50 terms

Information Systems Test. Chap 7

________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alternation,theft, or physical damage to information systems
________ refers to all of the methods, policies, and organizational procedures that ensure the safety of theorganization's assets, the accuracy and reliability of its accounting records, and operational adherence tomanagement standards
Large amounts of data stored in electronic form are ________ than the same data in manual form
vulnerable to many more kinds of threats
Electronic data are more susceptible to destruction, fraud, error, and misuse because information systemsconcentrate data in computer files that:
have the potential to be accessed by large numbers of people and by groups outside of the organization
Specific security challenges that threaten the communications lines in a client/server environment include
tapping; sniffing; message alteration; radiation
Specific security challenges that threaten clients in a client/server environment include
unauthorized access; errors; spyware
Specific security challenges that threaten corporate servers in a client/server environment include:
hacking; vandalism; denial of service attacks
The Internet poses specific security problems because
it was designed to be easily accessible
Which of the following statements about the Internet security is
A corporate network without access to the Internet is more secure than one provides access.
An independent computer program that copies itself from one computer to another over a network is called a
Asalesperson clicks repeatedly on the online ads of a competitor's in order to drive the competitor's advertisingcosts up. This is an example of
click fraud
In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor's site, asmall program called Mitglieder was downloaded to the user's machine. The program enabled outsiders to infiltratethe user's machine. What type of malware is this an example of?
Trojan horse
Redirecting a Web link to a different address is a form of
a keylogger is a type of a
hackers create a botnet by
by causing other people's computers to become "zombie" PCs following a master computer.
Using numerous computers to inundate and overwhelm the network from numerous launch points is called a ________ attack
Which of the following is
an example of a computer used as a target of crime?
Illegally accessing stored electronic communication
Which of the following is
an example of a computer used as an instrument of crime?
Intentionally attempting to intercept electronic communication
Phishing is a form of
An example of phishing is:
Setting up fake medical web site that asks for users for confidential information.
Evil Twins are
Bogus wireless network access points that look legitimate to others
Pharming involves:
Pretending to be a legitimate business representative in order to garner info about a security system.
You have been hired as a security consultant for a law firm. Which of the following constitutes the greatestsource of security threats to the firm?
Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is called
Social Engineering
How do software vendors correct flaws in their software after it has been distributed?
Issue Patches
The HIPAA act of 1997
outlines medical security and privacy rules.
The Gramm-Leach-Bliley Act
requires financial institutions to ensure the security of customer data.
The Sarbanes-Oxley Act:
imposes responsibility on companies and management to safeguard the accuracy of financial information
The most common type of electronic evidence is
Electronic evidence on computer storage media that is not visible to the average user is called ________ data
Application controls:
can be classified as input, processing, and output controls.
________ controls ensure that valuable business data files on either disk or tape are not subject to unauthorizedaccess, change, or destruction while they are in use or in storage
Data Security.
Analysis of an information system that rates the likelihood of a security incident occurring and its cost isincluded in a(n)
Risk Assessment
Statements ranking information risks and identifying security goals are included in a(n):
Security Policy
An analysis of the firm's most critical systems and the impact a system's outage would have on the business isincluded in a(n):
business impact analysis
Rigorous password systems:
are one of the most effective security tools
An authentication token is an:
device the size of a credit card that contains access permission data.
Biometric authentication:
only uses physical measurements for identification.
A firewall allows the organization to:
enforce a security policy on traffic between its network and the internet.
In which technique are network communications are analyzed to see whether packets are part of an ongoingdialogue between a sender and a receiver?
Stateful inspection
________ use scanning software to look for known problems such as bad passwords, the removal of importantfiles, security attacks in progress, and system administration errors.
stateful inspection
Currently, the protocols used for secure information transfer over the Internet are
Most antivirus software is effective against:
only those viruses already known when the software is written.
In which method of encryption is a single encryption key sent to the receiver so both sender and receiver sharethe same key?
Symmetric Key encryption.
A digital certificate system:
uses third-party CAs to validate a user's identity.
Downtime refers to periods of time in which a
computer system is not operational.
For 100% availability, online transactions processing requires:
fault-tolerant computer systems.
In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine datafiles and sort low-priority data from high-priority data.
deep-packet inspection.
The development and use of methods to make computer systems resume their activities more quickly after mishaps is called
recovery oriented computing
Smaller firms may outsource some or many security functions to: