Deck 14: Information Security: Barbarians at the Gateway and Just About Everywhere Else

A) activist
B) cyber agitator
C) hacktivist
D) ethical hacker
E) cybersquatter

A) hacktivist
B) data harvester
C) corporate spy
D) white hat hacker
E) ethical cyber criminal

A) security breaches are not as damaging to companies as other crimes are.
B) industry guidelines for information security are not suitable for everyone and should be made optional.
C) information security must be a top organizational priority.
D) skimping on liability insurance to cover for financial losses from security breaches is not advisable.
E) with a little effort and resources, it is possible to make any security system hundred percent foolproof.

A) Lack of technology to identify the origin of a security attack
B) Non-recognition of commission of a security-related crime
C) Unwillingness of developed countries to share technical know-how with lesser-developed countries
D) Non-existent extradition agreements between two countries
E) Technological incompatibility between the two countries

A) Cyber-crime is not yet considered a serious enough threat to warrant the attention of law-enforcement agencies.
B) Law-enforcement agencies are well-resourced to fight cyber-crimes effectively.
C) Governments usually outmatch private industry in terms of retaining top talent with incentives and generous pay.
D) Law-enforcement agencies employ technically inept employees who are incapable of keeping pace with today's cyber-criminals.
E) Cyber-crime is not rewarding in terms of financial gain.

A) Security breaches cannot be prevented despite the adoption of the best security policies.
B) Technology lapses are solely responsible for almost all security breaches.
C) Information security is everybody's responsibility.
D) Greater expenditure on security products is the only way to contain security breaches.
E) A reactive, rather than proactive, approach is better suited for dealing with security breaches.

A) data harvester
B) cracke
C) hacker
D) black hat
E) hacktivist

A) honeypots.
B) zombots.
C) botnets.
D) blacklists.
E) megabots.

A) DDoS attacks.
B) espionage.
C) cyberwarfare.
D) extortion.
E) phishing.

A) Threatening to reveal names and social security information stolen from medical records databases
B) Crashing a popular social networking site to restrict access to information
C) Hijacking a power generation unit capable of serving an entire city
D) Stealing proprietary data on products worth several millions of dollars
E) Launching tough-to-track click-fraud efforts

A) cash-out fraudsters
B) data harvesters
C) corporate spies
D) ethical hackers
E) information hoarders

A) Cyber-fraud
B) Corporate espionage
C) Carrying out technology disruptions
D) Extortion
E) Illegal funds transfer

A) Phishing
B) Social engineering
C) Password theft
D) Virus infections
E) Physical threats

A) Restricting communication between approved entities
B) Crippling a substantially sized network by withholding critical information like passwords
C) Organizing an underworld market dealing in trade of stolen information
D) Stealing critical information like social security numbers, or revenue records
E) Sending spam mail from thousands of difficult-to-shut-down accounts

A) Baiting someone to add, deny, or clarify information that can help an attacker
B) Posting rumors about an individual on a popular social networking site
C) Making prank calls to individuals
D) Stealing an individual's credit card information
E) Flooding an individual's mailbox with junkmail

A) clogs up network traffic and disables networks.
B) monitors user actions or scans for files surreptitiously.
C) infects other software and decreases the network speeds.
D) serves up unwanted advertisements after being installed without user knowledge.
E) scans for loopholes in other software and releases malware payloads.

A) records keystrokes.
B) screens the computer for malware.
C) records pixels appearing on a user's screen.
D) captures images appearing on a screen.
E) serves up unwanted advertisements on users' screens.

A) Deploy a commercial software patch or other piece of security software that can protect the firm
B) Outsource the development of its Web site to an outside agency
C) Invalidate user input and train developers to rewrite the entire code
D) Meticulously check for integrity of Web sites and dig out weaknesses
E) Install SQL screening software and update it regularly

A) allots domain names to different Web sites.
B) assigns IP addresses to different systems.
C) directs the flow of traffic across the Internet.
D) maintains a registry of different IP addresses.
E) maps an Internet address to an IP address.

