Deck 5: Cybersecurity, Compliance, and Business Continuity

A) Database
B) Cloud
C) Anti-virus
D) Local Area Network LAN)

A) Because networks are used by hacktivists looking for media attention
B) Because of hackers stealing credentials such as banking PINS and passwords
C) Because of industrial spies looking for trade secrets
D) Because of decreased awareness about the problem on the part of top management and IT professionals in organizations.

A) Background Intruder attack
B) Advanced Persistent Threat APT) attack
C) Silent Sabotage attack
D) Unauthorized Security Breach USB) attack

A) Employees will spend too much time playing games or using entertainment and recreation apps, thus reducing productivity.
B) Managers will be unable to monitor phone calls or police the volume of personal calls made during work hours.
C) Many personal smartphones do not have anti-malware or data encryption apps, creating a security problem with respect to any confidential business data stored on the device.
D) Consumer quality equipment is more likely to break or malfunction than enterprise quality devices.

A) Banking and finance, entertainment and technology
B) Technology, banking and finance, and education
C) Energy utility, health care, and banking and finance
D) Healthcare, technology and defense

A) Result in the firing of the top IT management or top officials in the organization.
B) Damage their stock price, or because they never knew they were hacked in the first place.
C) Encourage other hackers to target the organization.
D) Require them to spend more money on increasing security in the future.

A) Resulted from sophisticated software attacks that effectively defeated the IT security defenses in place at the time of the attack.
B) Were avoidable and did not require hackers to possess special skills, resources, or customization.
C) Resulted from hackers using high tech hardware to breach the IT security defenses in place at the time of the attack.
D) Resulted from a combination of sophisticated hacking software and hardware tools designed to defeat IT security defenses.

A) There are no laws that specifically address unauthorized access of confidential data.
B) Current laws prohibit unauthorized access of confidential data, but few laws require organizations to take steps to protect data.
C) Only a few specific industries
D) International, federal, and state laws and industry regulations mandate that organizations invest in cybersecurity defenses, audits, and internal controls to secure confidential data.
E)g. banking, health care) are affected by laws requiring organizations to take steps to protect data.

A) The National Security architecture
B) Strategically connected networks
C) Critical infrastructure
D) Secure network architecture

A) Hacktivists
B) Political criminals
C) Industrial spies
D) Information Systems Terrorists

A) Advanced Persistent Threat APT)
B) Malware intrusion
C) Denial of service DoS)
D) System Overload Attack SOA)

A) Pretexting
B) Identity Fraud
C) Baiting
D) Thrashing

A) Personal devices at work PDAW)
B) Bring your own device BYOD)
C) Consumer /Enterprise Equipment CEE)
D) Non-Approved Devices NAD)

A) Increase costs of managing new and existing mobile devices
B) Security threats - employee owned devices may not be properly protected with strong passwords or encryption software.
C) Compliance - employee owned devices may not meet regulatory standards for how data must be collected, stored, or made available in the event of audit or legal action.
D) Impact on productivity - managers must trade-off gains related to employees having 24/7 access to work related data against losses related to employees using non-work related apps
E)g. personal social media, texting, personal phone calls) while on the job.

A) Hacktivists
B) Political criminals
C) Industrial spies
D) Attention seekers

A) Social engineering
B) URL fabricating
C) Security crashing
D) Password crashing

A) With the number of mobile apps hitting 1.3 million-compared to only 75,000 apps for PCs--managing employee-owned devices is more complex and expensive.
B) Companies are increasingly prohibiting employees from using their personal mobile devices for work related purposes because of security and compliance challenges.
C) Companies need to insure and be able to prove that enterprise data stored on personal devices are in compliance,
D) Controls placed on employee-owned devices can infringe on personal privacy; organizations could learn what sites were visited or movies were watched, what was done on sick days, and all social media activities during work hours and off-hours.
E)g., encrypted, password protected, unaltered, etc.

A) Pretexting
B) Identity Fraud
C) Baiting
D) Thrashing

A) To bribe employees to get access codes and passwords.
B) To bombard websites or networks with so much traffic that they "crash", exposing sensitive data.
C) To break into employees' mobile devices and leapfrog into employers' networks-stealing secrets without a trace.
D) Use a combination of sophisticated hardware tools designed to defeat IT security defenses.

