Chapter 8: Securing Information Systems

Question 1

Digital data is vulnerable to

Answer 1

destruction, misuse, error, fraud, and hardware of software failures

Question 2

Spoofing

Answer 2

Tricking or deceiving computer systems by hiding or faking one’s identity (fake e-mail addresses or masquerading as someone else)

Question 3

Sniffing

Answer 3

type of eavesdropping program that monitors information traveling over network (f.e. enables hackers to steal information)

Question 4

Denial-of-Service attacks (DoS) & Distributed DOS (DDoS)

Answer 4

DoS: flooding server with thousands of false requests to crash the network
DDoS: use of numerous computers to launch a DoS

Question 5

Botnets

Answer 5

networks of “zombie” PC’s infiltrated by bot malware, can perform spam attacks , DoS, etc.

Question 6

Identity Theft

Answer 6

Theft of personal information (social security ID, driver’s license, or credit card numbers) to impersonate someone else

Question 7

Phishing

Answer 7

setting up fake websites or sending e-mail messages that look like legitimate businesses to ask users for confidential personal data

Question 8

Evil twins

Answer 8

wireless networks that pretend to offer trustworthy Wi-Fi connections to the Internet

Question 9

Pharming

Answer 9

redirects users to a bogus web page, even when individual types correct Web page address into their browser

Question 10

Click Fraud

Answer 10

occurs when individual or computer program fraudulently clicks on online ad without any intention of learning more about the advertiser or making a purchase - imitate users clicking on your system

Question 11

Internal threats: Employees

Answer 11

• sloppy security procedures
• both end users and IS specialists are sources of risk

Question 12

Software presents problems because

Answer 12

• software bugs may be impossible to eliminate
• software vulnerabilities can be exploited by hackers and malicious software

Question 13

Malware

Answer 13

can disable systems and websites, with special focus on mobile devices

Question 14

Firms relying on computer systems for their core business functions are at risk of

Answer 14

• losing sales and productivity due to lack of security and control

Question 15

various information assets such as business plans lose value if

Answer 15

they are released to outsiders or of they expose the firm to legal liability

Question 16

electronic evidence (probative digital material) and computer forensics also require firms to

Answer 16

pay more attention to security and electronic records management

Question 17

General Controls (for IS)

Answer 17

• overall control environment governing the design, security, and use of computer programs and the security of data files in general throughout organisation’s information technology infrastructure
• types of general controls: software controls, hardware controls, computer operations controls, data security controls, system development controls, administrative controls

Question 18

Application Controls (for IS)

Answer 18

• specific controls unique to each computerised application that ensure that only authorised data are completely and accurately processed by that application
• include: input controls, processing controls, output controls

Question 19

Risk assessment

Answer 19

• evaluate information assets
• identify control points and control weaknesses
• determine the most cost-effective set of controls

Question 20

Security policy

Answer 20

• includes policies for acceptable use and identity management
• ranks information risks
• identifies security goals
• mechanisms for achieving these goals
• having coherent and tailored corporate security policies and plans for continuing business operations in case of disruption is imperative
• AUP (acceptable use policy) defines acceptable uses of firm’s information resources & computing

Question 21

Identity management software

Answer 21

• automates keeping track of all users and privileges
• authenticates users, protecting identities, controlling access

Question 22

Authentication

Answer 22

password systems, tokens, smart cards, etc.

Question 23

Firewall

Answer 23

combination of hardware and software that prevents unauthorised users from accessing private networks

Question 24

Intrusion detection systems

Answer 24

• monitor networks to detect and deter intruders
• examines events as they are happening to discover attacks in progress

Question 25

Viruses

Answer 25

rogue software program that attaches itself to other software programs or data files in order to be executed

Question 26

Worms

Answer 26

independent programs that copy themselves from one computer to other over a network

Question 27

Trojan horses

Answer 27

Software that appears benign but does something other than expected

Question 28

SQL injection hacks

Answer 28

hackers submit data to web forms that exploits site's unprotected software and sends rogue SQL query to database

Question 29

ransomware

Answer 29

encrypt files on a device, rendering an files and the system that rely on them unusable and demanding ransom for decryption

Question 30

Spyware

Answer 30

gathering information about a person or organization without their knowledge though technology

Question 31

Encryption

Answer 31

- transforming text or data into cipher text that cannot be read by unintended recipients - two methods: SSL (secure socket layer)/ TLS (transport security layer) and S-HTTP (Secure hypertext transfer protocol)

Question 32

Standard used today for encryption

Answer 32

AES (advanced encryption standard)

Question 33

Blockchain technology

Answer 33

enables companies to create and verify tamperproof transactions on a network without a central authority

Question 34

Digital certificates combined with public key encryption

Answer 34

provide further protection of electronic transactions by authenticating a users identity

Question 35

PKI (public key infrastructure)

Answer 35

available for anyone to use. data encrypted with the public key can only be decrypted with the private key

Question 36

Fault-tolerant computer systems

Answer 36

systems can operate even when one or more parts of them fail

Question 37

using software metrics and rigorous software testing help improve

Answer 37

software quality and reliability