Draper Residence And Pretends To Represent A Credit Card Company.
Experiencing MIS, 3e (Kroenke)
Chapter 12: Information Security Management
Multiple Choice
1) Which of the following is an example of a security threat resulting from malicious human activity?
A) an employee who misunderstands operating procedures
B) an employee who accidentally deletes customer records
C) an employee who inadvertently installs an old database on top of the current one
D) an employee who intentionally destroys data or other system components
Answer: D
Page Ref: 282
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
2) A person calls the Draper residence and pretends to represent a credit card company. He asks Mrs. Draper to confirm her credit card number. This is an example of ________.
A) hacking …show more content…
B) phishing
C) pretexting
D) sniffing
Answer: C
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
3) Which of the following is a synonym for phishing?
A) drive-by sniffing
B) e-mail spoofing
C) IP spoofing
D) system hacking
Answer: B
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
4) ________ simply take computers with wireless connections through an area and search for unprotected wireless networks.
A) Drive-by sniffers
B) Spoofers
C) Hackers
D) Phishers
Answer: A
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
5) An employee carelessly releases proprietary data to the media. This is a case of ________ resulting from ________.
A) loss of infrastructure; human error
B) unauthorized data disclosure; human error
C) loss of infrastructure; malicious activity
D) unauthorized data disclosure; malicious activity
Answer: B
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
6) A ________ pretends to be a legitimate company and sends emails requesting confidential data.
A) hacker
B) phisher
C) drive-by sniffer
D) sniffer
Answer: B
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
7) Mark recently received an email from what appeared to be a legitimate company, asking him to update and verify his credit card details. Unknowingly, he obliged and later realized that the information had been misused. Mark is a victim of ________.
A) hacking
B) phishing
C) pretexting
D) sniffing
Answer: B
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
8) ________ is a technique for intercepting computer communications.
A) Spoofing
B) Hacking
C) Pretexting
D) Sniffing
Answer: D
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
9) ________ occur when bogus services flood a Web server.
A) Spoofing attacks
B) Hacking attacks
C) Phishing attacks
D) DOS attacks
Answer: D
Page Ref: 284
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
10) Some unauthorized programs are able to ________ legitimate systems and substitute their own processing.
A) usurp
B) spoof
C) hack
D) flood
Answer: A
Page Ref: 284
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
11) ________ occurs when a person gains unauthorized access to a computer system.
A) Usurpation
B) Spoofing
C) Hacking
D) Phishing
Answer: C
Page Ref: 284
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
12) A problem in a customer billing system that occurs due to errors made during software installation is a case of ________ resulting from ________.
A) faulty service; human error
B) distributed denial of service; malicious activity
C) faulty service; malicious activity
D) distributed denial of service; human error
Answer: A
Page Ref: 284
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
13) ________ is an example of a data safeguard against security threats.
A) Application design
B) Backup and recovery
C) Accountability
D) Procedure design
Answer: B
Page Ref: 286
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 2
14) Which of the following is a human safeguard against security threats?
A) backup
B) firewalls
C) physical security
D) procedure design
Answer: D
Page Ref: 286
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 2
15) Which of the following is a technical safeguard against security threats?
A) passwords
B) backup and recovery
C) compliance
D) identification and authorization
Answer: D
Page Ref: 286
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 2
16) A user name ________ a user.
A) authenticates
B) identifies
C) conceals
D) encrypts
Answer: B
Page Ref: 287
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
17) A password ________ a user.
A) authenticates
B) identifies
C) conceals
D) encrypts
Answer: A
Page Ref: 287
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
18) Users of smart cards are required to enter a ________ to be authenticated.
A) PIN
B) password
C) biometric detail
D) key
Answer: A
Page Ref: 287
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
19) A(n) ________ card has a microchip on it that is loaded with identifying data.
A) USB
B) biometric
C) smart
D) encryption
Answer: C
Page Ref: 287
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
20) ________ use(s) personal physical characteristics such as fingerprints, facial features, and retinal scans to verify users.
A) Passwords
B) Smart cards
C) Biometric authentication
D) Personal identification numbers
Answer: C
Page Ref: 287
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
21) ________ is the process of transforming clear text into coded, unintelligible text for secure storage or communication.
A) Usurpation
B) Authentication
C) Standardization
D) Encryption
Answer: D
Page Ref: 288
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
22) Which of the following steps of the Secure Socket Layer is NOT true?
A) The computer obtains the public key of the website to which it will connect.
