he Secret Service is charged with the detection and arrest of any person committing a United States federal offense relating to computer fraud and false identification crimes.
True/False
Indicate whether the statement is true or false.
___F_ 1. When a computer is the subject of an attack, it is the entity being attacked.
___F_ 2. The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC).
__T__ 3. The Secret Service is charged with the detection and arrest of any person committing a United States federal offense relating to computer fraud and false identification crimes.
__T__ 4. The value of intellectual property influences asset valuation.
__T__ 5. Leaving unattended computers on is one of the top information security mistakes made by individuals.
Modified True/False
Indicate whether the statement is true or false. If false, change the identified word or phrase to make the statement true.
__T__ 6. In information security, salami theft occurs when an employee steals a few pieces of information at a time, knowing that taking more would be noticed — but eventually the employee gets something complete or useable. _________________________
__T__ 7. The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information. _________________________
__T__ 8. Privacy is not absolute freedom from observation, but rather is a more precise “state of being free from unsanctioned intrusion.” _________________________
__T__ 9. The Economic Espionage Act of 1996 protects American ingenuity, intellectual property, and competitive advantage. _________________________
__T__ 10. Security efforts that seek to provide a superior level of performance in the protection of information are referred to as best business practices. _________________________
Multiple Choice
Identify the choice that best completes the statement or answers the question.
__B__ 11. A famous study entitled “Protection Analysis: Final Report” was published in ____.
| a. | 1868 | c. | 1988 |
| b. | 1978 | d. | 1998 |
_A___ 12. ____ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse.
| a. | Physical | c. | Object |
| b. | Personal | d. | Standard |
__C__ 13. The ____ model consists of six general phases.
| a. | pitfall | c. | waterfall |
| b. | 5SA&D | d. | SysSP |
__A__ 14. There are generally two skill levels among hackers: expert and ____.
| a. | novice | c. | packet monkey |
| b. | journeyman | d. | professional |
__A__ 15. “4-1-9” fraud is an example of a ____ attack.
| a. | social engineering | c. | worm |
| b. | virus | d. | spam |
__B__ 16. The Computer ____ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts.
| a. | Violence | c. | Theft |
| b. | Fraud | d. | Usage |
___C_ 17. Which of the following countries reported generally intolerant attitudes toward personal use of organizational computing resources?
| a. | Australia | c. | Singapore |
| b. | United States | d. | Sweden |
___D_ 18. Laws and policies and their associated penalties only deter if which of the following conditions is present?
| a. | Fear of penalty |
| b. | Probability of being caught |
| c. | Probability of penalty being administered |
| d. | All of the above |
__B__ 19. The ____ strategy attempts to prevent the exploitation of the vulnerability.
| a. | suspend control | c. | transfer control |
| b. | defend control | d. | defined control |
___B_ 20. The formal decision making process used when considering the economic feasibility of implementing information security controls and safeguards is called a(n) ____.
| a. | ARO | c. | ALE |
| b. | CBA | d. | SLE |
Completion
Complete each statement.
- A virus or worm can have a payload that installs a(n) _____back_______________ door or trap door component in a system, which allows the attacker to access the system at will with special privileges.
- A(n) __________Buffer Overrun__________ is an application error that occurs when more data is sent to a program buffer than it is designed to handle.
- Guidelines that describe acceptable and unacceptable employee behaviors in the workplace are known as ________policies____________.
Essay
- Describe the multiple types of security systems present in many organizations.
1.) Physical Security – protect items, objects, and places
2.) Personnel security – protect individual access to the organization
3.) Operation security – protect details of activities
4.) Communications security – protect communications media, technology, and content
5.) Network security – protect networking components, connections, and contents
6.) Information security – protect the confidentiality, availability, and integrity of information assets.
- List Microsoft’s “Ten Immutable Laws of Security” in any order
- If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore.
- If a bad guy can alter the operating system on your computer, it’s not your computer anymore.
- If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.
- If you allow a bad guy to upload programs to your website, it’s not your website any more.
- Weak passwords trump strong security.
- A computer is only as secure as the administrator is trustworthy.
- Encrypted data is only as secure as the decryption key.
- An out of date virus scanner is only marginally better than no virus scanner at all.
- Absolute anonymity isn’t practical, in real life or on the Web.
- Technology is not a panacea.
Related Posts
Resolving Ethical Business Challenges on pages 304-305
Plutarch: Selections from the Life of Alexander
You are the assistant to the CEO of a small textile firm that manufactures quality, premium-priced, stylish clothing.- Course Database Technology-16SP quiz
Ethics of War
Case Study: Freemiums in the Social Gaming World