BIS Chapter 4

E-Espionage represents online security threats and should be a high-level concern that all companies and individuals need to implement measures to protect themselves from.

Government agencies have reported in the past two years a huge increase in cybersecurity incidents to the U.S. Homeland Security Department.

Poison Ivy was an E-Espionage training strategy performed by the United States military to avoid cyber attacks

Ethics and security are two fundamental building blocks for all organizations.

Privacy is the legal protection afforded an expression of an idea, such as a song, book, or video game.

Information governance is a method or system of government for information management or control.

Confidentiality is the right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent.

Epolicies are policies and procedures that address information management along with the ethical use of computers and the Internet in the business environment.

An acceptable use policy (AUP) requires a user to agree to follow it to be provided access to corporate email, information systems, and the Internet.

Companies do not need a privacy policy for email because an employee's work email is private and cannot be viewed by the company.

A social media policy outlines the corporate guidelines or principles governing employee online communications.

An ethical computer use policy contains general principles to guide computer user behavior.

Employee monitoring policies explicitly state how, when, and where the company monitors its employees.

Information technology monitoring tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed.

Spyware is software that, while purporting to serve some useful function and often fulfilling that functions, also allows Internet advertisers to display advertisements without the consent of the computer user.

The Trojan-horse virus hides inside other software, usually as an attachment or a downloadable file.

Information security is a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization

Two of the common forms of viruses discussed in the book include the Trojan-horse virus and the acceptance-of-service attack.

A hacker weapon called a splog (spam blog) is a fake blog created solely to raise the search engine rank of affiliated websites.

. Information security is a high priority for protection of the company's information and it is critical to implement an information security procedure to combat misuse of this information.

Smoking areas are targeted by hackers as they regularly use smoking entrances to gain building access where they pose as employees to gain access to the company network.

Downtime refers to a period of time when a system is unavailable and unplanned downtime can strike at any time for various reasons.

Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident are called insiders.

Insiders are illegitimate users who purposely or accidentally misuse their access to the environment to do business.

Information security policies detail how an organization will implement the information security plan.

Dumpster diving is another security breach for companies and is where people not associated with the company jump into the company's outside garbage bins and try to gather and steal any valuable company products they can resell on eBay.

Organizations address security risks through two lines of defense. The first is people and the second is technology.

Through social engineering, hackers use their social skills to trick people into revealing access credentials or other valuable information.

The three primary information security areas are 1) authentication and authorization, 2) policies and rewards, and 3) detection and response.

Tokens are small electronic devices that change user passwords automatically.

The technique to gain personal information for the purpose of identity theft, often through fraudulent emails that look as though they came from legitimate businesses is called phishing.

A process of providing a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space is called authentication.

One of the most ineffective ways to set up authentication techniques is by setting up user ID's and passwords.

Biometrics is the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting.

A firewall scrambles information into an alternative form that requires a key or password to decrypt.

One of the biggest government technology breaches was in the form of an email, and landed in the email box of Jack Mulhern, the V.P. for international military assistance programs at Booz Allen. What was this case nicknamed?

The pentagon researched and tracked this espionage email hacker sent to Booz Allen and tracked it all the way back to an Internet address in China called _______________.

Which of the following represents the two fundamental building blocks that protect organizational information?

What is the legal protection afforded an expression of an idea, such as a song, book, or video game?

40. What is the intangible creative work that is embodied in physical form and includes trademarks and patents? A. Intellectual software B. Intellectual property C. Trademark property D. Ethical property

41. Trust between companies, customers, partners, and suppliers are the support structure of which of the following?

In relation to privacy, which of the following is the assurance that messages and information remain available only to those authorized to view them?

Which of the following key terms represents the principles and standards that guide our behavior toward other people?

What is the difference between pirated and counterfeit software?

Which of the following governs the ethical and moral issues arising from the development and use of information technologies, and the creation, collection, duplication, distribution, and processing of information?

Which of the following means the right to be left alone when you want to be, to have control over your personal possessions, and not to be observed without your consent?

47. Determining what is ethical can sometimes be difficult because certain actions can be justified or condemned depending on how you view the relationship between ___ and _______.

48. Which of the following examines the organizational resource of information and regulates its definitions, uses, value, and distribution ensuring it has the types of data or information required to function, and grow effectively?

49. Sophie Black works as a computer programmer for a software company. Her boss, Mike Jones, is responsible for developing a new software game for the Wii. After completion of the project Mike gives all of the team members a free copy of the game without consent from the company. Sophie is a little hesitant and unsure about accepting the game because legally it would be considered ________.

What is the method or system of government for information management or control?

Which of the below represents the definition of information compliance?

Which of the following is served as key evidence in many legal cases today and also provides a faster, easier way to search and organize paper documents?

Which of the following refers to the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or an information inquiry?