B) The computer generates a key for symmetric encryption.
C) The computer encodes that key using the Web site's public key.
D) The Web site decodes the symmetric key using its public key.
Answer: D
Page Ref: 289
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
23) A(n) ________ sits outside the organizational network and is the first device that Internet traffic encounters.
A) internal firewall
B) perimeter firewall
C) packet-filtering firewall
D) malware firewall
Answer: B
Page Ref: 290
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
24) ________ firewalls can prohibit outsiders from starting a session with any user behind the firewall.
A) Perimeter
B) Internal
C) Packet-filtering
D) Malware
Answer: C
Page Ref: 290
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
25) The program code that causes unwanted activity is called the ________.
A) key escrow
B) metadata
C) widget
D) payload
Answer: D
Page Ref: 291
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
26) The broadest definition of ________ includes viruses, worms, Trojan horses, spyware, and adware.
A) malware
B) metadata
C) software
D) widgets
Answer: A
Page Ref: 291
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
27) Which of the following are malware masquerading as useful programs?
A) macro viruses
B) trojan horses
C) worms
D) payloads
Answer: B
Page Ref: 291
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
28) What is the similarity between adware and spyware?
A) Both masquerade as useful programs.
B) Both are specifically programmed to spread.
C) Both are installed without user's permission.
D) Both are used to steal data.
Answer: C
Page Ref: 291
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
29) ________ are the patterns that exist in malware code and should be downloaded and updated frequently.
A) Data safeguards
B) Patches
C) Antivirus scans
D) Malware definitions
Answer: D
Page Ref: 292
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
30) Organizations should protect sensitive data by storing it in ________ form.
A) digital
B) standardized
C) encrypted
D) authenticated
Answer: C
Page Ref: 293
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 4
31) Because encryption keys can get lost or destroyed, a copy of the key should be stored with a trusted third party. This safety procedure is sometimes called ________.
A) key escrow
B) white hat
C) key encryption
D) biometric authentication
Answer: A
Page Ref: 293
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 4
32) Which of the following is an example of a data safeguard?
A) application design
B) dissemination of information
C) physical security
D) malware protection
Answer: C
Page Ref: 293
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 4
33) Which of the following statements is true regarding position sensitivity?
A) It is a type of data safeguard.
B) It enables security personnel to prioritize their activities in accordance with the possible risk and loss.
C) It is documented only for high-sensitivity positions.
D) It applies to new employees only.
Answer: B
Page Ref: 295
Difficulty: Moderate
AACSB: Use of IT
Study Question: Study Question 5
34) Enforcement of security procedures and policies consists of three interdependent factors: ________.
A) centralized reporting, preparation, and practice
B) account administration, systems procedures, and security monitoring
C) separation of duties, least privilege, and position sensitivity
D) responsibility, accountability, and compliance
Answer: D
Page Ref: 295
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 5
35) In terms of password management, when an account is created, users should ________.
A) create two passwords and switch back and forth between those two
B) immediately change the password they are given to a password of their own
C) maintain the same password they are given for all future authentication purposes
D) ensure that they do not change their passwords frequently, thereby reducing the risk of password loss
Answer: B
Page Ref: 296-297
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 5
36) Typically, a help-desk information system has answers to questions that only a true user would know, such as the user's birthplace, mother's maiden name, or last four digits of an important account number. This information ________.
A) allows help-desk representatives to create new passwords for users
B) reduces the strength of the security system
C) protects the anonymity of a user
D) helps authenticate a user
Answer: D
Page Ref: 297
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 5
37) Activity log analysis is an important ________ function.
A) account administration
B) security monitoring
C) backup
D) data administration
Answer: B
Page Ref: 298
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 5
38) ________ are remote processing centers run by commercial disaster-recovery services.
A) Cold sites
B) Web browsers
C) Hot sites
D) Backup centres
Answer: C
Page Ref: 299
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 6
39) Every organization should have a(n) ________ as part of the security program, which should include how employees are to react to security problems, whom they should contact, the reports they should make, and steps they can take to reduce further loss.
A) key escrow
B) smart card
C) human safeguard plan
D) incident-response plan
Answer: D
Page Ref: 300
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 7
40) Which of the following is true regarding an incident-response plan?
A) The plan should provide decentralized reporting of all security incidents.
B) The plan should require minimal training on the part of employees.
C) The plan should identify critical personnel and their off-hours contact information.
D) The plan should be simple enough to ensure a fast response with limited practice.
