Deck 12: Information Security Management

A) target
B) vulnerability
C) threat
D) warning

A) Spoofing
B) Phishing
C) Sniffing
D) Pretexting

A) hacking
B) phishing
C) usurping
D) sniffing

A) hacker
B) phisher
C) safeguard
D) sniffer

A) Hacking
B) Baiting
C) Sniffing
D) Pretexting

A) unauthorized data disclosure
B) incorrect data modification
C) faulty services
D) loss of infrastructure

A) Drive-by spoofers
B) Pretexters
C) Drive-by sniffers
D) Phishers

A) An employee inadvertently installs an old database on top of the current one.
B) An employee intentionally destroys data and system components.
C) A virus and worm writer infects computer systems.
D) A hacker breaks into a system to steal for financial gain.

A) IP spoofing
B) caches
C) ad blockers
D) adware

A) accidentally deleting customer records
B) poorly written programs resulting in data losses
C) loss of data as a result of flooding
D) hacking of information systems

A) Hacking
B) Spoofing
C) Phishing
D) Usurpation

A) safeguarding computer hardware and software
B) delegating responsibility for managing IS security
C) establishing the security policy and managing risk
D) managing security programs on a real-time basis

A) Risk; indemnity
B) Uncertainty; risk
C) Assessment; uncertainty
D) Vulnerability; risk

A) Computer security is an integral element of sound management.
B) Computer security should be cost-effective.
C) Computer security is constrained by societal factors.
D) Computer security should be periodically reassessed.

A) A hacker monitors and intercepts wireless traffic at will.
B) A hacker floods a Web server with millions of bogus service requests.
C) A hacker uses another site's IP address to masquerade as that other site.
D) A phisher pretends to be a legitimate company and requests confidential data.

A) create backup procedures
B) reduce the likelihood of a threat
C) evaluate the results of the risk management process
D) assess the threats and vulnerabilities

A) denial-of-service
B) side channel
C) brute force
D) obfuscation

A) Cookies
B) Registers
C) Pop-ups
D) Public keys

A) limiting the personal use of an organization's computer systems
B) deciding what customer data from the order-entry system will be shared with other organizations
C) designating a department for managing an organization's IS security
D) inspecting an employee's personal email for compliance with company policy

A) data policy
B) issue-specific policy
C) system-specific policy
D) network security policy

A) a dip in sales because supplies were not replenished
B) a loss of customer goodwill due to an outage
C) a drop in production due to plant maintenance
D) a financial loss due to high input costs

A) Unauthorized data disclosure
B) Incorrect data modification
C) Denial of service
D) Loss of infrastructure

A) likelihood
B) uncertainty
C) consequence
D) vulnerability

A) Employees
B) Natural disasters
C) Hackers
D) Competitors

A) certain Web sites being blocked from viewing for security reasons
B) small amounts of spam in your inbox
C) an unexplained reduction in your account balance
D) pop-up ads appearing frequently

A) multiply likelihood by the probability of occurrence
B) multiply the vulnerability by the probability of occurrence
C) multiply likelihood by the cost of the consequences
D) multiply residual risk by the cost of the consequences

A) Pretexting
B) Phishing
C) Hacking
D) Spoofing

A) information related to national security
B) records maintained by the U.S.government
C) consumer financial data stored by financial institutions
D) health data collected by doctors and other health-care providers

A) the general statement of the security policy
B) the issue-specific policy
C) the network policy
D) the system-specific policy

A) IDS
B) botnet
C) antivirus
D) firewall