Fundamental Info Systems: Module 11

Ensuring access to information to authorized persons whenever needed is referred to as _____________.

availability

The policies, procedures and technologies used to protect information systems from unauthorized access, alteration, theft or damage is broady refered to as ________________

information system security

Restricting access to information to only those who need it in order to fulfill their job responsibilities is referred to as ________________

confidentiality

Ensures that information is accurate, complete and reliable

integrity

Assessing the threats to information systems including potential losses and implementing cost-beneficial measures to protect against these threats is referred to as _______________.

risk management

fill-in the blanks below for each example below with the correct factor of the IS security triad.
options: integrity, availability, confidentiality

A school administrator mistakenly gave a student another student's academic records. This is an example of a violation of ________________.

confidentiality

Fill-in the blanks below for each example below with the correct factor of the IS security triad.
options: integrity, availability, confidentiality

A storm damaged the data center of a local town and prevented town officials from accessing data needed to perform their jobs This is an example of a violation of ________________.

availability

fill-in the blanks below for each example below with the correct factor of the IS security triad.
options: integrity, availability, confidentiality

A financial analyst at a hospital gained access to a celebrity's medical records and posted them online. This is an example of a violation of ___________.

confidentiality

fill-in the blanks below for each example below with the correct factor of the IS security triad.
options: integrity, availability, confidentiality

A patient had a left rotator cuff tear but her medical records indicated right rotator cuff. This is an example of a violoation of ____________.

integrity

The increased prevalence of mobile computing devices have made information systems less vulnerable because they are small and easy to replace.

True or False

False

Computer systems have become more vulnerable to threats because large amounts of data can be stored on a small amount of storage space.

True or False

True

Corporate networks have become less vulnerable to threats because they are connected to the Internet.

True or False

False

It is a U.S. federal crime to attack computer systems with software that is intended to disable the targeted computer systems.

True or False

True

Firms should implement the strongest possible security measures for all identified threats no matter what their cost is.

True or False

False

Over time, the skills needed to hack an information systems have increased.

True or False

False

Without specific security measures, wireless communications networks are generally more vulnerable to threats than wired communication networks.

True or False

True

Stealing money by altering the data and programs of an information system is called _______________.

embezzlement

Stealing secret or sensitive corporate or government information is refered to as _____________.

espionage

Any crime that is committed through the use of an information system is defined as ______________.

a computer crime

After purchasing the passwords of a bank's clients on the dark web, a group of persons used the bank's cash managment system to transfer money from client accounts to their own accounts. This is an example of _____________.

embezzlement

A foreign government gained access to the email of a political candidate which detailed her campaign strategy and shared it with the political opponent of that candidate. This is an example of _______________.

espionage

__________ is unwanted software that is used to monitor a user’s behavior and is often downloaded as part of other free software.

Spyware

_____________ involves demanding payment in exchange for access to your computer system and data.

Ransomware

__________ involves setting up imposter web sites or e-mails that look like legitimate ones in order to trick users into providing personal identification information.

Phishing

_________________ involves unauthorized access to data as it is transmitted over a communication network.

Sniffing

_________________ involves flooding a web site with so many requests that it causes the web site to slow down or crash altogether.

A denial-of-service attack

______________ is an unwanted program that can cause a computer to malfunction and is spread from computer- to-computer by attaching itself to a legitimate program or document that a user opens or runs.

A virus

______________ is an unwanted program that can cause a computer to malfunction and is independently spread from computer- to-computer without attaching itself to a program or document.

A worm

When logging on, a user found a locked screen with a message claiming to be from a law enforcement agency. The message stated that the computer was used to access illegal pornographic material and that a fine needed to be paid in order to unlock the screen. This is an example of _____________.

ransomware

A hacker intercepted and read data packets transmitted on the Internet in order to gain access to usernames and passwords. This is an example of ___________.

sniffing

An employee received an email stating that his work had corrupted important data files and that the employee's password was needed to fix the problem. The email was signed with the name of the employee's direct supervisor. This is very likely an example of _____________.

phishing

A computer user clicked on an attachment to an email with the subject heading “I love you.” This resulted in the execution of an unwanted program which deleted the users computer files. This is an example of _____________.