Answer: C
Page Ref: 300
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 7
True or False
1) Pretexting occurs when someone deceives by pretending to be someone else.
Answer: TRUE
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
2) Sniffing is usually initiated via email.
Answer: FALSE
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
3) Incorrectly increasing a customer's discount is an example of incorrect data modification.
Answer: TRUE
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
4) System errors are not caused by human error.
Answer: FALSE
Page Ref: 284
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
5) Denial-of-service attacks are caused by human error, not malicious intent.
Answer: FALSE
Page Ref: 284
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
6) Senior management has two critical security functions: overall policy and risk management.
Answer: TRUE
Page Ref: 286
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 2
7) Malware protection is an example of a technical safeguard.
Answer: TRUE
Page Ref: 286
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 2
8) Creating backup copies of database contents is a technical safeguard.
Answer: FALSE
Page Ref: 286
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 2
9) Technical safeguards include passwords and encryption.
Answer: FALSE
Page Ref: 286
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 2
10) Technical safeguards involve just the software components of an information system.
Answer: FALSE
Page Ref: 287
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
11) Smart cards are convenient and easy to use since they don't require a PIN number for authentication.
Answer: FALSE
Page Ref: 287
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
12) A criticism against biometric authentication is that it provides weak authentication.
Answer: FALSE
Page Ref: 287
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
13) Most secure communication over the Internet uses a protocol called HTTP.
Answer: FALSE
Page Ref: 289
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
14) Viruses, worms, and Trojan horses are types of firewalls.
Answer: FALSE
Page Ref: 290
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
15) Internal firewalls sit outside the organizational network.
Answer: FALSE
Page Ref: 290
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
16) Packet-filtering firewalls examine each part of a message and determine whether to let that part pass.
Answer: TRUE
Page Ref: 290
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
17) Perimeter firewalls are the simplest type of firewalls.
Answer: FALSE
Page Ref: 290
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
18) The existence of spyware is generally unknown to the user.
Answer: TRUE
Page Ref: 291
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
19) Most spyware is benign in that it does not perform malicious acts or steal data.
Answer: FALSE
Page Ref: 291
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
20) Once a backup of database contents is made, it is safe to assume that the database is protected.
Answer: FALSE
Page Ref: 293
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 4
21) In the context of human safeguards against security threats, the security sensitivity for each position should be documented.
Answer: TRUE
Page Ref: 295
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 5
22) The existence of accounts that are no longer necessary do not pose a serious security threat.
Answer: FALSE
Page Ref: 296
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 5
23) Backup procedures for system users include backing up Web site resources, databases, administrative data, account and password data, and other data.
Answer: FALSE
Page Ref: 298
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 5
24) Following a disaster, hot sites provide office space, but customers themselves must provide and install the equipment needed to continue operations.
Answer: FALSE
Page Ref: 299
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 6
25) Every organization must have an incident-response plan that allows for decentralized reporting of all security incidents.
Answer: FALSE
Page Ref: 300
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 7
Essay
1) Distinguish between phishing, spoofing, and sniffing.
Answer: Phishing is a technique for obtaining unauthorized data that uses pretexting via email. The phisher pretends to be a legitimate company and sends an email requesting confidential data, such as account numbers, Social Security numbers, account passwords, and so forth.
Spoofing is another term for someone pretending to be someone else. IP spoofing occurs when an intruder uses another site's IP address as if it were that other site. Email spoofing is a synonym for phishing.
Sniffing is a technique for intercepting computer communications. With wired networks, sniffing requires a physical connection to the network. With wireless networks, no such connection is required. Drive-by sniffers simply take computers with wireless connections through an area and search for unprotected wireless networks.
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
2) Explain denial of service (DOS) in information management.
Answer: Human error in following procedures or a lack of procedures can result in denial of service (DOS).
For example, humans can inadvertently shut down a Web server or corporate gateway router by starting a computationally intensive application. An OLAP application that uses the operational DBMS can consume so many DBMS resources that order-entry transactions cannot get through. Denial-of-service attacks can be launched maliciously. A malicious hacker can flood a Web server, for example, with millions of bogus service requests that so occupy the server that it cannot service legitimate requests. Computer worms can infiltrate a network with so much artificial traffic that legitimate traffic cannot get through. Finally, natural disasters may cause systems to fail, resulting in denial of service.
Page Ref: 284
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
3) Discuss in brief the pros and cons of biometric authentication.
