Information Systems

STUDY
PLAY
What sends massive amounts of email to a specific person or system that can cause that user's server to stop functioning
Mail Bomb
What prevention technique scrambles information into an alternative form that requires a key or password to decrypt
Encryption
What is the primary difference between a worm and a virus
A virus must attach to something to spread, whereas a worm does not need to attach to anything to spread and can tunnel itself into the computer
Employees need to understand that email privacy exists to an extent and that corporate email is solely owned by _________
The Company
Which of the following means the right to be left alone when you want to be, to have control over your personal possessions, and not to be observed without your consent
Privacy
Which of the following describes privacy
The right to be left alone when you want to be, to have control over your own personal possessions, and to not be observed without your consent
Which of the following contains general principles to guide computer user behavior
Ethical computer use policy
What is a mail bomb
Sending a massive amount of email to a specific person or system, resulting in filling up the recipient's disk space
What is an Internet monitoring technique that captures keystrokes on their journey from the keyboard to the motherboard
Hardware key logger
Where do organizations typically place firewalls
Between the server and the Internet
Which of the following is not considered a form of biometrics
password
Which of the following should be included in a company email privacy policy
-Definition of legitimate email users and explanation of what happens to accounts after a person leaves the organization
-Statement discouraging sending junk email or spam to anyone who doesn't want to receive it
-Statement informing users that the organization has no control over email once it has been transmitted outside the organization
Which of the following changes its form as it propagates
Polymorphic viruses and worms
Which of the following is a common Internet monitoring technology
-Key logger
-Hardware key logger
-Cookie
What type of encryption technology uses multiple keys, one for public and one for private
Public key encryption
What is the intangible creative work that is embodied in physical form and includes trademarks and patents
Intellectual property
Which of the following refers to the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or information inquiry
Ediscovery
Which of the following is the correct list of the six different types of hackers listed in your text
Black-hat, cracker, cyberterrorist, hactivist, script kiddies, and white-hat hackers
Which of the following is considered a type of biometrics
-Voice
-Face
-Iris
In relation to privacy, which of the following is the assurance that messages and information remain available only to those authorized to view them
Confidentiality
Jensen is a senior developer for HackersRUs, a company that helps secure management information systems. Jensen's new task is to break into the computer system of one of HackersRUs's top clients to identify system vulnerabilities and plug the holes. What type of hacker is Jensen
White-hat hacker
Which of the following types of viruses spread themselves, not just from file to file, but also from computer to computer
Worm
Which of the following clauses is typically contained in an acceptable use policy
A nonrepudiation clause
What is the one of the most common forms of computer vulnerabilities that can cause massive computer damage
Virus
What is software written with malicious intent to cause annoyance or damage
Virus
Which of the following is not one of the six epolicies that a company should implement for information protection as discussed in the text
Downtime monitoring policy
Which of the following is not an example of unplanned downtime
A system upgrade
What must you do with antivirus software to make it protect effectively
Must frequently update it to protect against viruses
What is a hacker who breaks into other people's computer systems and may just look around or steal and destroy information
Black-hat hacker
What is intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents
Intellectual property
Which of the following terms refers to a contractual stipulation to ensure that ebusiness participants do not deny their online actions
Nonrepudiation
In the information technology world, which of the following are examples of ethical issues that a company may have to manage
-Employees copying and distributing company-owned software
-Employees searching other employees' private information without consent
-Employees intentionally creating or spreading viruses to confuse IT
What is a data file that identifies individuals or organizations online and is comparable to a digital signature
Digital certificate
All of the following are types of information security breaches except
Ediscovery
What is the process that provides a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space
Authorization
What are policies and procedures that address information management along with the ethical use of computers and the Internet in the business environment
Epolicies
Imagine you accidently mistype the URL for your bank and you are redirected to a fake website that collects your information. What type of identity theft were you just a victim of
Pharming
Which of the following authentication methods is 100 percent accurate
Smart card
Fingerprint authentication
User ID