A) Integrity
B) Confidentiality
C) Availability
D) Reliability

A) A weakness that threatens the confidentiality, integrity, or availability CIA) of an asset
B) Something or someone that may result in harm to an asset
C) Estimated cost, loss, or damage that can result from an exploited vulnerability
D) Tool or technique that takes advantage of a vulnerability

A) Integrity
B) Confidentiality
C) Availability
D) Reliability

A) Integrity
B) Confidentiality
C) Availability
D) Reliability

A) A weakness that threatens the confidentiality, integrity, or availability CIA) of an asset
B) The estimated cost, loss, or damage that can result from an exploited vulnerability
C) A tool or technique that takes advantage of a vulnerability
D) The probability of a threat exploiting a vulnerability

A) Data protection, equipment protection, reputation protection
B) Confidentiality, integrity, availability
C) Anticipate, defend, counter-attack
D) Identify, assess risk, take action

A) Spam
B) Adware
C) Malware
D) Spyware

A) A weakness that threatens the confidentiality, integrity, or availability CIA) of an asset
B) The estimated cost, loss, or damage that can result from an exploited vulnerability
C) A tool or technique that takes advantage of a vulnerability
D) The probability of a threat exploiting a vulnerability

A) Fault tolerance
B) Minimal Operating Level MOL)
C) Stand-by Mode
D) System Fail Mode

A) Top Secret Security Procedures
B) Do-Not-Carry-Rules
C) Foreign Threat Prevention Procedures FTPP)
D) Strict Security Standards SSS)

A) Threats and risks
B) Vulnerabilities
C) Exposure
D) Network Integrity

A) Identifying exposure
B) Risk management
C) An audit
D) Encryption

A) Advanced security methods
B) Physical security
C) Biometrics
D) Unique Identification methods

A) A weakness that threatens the confidentiality, integrity, or availability CIA) of an asset
B) Something or someone that may result in harm to an asset
C) Estimated cost, loss, or damage that can result from a cybersecurity breach
D) Tool or technique that threatens the confidentiality, integrity, or availability CIA) of an asset

A) An attacker who is using the identity or credentials of a legitimate user to gain access to an IS, device, or network
B) A legitimate user who performs actions he is not authorized to do
C) A user who tries to disguise or cover up his actions by deleting audit files or system logs.
D) Employees who use computing or network resources inefficiently.

A) Domestic terrorists
B) Amateur hackers
C) Organized crime syndicates based in the United States
D) Other countries

A) Authentication
B) Coding
C) Encryption
D) Text Mashing

A) Secure channels
B) Botnets
C) Virus Blockers
D) Firewalls

A) Record
B) Authenticate
C) Substantiate
D) Validate

A) Secret codes
B) Digital keys
C) Strong passwords
D) Unbreakable passcodes

A) Theft of data
B) Inappropriate use of data
C) Malicious damage to computer resources
D) Human Error
E)g., manipulating inputs)

A) Transnational organized crime groups use money laundering to fund their operations, which creates international and national security threats.
B) Cybercrime is safer and easier than selling drugs, dealing in black market diamonds, or robbing banks.
C) Funds used to finance terrorist operations are easy to track, which provides evidence to identify and locate leaders of terrorist organizations and cells.
D) Online gambling offers easy fronts for international money-laundering operations.

A) IT planning
B) Strategic planning for IT
C) IT governance
D) IT architecture management

A) Zombies
B) Spies
C) Botnets
D) Phishnets

A) Computer systems failure
B) Malicious damage to computer resources
C) Destruction from viruses and similar attacks
D) Internet fraud

A) Software errors
B) Malicious employees
C) Social networks and cloud computing
D) Vendor sabotage

A) Business impact analysis BIA)
B) Vulnerability audit
C) Asset valuation audit
D) Computing Cost/Benefit CCB) audit

A) Layered Security Model
B) Security module model
C) Segmented security model
D) Defense-in-depth model

A) Users invite in and build relationships with others. Cybercriminals hack into these trusted relationships using stolen log-ins.
B) E-mail viruses and malware have been increasing for years even though e-mail security has improved.
C) Communication has shifted from social networks to smartphones.
D) Web filtering, user education, and strict policies cannot help prevent IT security dangers on Facebook and other social networks.