Answer: Biometric authentication uses personal physical characteristics such as fingerprints, facial features, and retinal scans to authenticate users. Biometric authentication provides strong authentication, but the required equipment is expensive. Often, too, users resist biometric identification because they feel it is invasive. Biometric authentication is in the early stages of adoption. Because of its strength, it likely will see increased usage in the future. It is also likely that legislators will pass laws governing the use, storage, and protection requirements for biometric data.
Page Ref: 287-288
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question
3
4) Differentiate between symmetric and asymmetric encryption.
Answer: To encode a message, a computer program uses the encryption method with the key to convert a noncoded message into a coded message. The resulting coded message looks like gibberish. Decoding (decrypting) a message is similar; a key is applied to the coded message to recover the original text. With symmetric encryption, the same key (again, a number) is used to encode and to decode. With asymmetric encryption, two keys are used; one key encodes the message, and the other key decodes the message. Symmetric encryption is simpler and much faster than asymmetric encryption. A special version of asymmetric encryption, public key/private key, is used on the Internet.
Page Ref: 288
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
5) What are firewalls? What types of firewalls are commonly used?
Answer: A firewall is a computing device that prevents unauthorized network access. A firewall can be a special-purpose computer or it can be a program on a general-purpose computer or on a router. Organizations normally use multiple firewalls. A perimeter firewall sits outside the organizational network; it is the first device that Internet traffic encounters. In addition to perimeter firewalls, some organizations employ internal firewalls inside the organizational network. A packet-filtering firewall examines each part of a message and determines whether to let that part pass. To make this decision, it examines the source address, the destination address(es), and other data. Packet-filtering firewalls can prohibit outsiders from starting a session with any user behind the firewall.
Page Ref: 290
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
6) How is a Trojan horse different from a worm?
Answer: There are many different types of viruses. Trojan horses are viruses that masquerade as useful programs or files. A typical Trojan horse appears to be a computer game, an MP3 music file, or some other useful, innocuous program. A worm is a virus that propagates using the Internet or other computer network. Worms spread faster than other virus types because they are specifically programmed to spread. Unlike nonworm viruses, which must wait for the user to share a file with a second computer, worms actively use the network to spread. Sometimes, worms so choke a network that it becomes unusable.
Page Ref: 291
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
7) What is the difference between adware and spyware?
Answer: Spyware programs are installed on the user's computer without the user's knowledge or permission. Spyware resides in the background and, unknown to the user, observes the user's actions and keystrokes, monitors computer activity, and reports the user's activities to sponsoring organizations. Some malicious spyware captures keystrokes to obtain user names, passwords, account numbers, and other sensitive information. Other spyware supports marketing analyses, observing what users do, Web sites visited, products examined and purchased, and so forth. Adware is similar to spyware in that it is installed without the user's permission and it also resides in the background and observes user behavior. Most adware is benign in that it does not perform malicious acts or steal data. It does, however, watch user activity and produce pop-up ads. Adware can also change the user's default window or modify search results and switch the user's search engine.
Page Ref: 291
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
8) List some important malware safeguards.
Answer: It is possible to avoid most malware using the following malware safeguards: (1) install antivirus and antispyware programs on your computer, (2) set up the anti-malware programs to scan your computer frequently, (3) update malware definitions, (4) open email attachments only from known sources, (5) promptly install software updates from legitimate sources, and (6) browse only in reputable Internet neighborhoods.
Page Ref: 292
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
9) How can data safeguards protect against security threats?
Answer: Data safeguards protect databases and other organizational data. Both data and database administration are involved in establishing the data safeguards. First, data administration should define data policies. Then, data administration and database administration(s) work together to specify user data rights and responsibilities. Third, those rights should be enforced by user accounts that are authenticated at least by passwords. The organization should protect sensitive data by storing it in encrypted form. It is important to periodically create backup copies of database contents. Physical security is another data safeguard.
Page Ref: 293
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 4
10) Explain how defining positions in an organization can safeguard against security threats.
Answer: Effective human safeguards begin with definitions of job tasks and responsibilities. In general, job descriptions should provide a separation of duties and authorities. For example, no single individual should be allowed both to approve expenses and write checks. Instead, one person should approve expenses, another pay them, and a third should account for the payment. Similarly, in inventory, no single person should be allowed to authorize an inventory withdrawal and also to remove the items from inventory. Given appropriate job descriptions, user accounts should be defined to give users the least possible privilege needed to perform their jobs. For example, users whose job description does not include modifying data should be given accounts with read-only privilege. Similarly, user accounts should prohibit users from accessing data their job description does not require. Because of the problem of semantic security, even access to seemingly innocuous data may need to be limited. Finally, the security sensitivity should be documented for each position. Some jobs involve highly sensitive data (e.g., employee compensation, salesperson quotas, and proprietary marketing or technical data). Other positions involve no sensitive data. Documenting position sensitivity enables security personnel to prioritize their activities in accordance with the possible risk and loss.