a virus

A city's computer systems were infected with malware that prevented access to all data on its servers. The attackers sent a message stating that data was encrypted and a payment of $500,0000 was required to decrypt the data.

ransomware

The web servers of a major domain name service provider was flooded with nearly 1.2 terabits per second of data which caused its service to become inoperable. This is an example of ______________.

a denial-of-service attack

____________ refers to the potential loss if a threat occurs.

A risk

__________ depends on the likelihood that a threat will occur and the associated losses that be would be incurred.

An expected loss

__________ is a diagramming technique used to categorize the severity of risks.

A risk matrix

__________ is an action taken or not taken to protect an information system againt a threat.

A risk response

_________ refers to a threat that occurs.

A risk event

___________ is a situation that makes it easier for a threat to occur.

A vulnerability

A company experienced a malware attack that caused its computer system to be down for one week. This is an example of _____________.

a risk event

A company that does not provide IS security training to its employees is an example of ______________.

a vulnerability

The possibility that an earthquake will disable a data center is an example of _________.

a risk

A small software development company has decided not to purchase a backup power supply due to its cost and the low likelihood of a power outage. This is an example of risk__________.

acceptance

An e-tailer decided to NOT collect and store personally identifiable information about its customers to prevent such data from being stolen from its computer systems. This is an example of risk __________.

avoidance

A company contracted with a cloud service provider that accepts some responsibility for the security of data stored on its servers. This is an example of risk _________.

transference

A company contracted with a data center service provider to provide a cold backup site that would be used to recover from a natural disaster. This is an example of risk ____________.

mitigation

When initially activating an online bank account, a user had to create several secret questions with answers. If the user later wants to change the password, s/he will need to first answer the secret questions. This process is used for ___________ .

authentication

Biometrics are used for __________________.

authentication

The process of verifying the identity of a person or organization is called _____________.

authentication

A university system which tracks student grades allows professors to enter grades only for courses that they teach. This is an example of _________.

authorization

Restricting a person's access to functionality and data in an information system is called _________________,

authorization

Using the physical traits of a person to verify their identity is called ___________.

biometrics

A(n) ____________ uses a trusted third party to verify the identity of a person or organization when communicating electronically.

digital certificate

The main purpose of passwords is____________.

authentication

__________ is software-as-a-service that provides a private communication channel built on top of the Internet.

A VPN

______________ transforms plain text into a cypher text that can only be read with a key.

Encryption

________ specifies how an organization will resume operations after an event such as a fire that disrupted data center operations.

A disaster recover plan

__________ scans for and removes known unwanted software such as viruses, worms and spyware.

Anti-malware software

______________ must be updated frequently because new unwanted software programs are continually developed.

Anti-malware software

________________ blocks traffic coming into a network based on pre-specified rules.

A firewall

______________ learns normal behavior of a communication network and flags behavior that is out of the ordinary and suspicious.

Intrusion detection software

_________________ has redundant (duplicate) hardware components.

A fault-tolerant system

Which of the following items is a technology that figured out how to initially share an encryption key on an unsecure channel?

asymmetric key encryption

Indicate the most appropriate protection mechanism for the scenario below:

theft of data center equipment

locked entrances and securities cameras

Indicate the most appropriate protection mechanism for the scenario below:

lost data in a flooded data center

data backups stored at a different physical location

Indicate the most appropriate protection mechanism for the scenario below:

a failed disk drive

a fault tolerant computer

Indicate the most appropriate protection mechanism for the scenario below:

a stranger parked outside your house reading your wireless communication

encryption

Indicate the most appropriate protection mechanism for the scenario below:

a virus spreading from one computer to another

anti-malware software

Indicate the most appropriate protection mechanism for the scenario below:

incoming communications from a known malicious web site

a firewall

Indicate the most appropriate protection mechanism for the scenario below:

a flood of incoming HTTP web page requests which appear to be legitimate

intrusion detection software

Indicate the most appropriate protection mechanism for the scenario below:

impostering an-commerce trading partner

a digital certificate

A company decided to connect its corporate network to the Extranet of one of its largest customers even though it increased the chance of unauthorized access to its network. This is an example of __________.

a risk event