Deck 3: Computer and Internet Crime

A security policy outlines exactly what needs to be done to safeguard computers and their data, but not how it must be accomplished.

Smart and talented hackers who are technically inept are referred to as lamers or script kiddies by more skilled hackers.

The cost of creating an email campaign for a product or a service is typically more expensive and takes longer to conduct than a direct-mail campaign.

A spear-phishing attack typically employs a group of zombies to keep the target so busy responding to a stream of automated requests that legitimate users cannot access the target.

Competitive intelligence is conducted by industrial spies.

Malicious insiders mean well but have the potential to cause considerable damage through their actions.

According to the 2010/11 CSI Computer Crime and Security Survey, malware infection incidents were the most common security incident.

Vishing frequently leads consumers to counterfeit Web sites designed to trick them into initiating a denial-of-service attack.

The cost to repair the worldwide damage done by a computer worm has exceeded $1 billion on more than one occasion.

Whenever possible, automated system rules should mirror an organization's written policies.

The Fifth Amendment regulates the collection of the content of wire and electronic communications.

The USA Patriot Act defines cyberterrorism as hacking attempts that cause $5,000 in aggregate damage in one year to medical equipment, or that cause injury to any person.

Computer forensics is such a new field that there is little training or certification processes available to practioners.

A completed risk assessment identifies the most dangerous threats to a company and helps focus security efforts on the areas of highest payoff.

Trojan horse has become an umbrella term for many types of malicious code.

Employees and contract workers must be educated about the importance of security so that they will be motivated to understand and follow the security policies.

Rootkit is a set of programs that enables its users to gain administrator-level access to a computer without the end
user's consent or knowledge.

Computer viruses differ from worms in that viruses can propagate without human intervention, often sending copies of themselves to other computers by email.

Fraud by malicious insiders often involves some form of collusion, or cooperation, between an employee and an outsider.

Hacktivism involves using illegal means to obtain trade secrets from competitors.

Installation of a corporate firewall is the least common security precaution taken by businesses as it does not provide sufficient security.

Discussing security attacks through public trials and the associated publicity has not only enormous potential costs in public relations but real monetary costs as well.

In a security incident, the primary goal must be to regain control and limit damage, and not to attempt to monitor or catch an intruder.

As a safeguard against attacks by malicious insiders, organizations must define employee roles so that a single employee can input as well as approve purchase orders.

The use of cloud computing and virtualization software has significantly reduced computer security concerns.

Competitive intelligence combines elements of law and computer science to identify, collect, examine, and preserve data so that it is admissible in a court of law.

An intrusion detection system monitors system and network resources and activities, and notifies the network security when it detects attempts to circumvent the security measures of a networked computer environment.

It is not unusual for a security audit to reveal that too many people have access to critical data and that many people have capabilities beyond those needed to perform their jobs.

Even when preventive measures are implemented, no organization is completely secure from a determined computer attack.

operates in a software layer that runs on top of the operating system.

Using text messaging (SMS) fraudulently to try to get the recipient to reveal personal data is called .

A large group of computers controlled from one or more remote locations by hackers without the knowledge or consent of their owners is called a(n) .

detracts recipients from the ability of recipients to communicate effectively due to full mailboxes and relevant emails being hidden among many unsolicited messages.

People who use illegal means to obtain trade secrets from a competitor are called .

has become an umbrella term for many types of malicious code.

A(n) is a security incident prevention tool that evaluates whether an organization has a well-considered security policy in place and if it is being followed.

Spammers can defeat the registration process of free e-mail services by launching a coordinated bot attack that can sign up for thousands of email accounts. A partial solution to this problem is the use of to ensure that only humans obtain free accounts.

A(n) is a harmful program that resides in the active memory of the computer and duplicates itself.

differ from viruses in that they propagate without human intervention, sending copies of themselves to other computers by email.

Hacking to achieve a political or social goal is known as .

The cooperation between an employee of a company and an outsider to commit fraud against the company is called
_____.

The Act went into effect in 2004 and states that it is legal to spam, provided the messages meet a few basic requirements.

is legally obtained information gathered using sources available to the public.

A(n) is a form of malware in which malicious code is hidden inside a seemingly harmless program.

To initiate a denial­of­service attack, a tiny program is downloaded surreptitiously from the attacker's computer to dozens, hundreds, or even thousands of computers all over the world. Based on a command by the attacker or at a preset time, the botnet computers, called , go into action, each sending a simple request for access to the target site again and again.

The encourages private industry to share confidential information about the nation's critical infrastructure with the Department of Homeland Security under the assurance that the information will be protected from public disclosure.

The Act addresses the disclosure of stored wired and electronic communications and transaction records by Internet service providers.

The use of voice mail to tell someone to call a phone number, or access a Web site, in an attempt to gain personal information about that person is called .

An employee who seeks to disrupt his firm's information systems or to use them to seek financial gain is called a(n)
_____.

Workers in many organizations operate in a(n) environment in which software and data storage are services provided via the Internet.