Page Ref: 294-295
Difficulty: Moderate
AACSB: Use of IT
Study Question: Study Question 5
11) What are the three interdependent factors involved in the enforcement of security policies and procedures?
Answer: Enforcement consists of three interdependent factors: responsibility, accountability, and compliance. First, the company should clearly define the security responsibilities of each position. The design of the security program should be such that employees can be held accountable for security violations. Procedures should exist so that when critical data are lost, it is possible to determine how the loss occurred and who is accountable. Finally, the security program should encourage security compliance. Employee activities should regularly be monitored for compliance, and management should specify disciplinary action to be taken in light of noncompliance.
Page Ref: 295
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 5
12) Explain account management.
Answer: Account management concerns the creation of new user accounts, the modification of existing account permissions, and the removal of unneeded accounts. Information system administrators perform all of these tasks, but account users have the responsibility to notify the administrators of the need for these actions. The IT department should create standard procedures for this purpose. The existence of accounts that are no longer necessary is a serious security threat. Information system administrators cannot know when an account should be removed; it is up to users and managers to give such notification.
Page Ref: 296
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 5
13) What is the difference between a hot site and a cold site?
Answer: Both hot sites and cold sites are backup processing centers. Hot sites are remote processing centers run by commercial disaster-recovery services. For a monthly fee, they provide all the equipment needed to continue operations following a disaster. Cold sites, in contrast, provide office space, but customers themselves provide and install the equipment needed to continue operations.
Page Ref: 299
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 6
14) Describe an incident-response plan.
Answer: Every organization should have an incident-response plan as part of the security program. The plan should include how employees are to respond to security problems, whom they should contact, the reports they should make, and steps they can take to reduce further loss.
The plan should provide centralized reporting of all security incidents that will enable an organization to determine if it is under systematic attack or whether an incident is isolated. Centralized reporting also allows the organization to learn about security threats, take consistent actions in response, and apply specialized expertise to all security problems. Viruses and worms can spread very quickly across an organization's networks, and a fast response will help to mitigate the consequences. Because of the need for speed, preparation pays. The incident-response plan should identify critical personnel and their off-hours contact information. These personnel should be trained on where to go and what to do when they get there. Finally, organizations should periodically practice incident response.
Page Ref: 300
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 7
15) What should an organization do when a security breach occurs in its information systems?
Answer: When an incident does occur, speed is of the essence. Viruses and worms can spread very quickly across an organization's networks, and a fast response will help to mitigate the consequences. Because of the need for speed, preparation pays. The incident-response plan should identify critical personnel and their off-hours contact information. These personnel should be trained on where to go and what to do when they get there. Without adequate preparation, there is substantial risk that the actions of well-meaning people will make the problem worse. Organizations should periodically practice incident response. Without such practice, personnel will be poorly informed on the response plan, and the plan itself may have flaws that only become apparent during a drill.
Page Ref: 300
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 7
Chapter 12: Information Security Management
Multiple Choice
1) Which of the following is an example of a security threat resulting from malicious human activity?
A) an employee who misunderstands operating procedures
B) an employee who accidentally deletes customer records
C) an employee who inadvertently installs an old database on top of the current one
D) an employee who intentionally destroys data or other system components
Answer: D
Page Ref: 282
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
2) A person calls the Draper residence and pretends to represent a credit card company. He asks Mrs. Draper to confirm her credit card number. This is an example of ________.
A) hacking …show more content…
B) phishing
C) pretexting
D) sniffing
Answer: C
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
3) Which of the following is a synonym for phishing?
A) drive-by sniffing
B) e-mail spoofing
C) IP spoofing
D) system hacking
Answer: B
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
4) ________ simply take computers with wireless connections through an area and search for unprotected wireless networks.
A) Drive-by sniffers
B) Spoofers
C) Hackers
D) Phishers
Answer: A
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
5) An employee carelessly releases proprietary data to the media. This is a case of ________ resulting from ________.
