Deck 9: Enterprise Information Systems: ERP and SCM

A) Is there clear accountability for information security in our organization?
B) How much is spent on information security and what is it being spent on?
C) What is the impact on the organization of a serious security incident?
D) How do we identify potential insiders?

A) Something the user knows such as a user ID and password
B) Something the user has such as a smart card or token
C) Something that is part of the user such as a fingerprint or voice signature
D) None of the above

A) Using one's social skills to trick people into revealing access credentials or other information valuable to the attacker
B) Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident
C) Small electronic devices that change user passwords automatically
D) A method for confirming user's identities

A) Something the user knows such as a user ID and password
B) Something the user has such as a smart card or token
C) Something that is part of the user such as a fingerprint or voice signature
D) Combination of all of the above

A) Switch the order of characters
B) Replace characters with other characters
C) Use a mathematical formula to convert the information into some sort of code
D) All of the above

A) Smart card
B) Fingerprint authentication
C) User ID
D) None of the above

A) Token
B) Password
C) Smart card
D) Biometrics

A) Information security plan
B) Information security policies
C) Authentication
D) Biometrics

A) A type of encryption
B) A type of content filtering
C) A form of unsolicited e-mail
D) None of the above

A) Authentication
B) Prevention
C) Detection
D) Response

A) Hactivist
B) Social engineering
C) Insiders
D) Virus

A) Smart card
B) Token
C) Biometrics
D) Content filtering

A) Occurs when an organization uses software that filters content to prevent the transmission of unauthorized information
B) Scrambles information into an alternative form that requires a key or password to decrypt the information
C) Hardware and/or software that guards a private network by analyzing the information leaving and entering the network
D) A form of unsolicited e-mail

A) Content filtering, encryption, firewalls
B) Content filtering, encryption, insiders
C) Encryption, firewalls, insiders
D) Firewalls, social engineering, encryption

A) Biometrics
B) Encryption
C) Firewalls
D) Content Filtering

A) Develop the information security policies
B) Communicate the information security policies
C) Revise and test the information security policies
D) Test and reevaluate risks

A) People first, technology second
B) Technology first, people second
C) None of the above
D) All of the above

A) Authentication and authorization
B) Prevention and resistance
C) Detection and resistance
D) None of the above

A) Between a personal computer and the server
B) Between a personal computer and a printer
C) Between the server and the content filtering software
D) Between the server and the Internet

A) Examines each message that wants entrance to the network
B) Blocks messages without the correct markings from entering the network
C) Detects computers communicating with the Internet without approval
D) All of the above

A) White-hat hacker
B) Black-hat hacker
C) Crackers
D) Cyberterrorists

A) Ethics
B) Intellectual property
C) Copyright
D) Fair Use Doctrine

A) White-hat hacker
B) Black-hat hacker
C) Hactivists
D) Script kiddies

A) Malicious code
B) Token
C) User ID
D) Antivirus software

A) Malicious code
B) Hoaxes
C) Spoofing
D) Sniffer

A) Malicious code
B) Hoaxes
C) Spoofing
D) Sniffer

A) White-hat hacker
B) Black-hat hacker
C) Crackers
D) Cyberterrorists

A) Ethics
B) Intellectual property
C) Copyright
D) Fair Use Doctrine

A) Computer virus
B) Worm
C) Denial-of-service attack
D) None of the above

A) Authentication and authorization
B) Prevention and resistance
C) Detection and response
D) Detection and resistance

A) Malicious code
B) Hoaxes
C) Spoofing
D) Sniffer

A) Ethics
B) Intellectual property
C) Copyright
D) Fair dealing

A) Malicious code
B) Hoaxes
C) Spoofing
D) Sniffer

A) Fair Use Doctrine
B) Pirated software
C) Counterfeit software
D) Privacy

A) White-hat hacker
B) Black-hat hacker
C) Hactivists
D) Script kiddies

A) Ethics
B) Intellectual property
C) Copyright
D) Fair Use Doctrine

A) White-hat hackers
B) Black-hat hackers
C) Hactivists
D) Script kiddies

A) Distributed denial-of-service attack
B) Worm
C) Denial-of-service attack
D) Backdoor programs

A) Computer virus
B) Worm
C) Denial-of-service attack
D) None of the above

A) Key logger
B) Hardware key logger
C) Cookie
D) Adware

A) Fair Use Doctrine
B) Pirated software
C) Counterfeit software
D) Privacy

A) Acceptable use policy
B) Internet use policy
C) Ethical computer use policy
D) None of the above