NONE OF THESE
Which of the following governs the ethical and moral issues arising from the development and use of information technologies and the creation, collection, duplication, distribution, and processing of information
Information ethics
Which policy contains general principles regarding information privacy
Information privacy policy
Which of the following is not considered an epolicy
Anti-hacker use policy
Who are those who seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction
Cyberterrorists
What are the first two lines of defense a company should take when addressing security risks
People first, technology second
Which of the following is the main drawback of biometrics
It can be costly and intrusive
Which of the following are all common forms of viruses
Backdoor program, worm, Trojan-horse viruses
Which of the following describes information technology monitoring
-Tracking people's activities by such measures as number of keystrokes
-Tracking people's activities by such measures as error rate
-Tracking people's activities by such measures as number of transactions processed
Which of the following represents the definition of information compliance
The act of conforming, acquiescing, or yielding information
Which of the following policies details the extent to which email messages may be read by others
Email privacy policy
Which of the following would not be found in a typical acceptable use policy
Not posting commercial messages to groups where the employee has received user consent
Who are hackers with criminal intent
Crackers
A smart card is a device, the size of a credit card, that contains embedded technology that stores information and small amounts of software and can act as __________________
-Identification instruments
-A form of digital cash
-A data storage device
What are critical questions that managers should ask when determining the cost of downtime
-What is the productivity cost associated with each hour of downtime?
-How many transactions can the company afford to lose without significantly harming business?
What can encryption technology perform
-Switch the order of characters
-Replace characters with other characters
-Insert or remove characters
According to the text, Visa created a program called Innovant. What was the primary purpose for Innovant
Information privacy policy
Which of the following is an example of a way to maintain information security that a company should include in its information security policies
-Requiring computer users to log off before leaving for lunch
-Never sharing user or password information with anyone
-Changing passwords every 30 to 60 days
Which of the following protection techniques scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware
Antivirus software
What is a program that, when installed on a computer, records every keystroke and mouse click
Key logger software
What is the legal protection afforded an expression of an idea, such as a song, book, or video game
Copyright
What is hardware or software that guards a private network by analyzing incoming and outgoing information for the correct markings
Firewall
Which quadrant in the cost of downtime includes equipment rental, overtime costs, and travel expenses
Other expenses
Applications allowed to be placed on the corporate network, like IM software, and corporate computer equipment used for personal reason on personal networks are two areas that should be addressed by managers in which of the following company policies
Information security policies
With so much information and moving parts within a company, technology has made it possible for employers to monitor many aspects of employee jobs and duties. What is a system that can track employee's activities by measures as keystrokes, error rate, and number of transaction processed
Information technology monitoring
What is forging of someone's identity for the purpose of fraud
Identity theft
Which of the following examines the organizational resource of information and regulates its definitions, uses, value, and distribution, ensuring it has the types of data or information required to function and grow effectively
Information management
Which of the following represents the biggest problem of information security breaches
People misusing organizational information
Which of the following defines information security
-A broad term encompassing the protection of information
-Protects information from accidental misuse
-Protects information from intentional misuse
What is the method or system of government for information management or control
Information governance
What is the difference between pirated and counterfeit software
Pirated is the unauthorized use, duplication, distribution, or sale of copyrighted software; counterfeit is software that is manufactured to look like the real thing and sold as such
Which policy can protect a company's brand identity and outlines the corporate principles governing employee online communication
A social media policy
A company should be able to calculate the cost of downtime by which of the following
Per hour, per day, and per week
What is a small file deposited on a hard drive by a website that contains information about customers and their web activities
Cookie
Social media can be a very valuable tool for a company if used properly. Which of the following represents social media uses for a company
-Building a strong brand identity
-Protecting the company reputation through counter-damage control
-Engaging directly with customers and prospective customers
To find out your company policy regarding such websites as YouTube, Facebook, and Twitter, you would have to refer to the ____________ policy
Social Media Policy
What is one of the major problems with email
User's expectation of privacy
Which of the following is a cost of downtime in addition to lost revenue
-Legal expenses
-Loss in financial performance
-Damage to reputation
Which of the following represents the two fundamental building blocks that protect organizational information
Ethics and security
What is a method for confirming users' identities
Authentication
Using one's social skills to trick people into revealing access credentials or other valuable information is called ______________
Social engineering
Which of the following represents the three areas where technology can aid in the defense against information security attacks
Authentication and authorization, prevention and resistance, detection and response
What is the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting
Biometrics
What is the difference between phishing and pharming
Phishing is a technique to gain personal information for the purpose of identity theft; pharming reroutes requests for legitimate websites to false websites
What type of Internet monitoring technique records information about a customer during a web surfing session, such as what websites were visited and how long the visit was, what ads were viewed, and what was purchased
Clickstream
Which policy details the extent to which email messages may be read by others
Email privacy policy
How do prevention and resistance technologies stop intruders from accessing and reading sensitive information
Content filtering, encryption, and firewalls
Which of the following is an example of acting ethically
-Individuals copy, use, and distribute software.
-Employees search organizational databases for sensitive corporate and personal information.
-Individuals hack into computer systems to steal proprietary information.

None of these offers an example of acting ethically
Which of the following is served as key evidence in many legal cases today and also provides a faster, easier way to search and organize paper documents
Digital information
Which of the following key terms represents the principles and standards that guide our behavior toward other people
Ethics
Which of the following would you find in a typical Internet use policy
-User ramifications if the policy is violated
-User responsibility for properly handling offensive material
-User responsibility for protecting the company's good name
The most secure procedures combine which of the following authentication and authorization techniques
-Something the user knows, such as a user ID and password
-Something the user has, such as a smart card or token
-Something that is part of the user, such as a fingerprint or voice signature
Which of the following systems is designed with full-time monitoring tools that search for patterns in network traffic to identify intruders and to protect against suspicious network traffic that attempts to access files and data
Intrusion detection software (IDS)
What is the software called that allows Internet advertisers to display advertisements without the consent of the computer user
Adware
Which of the following refers to a period of time when a system is unavailable
Downtime
A DDoS stands for one of the common forms of viruses, that attack multiple computers to flood a website until it slows or crashes. What does DDoS stand for
Distributed denial-of-service attack
What kind of policy can a company implement that can help diminish the activity of sending unsolicited email
Anti-spam policy
What is a process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system
Elevation of privilege
Which of the following is not included as a common stipulation an organization would follow when creating an employee monitoring policy
Do not state the consequences of violating the policy
What is the most secure type of authentication
-Something the user knows such as a user ID and password
-Something the user has such as a smart card or token
-Something that is part of the user such as a fingerprint or voice signature
Experts in technology who use their knowledge to break into computers and networks for profit or just as a challenge are know as what
Hackers
What is unsolicited email that plagues employees at all levels and clogs email systems
Spam
Which of the following describes confidentiality
The assurance that messages and information are available only to those who are authorized to view them