A) loss of infrastructure; human error
B) unauthorized data disclosure; human error
C) loss of infrastructure; malicious activity
D) unauthorized data disclosure; malicious activity
Answer: B
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
6) A ________ pretends to be a legitimate company and sends emails requesting confidential data.
A) hacker
B) phisher
C) drive-by sniffer
D) sniffer
Answer: B
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
7) Mark recently received an email from what appeared to be a legitimate company, asking him to update and verify his credit card details. Unknowingly, he obliged and later realized that the information had been misused. Mark is a victim of ________.
A) hacking
B) phishing
C) pretexting
D) sniffing
Answer: B
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
8) ________ is a technique for intercepting computer communications.
A) Spoofing
B) Hacking
C) Pretexting
D) Sniffing
Answer: D
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
9) ________ occur when bogus services flood a Web server.
A) Spoofing attacks
B) Hacking attacks
C) Phishing attacks
D) DOS attacks
Answer: D
Page Ref: 284
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
10) Some unauthorized programs are able to ________ legitimate systems and substitute their own processing.
A) usurp
B) spoof
C) hack
D) flood
Answer: A
Page Ref: 284
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
11) ________ occurs when a person gains unauthorized access to a computer system.
A) Usurpation
B) Spoofing
C) Hacking
D) Phishing
Answer: C
Page Ref: 284
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
12) A problem in a customer billing system that occurs due to errors made during software installation is a case of ________ resulting from ________.
A) faulty service; human error
B) distributed denial of service; malicious activity
C) faulty service; malicious activity
D) distributed denial of service; human error
Answer: A
Page Ref: 284
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
13) ________ is an example of a data safeguard against security threats.
A) Application design
B) Backup and recovery
C) Accountability
D) Procedure design
Answer: B
Page Ref: 286
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 2
14) Which of the following is a human safeguard against security threats?
A) backup
B) firewalls
C) physical security
D) procedure design
Answer: D
Page Ref: 286
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 2
15) Which of the following is a technical safeguard against security threats?
A) passwords
B) backup and recovery
C) compliance
D) identification and authorization
Answer: D
Page Ref: 286
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 2
16) A user name ________ a user.
A) authenticates
B) identifies
C) conceals
D) encrypts
Answer: B
Page Ref: 287
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
17) A password ________ a user.
A) authenticates
B) identifies
C) conceals
D) encrypts
Answer: A
Page Ref: 287
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
18) Users of smart cards are required to enter a ________ to be authenticated.
A) PIN
B) password
C) biometric detail
D) key
Answer: A
Page Ref: 287
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
19) A(n) ________ card has a microchip on it that is loaded with identifying data.
A) USB
B) biometric
C) smart
D) encryption
Answer: C
Page Ref: 287
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
20) ________ use(s) personal physical characteristics such as fingerprints, facial features, and retinal scans to verify users.
A) Passwords
B) Smart cards
C) Biometric authentication
D) Personal identification numbers
Answer: C
Page Ref: 287
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
21) ________ is the process of transforming clear text into coded, unintelligible text for secure storage or communication.
A) Usurpation
B) Authentication
C) Standardization
D) Encryption
Answer: D
Page Ref: 288
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
22) Which of the following steps of the Secure Socket Layer is NOT true?
A) The computer obtains the public key of the website to which it will connect.
B) The computer generates a key for symmetric encryption.
C) The computer encodes that key using the Web site's public key.
D) The Web site decodes the symmetric key using its public key.
Answer: D
Page Ref: 289
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
23) A(n) ________ sits outside the organizational network and is the first device that Internet traffic encounters.
A) internal firewall
B) perimeter firewall
C) packet-filtering firewall
D) malware firewall
Answer: B
Page Ref: 290
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
24) ________ firewalls can prohibit outsiders from starting a session with any user behind the firewall.
A) Perimeter
B) Internal
C) Packet-filtering
D) Malware
Answer: C
Page Ref: 290
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
25) The program code that causes unwanted activity is called the ________.
A) key escrow
B) metadata
C) widget
D) payload
Answer: D
Page Ref: 291
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
26) The broadest definition of ________ includes viruses, worms, Trojan horses, spyware, and adware.
A) malware
B) metadata
C) software
D) widgets
Answer: A
Page Ref: 291
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
27) Which of the following are malware masquerading as useful programs?
A) macro viruses
B) trojan horses
C) worms
D) payloads
Answer: B
Page Ref: 291
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
28) What is the similarity between adware and spyware?
A) Both masquerade as useful programs.
B) Both are specifically programmed to spread.
C) Both are installed without user's permission.