In the information technology world, which of the following are examples of ethical issues that a company may have to manage?

As the President of a local trade company, Kristin is faced with leadership, ethical, and operational decisions on a daily basis. Kristen's responsibilities include examining the organizational resource of information and regulating its definitions, uses, value, and distribution ensuring it has the types of information required to function and grow effectively. What is Kristin overseeing for the company?

When studying the figure of the four quadrants of ethical and legal behavior, the goal is for organizations to make decisions in which of the following quadrants?

Which of the following is included in the four quadrants of ethical and legal behavior?

What is intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents?

Which of the following describes privacy?

Which of the following is an example of acting ethically?

Which act restricts what information the federal government can collect?

Which act protects investors by improving the accuracy and reliability of corporate disclosures?

Which act strengthened criminal laws against identity theft?

Which of the following describes confidentiality?

What are policies and procedures that address information management along with the ethical use of computers and the Internet in the business environment?

Which of the below is not one of the six epolicies that a company should implement for information protection as discussed in the text?

Which of the following contains general principles to guide computer user behavior?

Which company policy did Visa create the program 'Innovant' to handle?

Which of the following clauses is typically contained in an acceptable use policy?

Which of the below would not be found in a typical acceptable use policy?

Which of the following terms refers to a contractual stipulation to ensure that ebusiness participants do not deny their online actions?

According to the ethical computer use policy, users should be ______________ of the rules and, by agreeing to use the system on that basis, _______________ to abide by the rules.

Which of the following policies states that users agree to follow it in order to be given access to corporate email, information systems, and the Internet?

Which of the following is not considered an epolicy?

Which policy contains general principles regarding information privacy?

Which of the following represents the classic example of unintentional information reuse?

What is one of the guidelines an organization can follow when creating an information privacy policy?

What is one of the major problems with email?

If an organization implemented only one policy, which one would it want to implement?

Jackie is the head teller at ABC Bank and her responsibilities include overseeing and managing the tellers, resolving customer issues, and developing and implementing systems for an optimal and efficient team. She notices a steady increase in customer complaints and tracks back to find that the complaints started right around the time ABC Bank provided Internet access to all employees. Jackie watched the tellers closely and found that they were spending significant amounts of time playing Internet games and posting on Facebook. Which policy should the company implement to help eliminate this problem?

Which of the below would you find in a typical Internet use policy?

Which of the following policies details the extent to which email messages may be read by others?

Employees need to understand that email privacy exists to an extent and that corporate email is solely owned by ________.

Which of the below should be included in a company email privacy policy?

What sends massive amounts of email to a specific person or system that can cause that user's server to stop functioning?

What is unsolicited email that plagues employees at all levels and clogs email systems?

What kind of policy can a company implement that can help diminish the activity of sending unsolicited email?

To find out your company policy regarding such websites as YouTube, Facebook, and Twitter you would have to refer to the ____________.

Social media can be a very valuable tool for a company if used properly. Which of the following represents social media uses for a company?

Which policy can protect a company's brand identity and outlines the corporate principles governing employee online communication?

With so much information and moving parts within a company, technology has made it possible for employers to monitor many aspects of employee jobs and duties. What is a system that can track employee's activities by measures as keystrokes, error rate, and number of transaction processed?

Which of the below is a common Internet monitoring technology?

What is an Internet monitoring technique that captures keystrokes on their journey from the keyboard to the motherboard?

What type of Internet monitoring technique records information about a customer during a web surfing session such as what websites were visited and how long the visit was, what ads were viewed and what was purchased?

Which of the below is not included as a common stipulation an organization would follow when creating an employee monitoring policy?

96. What is a mail bomb?

Which policy details the extent to which email messages may be read by others? A. Acceptable use policy

98. Which of the following describes information technology monitoring?

What is a program, when installed on a computer, records every keystroke and mouse click?

What is a small file deposited on a hard drive by a website containing information about customers and their Web activities?

Which of the following refers to a period of time when a system is unavailable?

Which of the following is not an example of unplanned downtime?

What are critical questions that managers should ask when determining the cost of downtime?

Which of the following is a cost of downtime in addition to lost revenue?

A company should be able to calculate the cost of downtime by which of the following?

Which quadrant in the cost of downtime includes equipment rental, overtime costs, and travel expenses?

Jensen is a senior developer for HackersRUs, a company that helps secure management information systems. Jensen's new task is to break into the computer system of one of HackersRUs' top clients to identify system vulnerabilities and plug the holes. What type of hacker is Jensen?

Which of the below defines information security?

What are experts in technology who use their knowledge to break into computers and networks, for profit or just as a challenge known as?

What is a hacker who breaks into other people's computer systems and may just look around or steal and destroy information?

Which of the following is the correct list of the six different types of hackers listed in your text?

