Deck 9: Electronic Commerce Security and Fraud Protection

A) The Internet was designed for maximum efficiency without regard for its security or users with malicious intent.
B) The shift toward profit-motivated crimes
C) Security costs and efforts from reacting to crises and paying for damages are greater than if an EC strategy is in place.
D) Many companies fail to implement basic IT security management best practices, business continuity plans, and disaster recovery plans.

A) a huge number of hijacked Internet computers that have been set up to forward traffic, including spam and viruses, to other computers on the Internet.
B) a piece of software code that inserts itself into a host or operating system to launch DOS attacks.
C) a piece of code in a worm that spreads rapidly and exploits some known vulnerability.
D) a production system that looks like it does real work, but that acts as a decoy and is watched to study how network intrusions occur.

A) Spamming
B) Pretexting
C) Social engineering
D) Phishing

A) access control.
B) confidentiality.
C) key encryption.
D) digital envelope.

A) Access control determines which persons, programs, or machines can legitimately use a network resource and which resources he, she,or it can use.
B) Access control lists (ACLs) define users' rights, such as what they are allowed to read, view, write, print, copy, delete, execute, modify, or move.
C) All resources need to be considered together to identify the rights of users or categories of users.
D) After a user has been identified, the user must be authenticated.

A) encryption algorithm.
B) key value.
C) ciphertext.
D) internal control environment.

A) message digesting.
B) Data Encryption Standard.
C) public key infrastructure.
D) key space.

A) data encryption standard.
B) public asymmetric key encryption.
C) symmetric private key encryption.
D) paired key encryption.

A) A digital signature is the electronic equivalent of a personal signature, which can be forged.
B) Digital signatures are based on public keys for authenticating the identity of the sender of a message or document.
C) Digital signatures ensure that the original content of an electronic message or document is unchanged.
D) Digital signatures are portable.

A) digital envelope.
B) message digest.
C) hash.
D) digital signature.

A) They are less expensive than private leased lines because they use the public Internet to carry information.
B) They ensure the confidentiality and integrity of the data transmitted over the Internet without requiring encryption.
C) They can reduce communication costs dramatically because VPN equipment is cheaper than other remote solutions.
D) Remote users can use broadband connections rather than make long distance calls to access an organization's private network.

A) honeynet.
B) intrusion detection system.
C) firewall.
D) virtual private network.

A) general controls
B) application controls
C) broad controls
D) systems controls

A) EC avatars.
B) EC bots.
C) worms.
D) intelligent agents.

A) acceptable use policy.
B) internal control environment.
C) internal politics.
D) standard of due care.

A) EEA.
B) DCMA.
C) SSL.
D) CAN-SPAM.

A) managing the complexity of security.
B) preventing data breaches from outside attackers.
C) enforcing security policies.
D) all of the above.

A) business impact analysis
B) business plan
C) acceptable use policy
D) EC security program

A) Sophisticated hackers use browsers to crack into Web sites.
B) Strong EC security makes online shopping inconvenient and demanding on customers.
C) There is lack of cooperation from credit card issuers and foreign ISPs.
D) Online shoppers do not take necessary precautions to avoid becoming a victim.