A) Increases in hacker skills and capabilities
B) Poorly designed network protection software
C) Increasing sophistication of computer viruses and worms
D) Users who do not follow secure computing practices and procedures

A) Terms of service TOS)
B) Acceptable use policy AUP)
C) Safe security plan SSP)
D) Computing practices policy CPP)

A) Malware
B) Phishing
C) Impostering
D) Click hijacking

A) Report security breaches
B) Backup sensitive data
C) Protect personally identifiable information
D) Inform the public about network failures in a timely manner

A) Time-to-exploitation; weeks
B) Time-to-exploitation; minutes
C) Denial of service; days
D) Denial of service; seconds

A) Set of standards required by U.S. and international law for protecting credit card transaction data.
B) Set of industry standards required for all members, merchants, or service providers that store, process, or transmit cardholder data.
C) Set of voluntary security guidelines for retailers who accept Visa, MasterCard, American Express, and Discover credit cards.
D) Set of regulations that vary from state to state, and country to country) that apply to credit card companies, but not necessarily to retailers or merchants who accept them.

A) Social media
B) Internal
C) Cloud based
D) Foreign

A) Political/civic unrest
B) Human errors
C) Environmental hazards
D) Computer systems failures

A) Principle of economic use of resources
B) Principle of legality
C) Principle of secure assets
D) Accounting principles

A) Patches; service packs
B) Patches; downloads
C) Firewalls; spyware
D) Service packs; firewalls

A) That failed to inform the public about network failures in a timely manner
B) That failed to transmit sensitive data
C) That did not report security breaches to law enforcement
D) Lacked adequate policies and procedures to protect consumer data.

A) Application controls
B) Physical controls
C) General controls
D) Authentication controls

A) Insider fraud
B) Identity theft
C) Occupational corruption
D) Document sabotage

A) The requirements and operations of the business
B) How firewalls, anti-virus software, and other technology function
C) Tactics of hackers, fraudsters, botnets, and identity thieves
D) How much to invest in risk management

A) Application controls
B) Physical controls
C) General controls
D) Authentication controls

A) Perimeter security layer to control access to the network.
B) Authentication layer to verify the identity of the person requesting access to the network.
C) Biometrics layer to monitor network usage.
D) Authorization layer to control what authenticated users can do once they are given access to the network.

A) Personal and non-personal
B) Felonies and misdemeanors
C) Insider and outsider
D) Violent and nonviolent

A) Fostering company loyalty
B) Immediately revoking access privileges of dismissed, resigned, or transferred employees
C) Instituting separation of duties by dividing sensitive computer duties among as many employees as economically feasible
D) Performing authorization and authentication

A) Administrative
B) Network access
C) Input
D) Communication

A) Holding managers responsible for the actions of their employees
B) Peer monitoring employees monitor each other)
C) Creating the perception that fraud will be detected and punished
D) A clearly written employee policy manual that explains unacceptable behaviors

A) Managerial corruption
B) Insider or internal fraud
C) Corporate fraud
D) Intentional fraud

A) Security audits
B) Pattern analysis
C) Behavior recognition scans
D) Anomaly detection analysis

A) Corporate governance
B) Access to legal counsel
C) Relationships with security vendors
D) Awareness of industry standards

A) Authorization
B) Authentication
C) Endpoint security
D) Information assurance

A) Application controls
B) Physical controls
C) General controls
D) Authentication controls

A) The source of the threat
B) Industry regulations regarding protection of sensitive data
C) What needs to be protected and the cost-benefit analysis
D) The available IT budget

A) Firewall
B) Switch
C) Router
D) Gateway

A) Data and data processing capabilities
B) Hardware and software applications and wireless devices
C) Data and networks
D) Data, hardware, software applications, and networks

A) Zombies
B) Spies
C) Botnets
D) Phishnets

A) A detailed recovery plan; containment, including a fault-tolerant system
B) Perimeter defense technologies, such as e-mail scanners; human resource procedures, such as recruitment screening
C) General controls; application controls
D) Physical controls, including authorization; authentication systems

A) Security bonds or malfeasance insurance for key employees
B) Emergency power shutoff and backup batteries
C) Shielding against electromagnetic fields
D) Properly designed and maintained air-conditioning systems