112. What is software written with malicious intent to cause annoyance or damage? A. Elevation of privilege

113. What includes a variety of threats such as viruses, worms, and Trojan horses?

114. What is the forging of the return address on an email so that the email message appears to come from someone other than the actual sender?

115. What is a special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission?

116. What is the primary difference between a worm and a virus?

117. What is a process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system?

118. A DDoS stands for one of the common forms of viruses, that attacks multiple computers to flood a website until it slows or crashes. What does DDoS stand for?

119. Which of the following are all common forms of viruses?

120. What is the software called that allows Internet advertisers to display advertisements without the consent of the computer user?

121. Who are hackers with criminal intent?

122. Who are those who seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction?

123. Which of the following types of viruses spread themselves, not just from file to file, but also from computer to computer?

124. What is the one of the most common forms of computer vulnerabilities that can cause massive computer damage?

125. Which of the following changes its form as it propagates?

126. What are the first two lines of defense a company should take when addressing security risks?

127. Which of the below represents the biggest problem of information security breaches?

128. Angela works for an identity protection company that maintains large amounts of sensitive customer information such as usernames, passwords, personal information, and social security numbers. Angela and a coworker decide to use the sensitive information to open credit cards in a few of her customer's names. This is a classic example of which of the following security breaches?

129. Using ones social skills to trick people into revealing access credentials or other valuable information is called _____________.

130. All of the following are types of information security breaches except:

131. What is it called when a hacker looks through your trash to find personal information?

132. Working at a ski resort in the mountains has its own unique security issues. Kenny is the chief information officer for Sundance Ski Resort, and he is faced with both physical and information security threats every month. Since the resort implemented a new software system, they have been having larger number of threats and breaches of company information. He suspects that this may be the cause of an internal employee. He needs to clarify and establish what type of plan to help reduce further problems?

133. eBay is an example of an online company that has been faced with numerous security issues. For example, imagine you purchase a digital camera on eBay. Three months later you might receive an email asking you to log in to the system to update your credit card or PayPal information. Of course, this email is not actually from eBay and as soon as you log in your information will be stolen. What type of information security breach would you consider this to be?

134. Which of the following is an example of a way to maintain information security that a company should include in their information security policies?

135. Janet is a financial aid counselor at a local community college and she shares an office with her three coworkers. Janet feels safe in her office environment and frequently leaves her username and password on a sticky note next to her computer. Without realizing it Janet is creating the potential for which type of information security breach to occur?

136. Applications allowed to be placed on the corporate network, like IM software, and corporate computer equipment used for personal reason on personal networks are two areas that should be addressed by managers in which of the below company policies?

137. Which of the following represents the three areas where technology can aid in the defense against information security attacks?

138. What is forging of someone's identity for the purpose of fraud?

139. What is the difference between phishing and pharming?

140. Imagine you accidently mistype the URL for your bank and you are redirected to a fake website that collects your information. What type of identity theft were you just a victim of?

141. What area of information security focuses on preventing identity theft, phishing, and pharming scams?

142. What is the process that provides a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space?

143. What is a method for confirming users' identities?

144. The most secure procedures combine which of the following authentication and authorization techniques?

145. A smart card is a device, the size of a credit card that contains embedded technology that stores information and small amounts of software, and can act as _________________.

146. The best and most effective way to manage authentication is through __________.

147. Which of the following is not considered a form of biometrics?

148. Which of the following is the main drawback of biometrics?

149. How do prevention and resistance technologies stop intruders from accessing and reading sensitive information?

150. Which of the following occurs when organizations use software that filters content, such as email, to prevent the accidental or malicious transmission of unauthorized information?

151. What prevention technique scrambles information into an alternative form that requires a key or password to decrypt?

152. What can encryption technology perform?

153. What type of encryption technology uses multiple keys, one for public and one for private?

154. What is a data file that identifies individuals or organizations online and is comparable to a digital signature?

155. Charles Mott works for a company called VeriSign that acts a trusted third party to verify information. One of Charles' largest clients is CheckMd, which holds and authenticates customer reviews of doctors and dentists online and having a third party validating the reviews is critical to CheckMd's success. What type of authentication technique is VeriSign providing for CheckMD?

156. What is hardware or software that guards a private network by analyzing incoming and outgoing information for the correct markings?

157. Which of the following protection techniques scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware?

158. What must you do with antivirus software to make it protect effectively?

159. Which of the following systems is designed with full-time monitoring tools that search for patterns in network traffic to identify intruders and to protect against suspicious network traffic which attempts to access files and data?

160. What is the most secure type of authentication?

161. What is a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing?

162. What is the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting?

163. Which of the following is considered a type of biometrics?

164. Which of the following authentication methods is 100 percent accurate?

165. Where do organizations typically place firewalls?