: 14

Free Essay

Haha

...Date | Week | Topics | 30/11/14-6/12/14 | Week 1 | Ice Breaking & Chapter 1a ( Introduction To Management) & Chapter 1b (Evolutions Of Management Thought)-Ice Breaking Session-Inform about entrance & exit survey-Provide information regarding Lesson Plan, Assessment and Quizzes-Tutorial Activity: * Discuss about 4 process of management that have been practised as a student in their daily life or during an event that they involved. * Share the process by a short and simple presentation. * Answer past year exams question on Ch1 (Quiz 10 minutes)-Students need to draw mind map for Chp 1 on white board and do short review -Blended Learning: Share how a company involved in POLC for an event for the organization | 7/12/14-13/12/14 | Week 2 | Chapter 2 (Planning)-Students need to draw mind map for Chp 2 on white board and do short review -Tutorial Activity: * Answer past year exams question on Ch2(Quiz 10 minutes) * If planning is important, why do some managers choose not do it? Submit a short presentation about planning barriers and the benefit of the planning.-Blended Learning:Students are request to share their planning that they have prepare to study in UiTM | 14/12/14-20/12/14 | Week 3 | Chapter 3 (The Nature Of Decision Making)-Students need to draw mind map for Chp 3on white board and do short review -Tutorial Activity: * Answer past year exams question on Ch3 (Quiz 10 minutes) * Form a group of 4 persons. Students need to discuss their...

Words: 1251 - Pages: 6