Deck 1: Introduction to the Management of Information Security

The malicious code attack includes the execution of viruses,worms,Trojan horses,and active Web scripts with the intent to destroy or steal information._________________________

The first step in solving problems is to gather facts and make assumptions.

"Shoulder spying" is used in public or semi-public settings when individuals gather information they are not authorized to have by looking over another individual's shoulder or viewing the information from a distance._________________________

The macro virus infects the key operating system files located in a computer's start up sector._________________________

The authorization process takes place before the authentication process.

When voltage levels lag(experience a momentary increase),the extra voltage can severely damage or destroy equipment._________________________

Corruption of information can occur only while information is being stored.

A(n)polymorphic threat is one that over time changes the way it appears to antivirus software programs,making it undetectable by techniques that look for pre-configured signatures._________________________

One form of e-mail attack that is also a DoS attack is called a mail spoof,in which an attacker overwhelms the receiver with excessive quantities of e-mail._________________________

A device (or a software program on a computer)that can monitor data traveling on a network is known as a socket sniffer._________________________

DoS attacks cannot be launched against routers.

A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach,so that users who subsequently visit those sites become infected.

The term phreaker is now commonly associated with an individual who cracks or removes software protection that is designed to prevent unauthorized duplication._________________________

List and explain the four principles of management under the contemporary or popular management theory.Briefly define each.

A virus or worm can have a payload that installs a(n)____________________ door or trap door component in a system,which allows the attacker to access the system at will with special privileges.

Some information gathering techniques are quite legal,for example,using a Web browser to perform market research.These legal techniques are called,collectively,competitive ____________________.

List the steps that can be used as a basic blueprint for solving organizational problems.

List themeasures that are commonly used to protect the confidentiality of information.

____________________ is unsolicited commercial e-mail.

A(n)____________________ is an act against an asset that could result in a loss.

Duplication of software-based intellectual property is more commonly known as software ____________________.

List and explain the critical characteristics of information as defined by the C.I.A.triad.

A(n)____________________ hacks the public telephone network to make free calls or disrupt services.

The set of organizational guidelines that dictates certain behavior within the organization is called ____________________.

ESD is the acronym for ____________________ discharge.

A(n)____________________ is a potential weakness in an asset or its defensive control(s).

Explain the differences between a leader and a manager.

A ____________ overflow is an application error that occurs when the system can't handle the amount of data that is sent.

What are the three distinct groups of decision makers or communities of interest on an information security team?

The three levels of planning are strategic planning,tactical planning,and ____________________ planning.

List the specialized areas of security.

A momentary low voltage is called a(n)____________________.

Attempting to reverse-calculate a password is called ____________________.

Discuss the planning element of information security.

There are 12 general categories of threat to an organization's people,information,and systems.List at least six of the general categories of threat and identify at least one example of those listed.

What is authentication?Provide some examples.