A) keylogging.
B) shoulder surfing.
C) dumpster diving.
D) screen capture.
E) spyware.

A) rootkits.
B) trojans.
C) viruses.
D) worms.
E) honeypots.

A) trash recovery.
B) junk exploring.
C) dumpster diving.
D) scrap sifting.
E) data sieving.

A) Click on the link in the mail
B) Click on the link in the mail and provide any information you are asked for
C) Do not click on any links, or download any enclosures
D) Click on the link and download the anti-virus software
E) Forward the mail to your colleagues

A) Sloppy programming practices where software developers do not validate user input
B) Lack of in-built anti-virus features
C) Irregular auditing of Web site content
D) Ease of infiltrating the Web site
E) Non-employment of encryption techniques

A) Frequently upgrade their systems with the latest hardware available in the market
B) Use a universal password for all secure sites to avoid chances of forgetting different passwords
C) Use VPN software to encrypt transmission and hide from eavesdroppers
D) Use unrestricted folder sharing settings to maintain transparency
E) Use passwords that are random and more than 12 characters long to avoid easy guessing

A) The password should be at least eight characters long and include at least one number and other nonalphabet character.
B) The password should be short and straightforward.
C) The password should include names of family members or pets, so as to be easily remembered.
D) The password should be random and more than 12 characters long to avoid risk of being guessed by a hacker.
E) The password should be the same as your name so as to trick the hacker.

A) novel attacks
B) first mover attacks
C) non-precedent breaches
D) zero-day exploits
E) brute force attacks

A) strong arm
B) permuted
C) brute-force
D) zero-day
E) infinity

A) Spyware
B) Malware
C) Social engineering
D) Phishing
E) Virus infections

A) Shadow-keyboards
B) Bootloggers
C) Rootkits
D) Keyloggers
E) Adwares

A) overlamination processes
B) biometrics
C) smart tags
D) bio-embedded systems
E) holographs

A) a large file size to spread.
B) the computer to be shutdown to spread.
C) Windows as an operating system to spread.
D) a disk based operating system to spread.
E) an executable program to spread.

A) It refers to a con executed using technology, typically targeted at acquiring sensitive information or tricking someone into installing malicious software.
B) It refers to e-mail transmissions and packets that have been altered to seem as if they came from another source.
C) It refers to scrambling data using a code or formula, known as a cipher, such that it is hidden from those who do not have the unlocking key.
D) It refers to a seemingly tempting, but bogus target meant to draw hacking attempts.
E) It refers to highly restrictive programs that permit communication only with approved entities and / or in an approved manner.

A) It refers to a con executed using technology, typically targeted at acquiring sensitive information or tricking someone into installing malicious software.
B) It refers to e-mail transmissions and packets that have been altered to seem as if they came from another source.
C) It refers to scrambling data using a code or formula, known as a cipher, such that it is hidden from those who do not have the unlocking key.
D) It refers to a seemingly tempting, but bogus target meant to draw hacking attempts.
E) It refers to highly restrictive programs that permit communication only with approved entities and / or in an approved manner.

A) upgrading to the latest hardware and software available in the market.
B) researching and complying with the latest industry guidelines.
C) investing in the best infrastructure.
D) inventory-style auditing and risk assessment of threats.
E) employing a security consultant.

A) audit; enforcement
B) accountability; flexibility
C) compliance; objectivity
D) regulation; transparency
E) consistency; adaptability

A) DDoS attacks.
B) screen capture.
C) brute-force attacks.
D) spear phishing.
E) DNS cache poisoning.

A) the rising cost of labor.
B) lack of information on effectiveness of patches.
C) the fear that the new technology contains a change that will cause problems down the road.
D) redundancy of patches within a short span of time.
E) bureaucratic inefficiency.

A) the day-to-day monitoring of existing systems.
B) understanding emerging threats and reviewing, selecting, and implementing updated security techniques.
C) working on broader governance issues.
D) educating the organization on the need to improve information security.
E) hunting for and exposing organizational security weakness before hackers find them.

A) patches.
B) adware.
C) maculations.
D) keys.
E) cracks.