D) Both are used to steal data.
Answer: C
Page Ref: 291
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
29) ________ are the patterns that exist in malware code and should be downloaded and updated frequently.
A) Data safeguards
B) Patches
C) Antivirus scans
D) Malware definitions
Answer: D
Page Ref: 292
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
30) Organizations should protect sensitive data by storing it in ________ form.
A) digital
B) standardized
C) encrypted
D) authenticated
Answer: C
Page Ref: 293
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 4
31) Because encryption keys can get lost or destroyed, a copy of the key should be stored with a trusted third party. This safety procedure is sometimes called ________.
A) key escrow
B) white hat
C) key encryption
D) biometric authentication
Answer: A
Page Ref: 293
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 4
32) Which of the following is an example of a data safeguard?
A) application design
B) dissemination of information
C) physical security
D) malware protection
Answer: C
Page Ref: 293
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 4
33) Which of the following statements is true regarding position sensitivity?
A) It is a type of data safeguard.
B) It enables security personnel to prioritize their activities in accordance with the possible risk and loss.
C) It is documented only for high-sensitivity positions.
D) It applies to new employees only.
Answer: B
Page Ref: 295
Difficulty: Moderate
AACSB: Use of IT
Study Question: Study Question 5
34) Enforcement of security procedures and policies consists of three interdependent factors: ________.
A) centralized reporting, preparation, and practice
B) account administration, systems procedures, and security monitoring
C) separation of duties, least privilege, and position sensitivity
D) responsibility, accountability, and compliance
Answer: D
Page Ref: 295
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 5
35) In terms of password management, when an account is created, users should ________.
A) create two passwords and switch back and forth between those two
B) immediately change the password they are given to a password of their own
C) maintain the same password they are given for all future authentication purposes
D) ensure that they do not change their passwords frequently, thereby reducing the risk of password loss
Answer: B
Page Ref: 296-297
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 5
36) Typically, a help-desk information system has answers to questions that only a true user would know, such as the user's birthplace, mother's maiden name, or last four digits of an important account number. This information ________.
A) allows help-desk representatives to create new passwords for users
B) reduces the strength of the security system
C) protects the anonymity of a user
D) helps authenticate a user
Answer: D
Page Ref: 297
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 5
37) Activity log analysis is an important ________ function.
A) account administration
B) security monitoring
C) backup
D) data administration
Answer: B
Page Ref: 298
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 5
38) ________ are remote processing centers run by commercial disaster-recovery services.
A) Cold sites
B) Web browsers
C) Hot sites
D) Backup centres
Answer: C
Page Ref: 299
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 6
39) Every organization should have a(n) ________ as part of the security program, which should include how employees are to react to security problems, whom they should contact, the reports they should make, and steps they can take to reduce further loss.
A) key escrow
B) smart card
C) human safeguard plan
D) incident-response plan
Answer: D
Page Ref: 300
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 7
40) Which of the following is true regarding an incident-response plan?
A) The plan should provide decentralized reporting of all security incidents.
B) The plan should require minimal training on the part of employees.
C) The plan should identify critical personnel and their off-hours contact information.
D) The plan should be simple enough to ensure a fast response with limited practice.
Answer: C
Page Ref: 300
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 7
True or False
1) Pretexting occurs when someone deceives by pretending to be someone else.
Answer: TRUE
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
2) Sniffing is usually initiated via email.
Answer: FALSE
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
3) Incorrectly increasing a customer's discount is an example of incorrect data modification.
Answer: TRUE
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
4) System errors are not caused by human error.
Answer: FALSE
Page Ref: 284
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
5) Denial-of-service attacks are caused by human error, not malicious intent.
Answer: FALSE
Page Ref: 284
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
6) Senior management has two critical security functions: overall policy and risk management.
Answer: TRUE
Page Ref: 286
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 2
7) Malware protection is an example of a technical safeguard.
Answer: TRUE
Page Ref: 286
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 2
8) Creating backup copies of database contents is a technical safeguard.
Answer: FALSE
Page Ref: 286
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 2
9) Technical safeguards include passwords and encryption.
Answer: FALSE
Page Ref: 286
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 2
10) Technical safeguards involve just the software components of an information system.
Answer: FALSE
Page Ref: 287
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
11) Smart cards are convenient and easy to use since they don't require a PIN number for authentication.
Answer: FALSE
Page Ref: 287
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
12) A criticism against biometric authentication is that it provides weak authentication.
