When information gatherers employ techniques that cross a legal or ethical threshold

Chapter 02 The Need for Security

TRUEFALSE

1.

Information security's primary mission is to ensure that systems and their contents retain their

confidentiality at any cost.

(A) True

(B) False

Answer : (B)

2.

The information security function in an organization safeguards its technology assets.

(A) True

(B) False

Answer : (A)

3.

As an organization grows, it must often use more robust technology to replace the security

technologies it may have outgrown.

(A) True

(B) False

Answer : (A)

4.

Suppose an act of theft performed by a hacker was accompanied by defacement actions to delay

discovery. The first act is obviously in the category of "theft" but the second act is another

category-in this case it is a "force of nature."

(A) True

(B) False

Answer : (B)

5.

Two watchdog organizations that investigate allegations of software abuse are the Software &

Information Industry Association (SIIA) and National Security Agency (NSA).

(A) True

(B) False

Answer : (B)

A virus or worm can have a payload that installs a back door or trap door component in a system. This allows the attacker to access the system at will with special privileges

A momentary decrease in voltage is known as a(n) _______________.

competitive intelligence (CI)

An intelligence system that helps managers assess their competition and vendors in order to become more efficient and effective competitors.

A hacker with criminal intent.

a hacker who intends to exploit a target computer or network to create a serious impact 

develops software scripts and codes exploits used by the second category, the novice, or unskilled hacker

a technique to compromise a system

One who uses programming skills to gain illegal access to computer networks or files.

protester seeking to make a political point by leveraging technology tools, often through system infiltration, defacement, or damage

When information gatherers employ techniques that cross the threshold of what is legal and/or ethical

A virus written in a scripting language.

Deliberate software attacks occur when an individual or group designs software to attack an unsuspecting system

hacks the public telephone network to make free calls or disrupt services.

hackers of limited skill who use expert-written software to exploit a system but do not fully understand or appreciate the systems they hack

momentary increase or surge – prolonged increase

Software programs that hide their true nature and reveal their designed behavior only when activated

Malicious programs that replicate themselves constantly without requiring another program to provide a safe environment for replication

a program that attaches itself to another program and can cause damage when the host program is activated.

__________ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the flood waters recede.

The __________ plan specifies the actions an organization can and should take while an adverse event is in progress. An adverse event could result in loss of an information asset or assets, but it does not currently threaten the viability of the entire organization

A(n) _________ is a formal access control methodology used to assign a level of confidentiality to an information asset and thus restrict the number of people who can access it.

data classification scheme

A _________ assigns a status level to employees to designate the maximum level of classified data they may access.

security clearance scheme

A computer is the __________ of an attack when it is used to conduct an attack against another computer.

A subject or object’s ability to use, manipulate, modify, or affect another subject or object is known as ___________.

A technique used to compromise a system is known as a(n) ___________.Term

An organizational resource that is being protected is sometimes logical, such as a Web site, software information, or data. Sometimes the resource is physical, such as a person, computer system, hardware, or other tangible object. Either way, the resource is known as a(n) ___________.

A ____________________ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.

distributed denial-of-service

In a ____________________ attack, the attacker sends a large number of connection or information requests to disrupt a target from a small number of sources.

When information gatherers employ techniques that cross a legal or ethical threshold, they are conducting __________.

The process of maintaining the confidentiality, integrity, and availability of data managed by a DBMS is known as __________ security.

The average amount of time until the next hardware failure is known as __________.

mean time to failure (MTTF)

The average amount of time between hardware failures, calculated as the total amount of operation time for a specified number of units divided by the total number of failures, is known as __________.

mean time between failure (MTBF)

The __________ attempts to prevent trade secrets from being illegally shared.

Which of the following acts is also widely known as the Gramm-Leach-Bliley Act?

Financial Services Modernization Act

The National Information Infrastructure Protection Act of 1996 modified which act?

Computer Fraud and Abuse Act

Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications?

Electronic Communications Privacy Act

The transfer of large batches of data to an off-site facility, usually through leased lines or services, is called ____.Term

The ________is the high-level information security policy that sets the strategic direction, scope, and tone for all of an organization’s security efforts.

The transfer of transaction data in real time to an off-site facility is called ____.

_________ is the rapid determination of the scope of the breach in the confidentiality, integrity, and availability of information and information assets during or just following an incident.

__________ is a strategy of using multiple types of technology that prevent the failure of one system from compromising the security of information

Is the process of using social skills to convince people to reveal access credentials?

In which individuals interfere with or disrupt systems to protest the operations policies or actions of an organization or government agency?

What is Information Security's primary mission?

Is a technique used to gain unauthorized access to computers wherein the intruder sends messages?