A) Legal behaviour and ethical behaviour
B) Illegal behaviour and ethical behaviour
C) Legal behaviour and unethical behaviour
D) None of the above

A) Ethics
B) ePolicies
C) All of the above
D) None of the above

A) Information privacy policy
B) Acceptable use policy
C) Internet use policy
D) Ethical computer use policy

A) Informed, collaborate
B) Consent, informed
C) Informed, consent
D) None of the above

A) Information is a valuable corporate asset and should be managed as such
B) The CIO is responsible for controlling access to and use of information
C) The CIO is responsible for preventing the inappropriate destruction of information
D) The CIO is responsible for how outsiders view and analyze corporate information

A) The assurance that messages and information are available only to those who are authorized to view them
B) Policies and procedures that address the ethical use of computers and Internet usage in the business environment
C) The right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent
D) The principles and standards that guide our behaviour toward other people

A) The assurance that messages and data are available only to those who are authorized to view them.
B) Policies and procedures that address the ethical use of computers and Internet usage in the business environment
C) The right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent
D) The principles and standards that guide our behaviour toward other people

A) Fair Use Doctrine
B) Pirated software
C) Counterfeit software
D) Privacy

A) The assurance that messages and data are available only to those who are authorized to view them
B) Policies and procedures that address the ethical use of computers and Internet usage in the business environment
C) The right to be left alone when you want to be, to have control over your own personal possessions, and to not be observed without your consent
D) The principles and standards that guide our behaviour toward other people

A) Contacted customers based on opt-out decision
B) Contacted customers based on opt-in decision
C) Contacted customers regardless of their opt-out or opt-in decision
D) Failed to contact any customers

A) Individuals copy, use, and distribute software
B) Employees search organizational databases for sensitive corporate and personal information.
C) Individuals hack into computer systems to steal proprietary information.
D) None of the above

A) medical records
B) security clearances
C) tax records
D) All of the above

A) Information privacy policy
B) Acceptable use policy
C) Internet use policy
D) None of the above

A) Legal and ethical
B) Illegal and ethical
C) Legal and unethical
D) Illegal and unethical

A) Accountability
B) Accuracy
C) Open access
D) Safeguards

A) European model
B) US model
C) Bork model
D) None of the above

A) Employee absenteeism is on the rise.
B) Job satisfaction is on the rise.
C) Psychological reactance is prevented.
D) All of the above.

A) Information privacy policy
B) Acceptable use policy
C) Internet use policy
D) Ethical computer use policy

A) Adoption and implementation of an anti-spam policy
B) Notice and disclosure
C) Choice and quality
D) None of the above

A) Is the forging of someone's identity for the purpose of fraud
B) Is monitoring emails
C) Is hacking in a computer system with the purpose of stealing information
D) Is buying illegal information from a hacker

A) Key logger software
B) Spyware
C) Cookie
D) Adware

A) Information privacy policy
B) Acceptable use policy
C) Anti-spam policy
D) Ethical computer use policy
It is common practice to sign an AUP before being granted a network ID.

A) Ethical computer use policy
B) Anti-spam policy
C) Information privacy policy
D) Acceptable use policy

A) It defines who legitimate e-mail users are
B) It explains the backup procedures
C) It describes the legitimate grounds for reading someone's e-mail
D) It informs people that the organization has full control over e-mail once it is transmitted outside the organization

A) Not using the service as part of violating any law
B) Not attempting to break the security of any computer network or user
C) Not posting commercial messages to groups without prior permission
D) All of the above

A) 20 to 30 percent
B) 30 to 50 percent
C) 40 to 60 percent
D) None of the above

A) Copyright
B) Fair use doctrine
C) Nonrepudiation
D) Intellectual property

A) Tracking people's activities by such measures as number of keystrokes
B) Tracking people's activities by such measures as error rate
C) Tracking people's activities by such measures as number of transactions processed
D) All of the above

A) Intellectual property
B) Nonrepudiation
C) User's expectation of privacy
D) All of the above

A) Acceptable use policy
B) E-mail privacy policy
C) Internet use policy
D) None of the above

A) Using the service to violate a law
B) Posting commercial messages to groups without prior permission
C) Performing nonrepudiation
D) Not attempting to mail bomb a site

A) Information privacy policy
B) Acceptable use policy
C) Internet use policy
D) Anti-Spam policy

A) Phone number
B) Social Security number
C) Address
D) Driver's license number

A) Ethical computer use policy
B) Acceptable use policy
C) Nonrepudiation policy
D) None of the above

A) Spyware
B) Hardware key logger
C) Cookie
D) Adware