Deck 17: Information Security: Barbarians at the Gateway and Just About Everywhere Else

A) honeypots.
B) zombots.
C) botnets.
D) blacklists.
E) megabots.

A) some customers have begun seeking alternative products and services untarnished by the perception of having (complicity or unwittingly) provided private information to authorities.
B) the cost to include government surveillance technology inside their products is expensive and lowers profits compared to rivals.
C) the government-required installations of software, such as Stuxnet, that U.S. tech firms must comply with inevitably take up valuable storage space, adding cost to industrial and commercial products.
D) the cost to house government workers on-site is a burden private corporations should not have to shoulder.
E) firms in foreign governments are directly contracted to perform surveillance, and are compensated for their efforts with perks and tax breaks, while U.S. firms receive no such compensation.

A) Cyber-fraud
B) Corporate espionage
C) Carrying out technology disruptions
D) Extortion
E) Illegal funds transfer

A) data harvester
B) cracke
C) hacker
D) black hat
E) hacktivist

A) Security breaches cannot be prevented despite the adoption of the best security policies.
B) Technology lapses are solely responsible for almost all security breaches.
C) Information security is everybody's responsibility.
D) Greater expenditure on security products is the only way to contain security breaches.
E) A reactive, rather than proactive, approach is better suited for dealing with security breaches.

A) DDoS attacks.
B) espionage.
C) cyberwarfare.
D) extortion.
E) phishing.

A) Target had security software, but the notification alerts from the software were ignored.
B) Target had properly installed and configured its security software, but hackers got in, anyway.
C) Credit card databases were on entirely separate systems, not connected to other parts of the firm's information system, but wireless networking allowed hackers to access anything reachable from a cell phone connection.
D) Target regularly monitored file names and matched them to file sizes and archival copies to ensure that software was not installed on their systems using the names of legitimate products, but hackers saved files with blank file names so they wouldn't be detected.
E) All of the above

A) Cyber-crime is not yet considered a serious enough threat to warrant the attention of law-enforcement agencies.
B) Law-enforcement agencies are well-resourced to fight cyber-crimes effectively.
C) Governments usually outmatch private industry in terms of retaining top talent with incentives and generous pay.
D) Law-enforcement agencies struggle to hire, train, and retain staff capable of keeping pace with today's cyber-criminals.
E) Cyber-crime is not rewarding in terms of financial gain.

A) cash-out fraudsters
B) data harvesters
C) corporate spies
D) ethical hackers
E) information hoarders

A) An extortion attempt where hackers threaten to reveal names and social security information stolen from medical records databases
B) Overloading a popular social networking site with inbound messages in order to shut down access to the site
C) Launching a targeted phishing campaign on a department of defense or other surveilance network.
D) Stealing proprietary data directly from mobile phones using a distributed network of difficult-to-trace online services.
E) Launching tough-to-track click-fraud efforts

A) Lack of technology to identify the origin of a security attack
B) Non-recognition of commission of a security-related crime
C) Unwillingness of developed countries to share technical know-how with lesser-developed countries
D) Non-existent extradition agreements between two countries
E) Technological incompatibility between the two countries

A) hacktivist
B) data harvester
C) corporate spy
D) white hat hacker
E) ethical cyber criminal

A) novel attacks
B) first mover attacks
C) non-precedent breaches
D) zero-day exploits
E) brute force attacks

A) keylogging.
B) shoulder surfing.
C) dumpster diving.
D) screen capture.
E) spyware.

A) overlamination processes
B) biometrics
C) smart tags
D) bio-embedded systems
E) holographs

A) strong arm
B) permuted
C) brute-force
D) zero-day
E) infinity

A) Shadow-keyboards
B) Bootloggers
C) KitRoots
D) Keyloggers
E) Adwares

A) It refers to a con executed using technology, typically targeted at acquiring sensitive information or tricking someone into installing malicious software.
B) It refers to e-mail transmissions and packets that have been altered to seem as if they came from another source.
C) It refers to scrambling data using a code or formula, known as a cipher, such that it is hidden from those who do not have the unlocking key.
D) It refers to a seemingly tempting, but bogus target meant to draw hacking attempts.
E) It refers to highly restrictive programs that permit communication only with approved entities and/or in an approved manner.

A) the software was embedded in many hardware products that could not be easily patched with automatic software updates.
B) any password typed into a CAPTCHA could be monitored by a Van Eck device.
C) social engineers could exploit the bug through SQL injection.
D) all social media profile data was exposed, giving hackers access to the potential answers many firms ask as part of password security questions.
E) it eliminated the ability to expose a URL's desitination by hoving the cursor over an address.

A) trash recovery.
B) junk exploring.
C) dumpster diving.
D) scrap sifting.
E) data sieving.

A) The password should be at least eight characters long and include at least one number and other nonalphabet character.
B) The password should be short and straightforward.
C) The password should include names of family members or pets, so as to be easily remembered.
D) Choose a hard-to-guess password, then re-use this hardened password across websites. This minimize instances of calling systems professionals for a password reset, hence eliminating an additional potential vulnerability.
E) The password should be the same as your name so as to trick the hacker.

A) It refers to a con executed using technology, typically targeted at acquiring sensitive information or tricking someone into installing malicious software.
B) It refers to e-mail transmissions and packets that have been altered to seem as if they came from another source.
C) It refers to scrambling data using a code or formula, known as a cipher, such that it is hidden from those who do not have the unlocking key.
D) It refers to a seemingly tempting, but bogus target meant to draw hacking attempts.
E) It refers to highly restrictive programs that permit communication only with approved entities and/or in an approved manner.

A) rootkits.
B) trojans.
C) viruses.
D) worms.
E) honeypots.

A) Spyware
B) Malware
C) Social engineering
D) Phishing
E) Virus infections

A) LinkedIn
B) Corproate directories
C) Social media posts
D) Contests or surveys
E) All of the above

A) DDos
B) Rootkit
C) Keylogging
D) CAPTCHa
E) VPN

A) Phishing
B) Social engineering
C) Password theft
D) Virus infections
E) Physical threats

A) a large file size to spread.
B) the computer to be shutdown to spread.
C) Windows as an operating system to spread.
D) a disk based operating system to spread.
E) an executable program to spread.

A) patches.
B) compliance.
C) maculations.
D) keys.
E) dongles.

A) the rising cost of labor.
B) lack of information on effectiveness of patches.
C) the fear that the new technology contains a change that will cause problems down the road.
D) redundancy of patches within a short span of time.
E) bureaucratic inefficiency.

A) audit; enforcement
B) accountability; flexibility
C) compliance; subjectivity
D) protocols; the backing of ISO
E) rigidity; adaptability

A) legal or professionally binding steps that an organization must take.
B) security audit practices used by the tech divisions of Big Four accounting firms.
C) a firm's installing software to fulfill government surveillance requirements.
D) the U.S. government legislation requiring organizations to share security breaches with law enforcement and industry trade organizations.
E) only deploying open source software that is downloaded from approved GitHub locations.