Answer: FALSE
Page Ref: 287
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
13) Most secure communication over the Internet uses a protocol called HTTP.
Answer: FALSE
Page Ref: 289
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
14) Viruses, worms, and Trojan horses are types of firewalls.
Answer: FALSE
Page Ref: 290
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
15) Internal firewalls sit outside the organizational network.
Answer: FALSE
Page Ref: 290
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
16) Packet-filtering firewalls examine each part of a message and determine whether to let that part pass.
Answer: TRUE
Page Ref: 290
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
17) Perimeter firewalls are the simplest type of firewalls.
Answer: FALSE
Page Ref: 290
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
18) The existence of spyware is generally unknown to the user.
Answer: TRUE
Page Ref: 291
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
19) Most spyware is benign in that it does not perform malicious acts or steal data.
Answer: FALSE
Page Ref: 291
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
20) Once a backup of database contents is made, it is safe to assume that the database is protected.
Answer: FALSE
Page Ref: 293
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 4
21) In the context of human safeguards against security threats, the security sensitivity for each position should be documented.
Answer: TRUE
Page Ref: 295
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 5
22) The existence of accounts that are no longer necessary do not pose a serious security threat.
Answer: FALSE
Page Ref: 296
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 5
23) Backup procedures for system users include backing up Web site resources, databases, administrative data, account and password data, and other data.
Answer: FALSE
Page Ref: 298
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 5
24) Following a disaster, hot sites provide office space, but customers themselves must provide and install the equipment needed to continue operations.
Answer: FALSE
Page Ref: 299
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 6
25) Every organization must have an incident-response plan that allows for decentralized reporting of all security incidents.
Answer: FALSE
Page Ref: 300
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 7
Essay
1) Distinguish between phishing, spoofing, and sniffing.
Answer: Phishing is a technique for obtaining unauthorized data that uses pretexting via email. The phisher pretends to be a legitimate company and sends an email requesting confidential data, such as account numbers, Social Security numbers, account passwords, and so forth.
Spoofing is another term for someone pretending to be someone else. IP spoofing occurs when an intruder uses another site's IP address as if it were that other site. Email spoofing is a synonym for phishing.
Sniffing is a technique for intercepting computer communications. With wired networks, sniffing requires a physical connection to the network. With wireless networks, no such connection is required. Drive-by sniffers simply take computers with wireless connections through an area and search for unprotected wireless networks.
Page Ref: 283
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
2) Explain denial of service (DOS) in information management.
Answer: Human error in following procedures or a lack of procedures can result in denial of service (DOS).
For example, humans can inadvertently shut down a Web server or corporate gateway router by starting a computationally intensive application. An OLAP application that uses the operational DBMS can consume so many DBMS resources that order-entry transactions cannot get through. Denial-of-service attacks can be launched maliciously. A malicious hacker can flood a Web server, for example, with millions of bogus service requests that so occupy the server that it cannot service legitimate requests. Computer worms can infiltrate a network with so much artificial traffic that legitimate traffic cannot get through. Finally, natural disasters may cause systems to fail, resulting in denial of service.
Page Ref: 284
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 1
3) Discuss in brief the pros and cons of biometric authentication.
Answer: Biometric authentication uses personal physical characteristics such as fingerprints, facial features, and retinal scans to authenticate users. Biometric authentication provides strong authentication, but the required equipment is expensive. Often, too, users resist biometric identification because they feel it is invasive. Biometric authentication is in the early stages of adoption. Because of its strength, it likely will see increased usage in the future. It is also likely that legislators will pass laws governing the use, storage, and protection requirements for biometric data.
Page Ref: 287-288
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question
3
4) Differentiate between symmetric and asymmetric encryption.
Answer: To encode a message, a computer program uses the encryption method with the key to convert a noncoded message into a coded message. The resulting coded message looks like gibberish. Decoding (decrypting) a message is similar; a key is applied to the coded message to recover the original text. With symmetric encryption, the same key (again, a number) is used to encode and to decode. With asymmetric encryption, two keys are used; one key encodes the message, and the other key decodes the message. Symmetric encryption is simpler and much faster than asymmetric encryption. A special version of asymmetric encryption, public key/private key, is used on the Internet.
Page Ref: 288
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
5) What are firewalls? What types of firewalls are commonly used?
Answer: A firewall is a computing device that prevents unauthorized network access. A firewall can be a special-purpose computer or it can be a program on a general-purpose computer or on a router. Organizations normally use multiple firewalls. A perimeter firewall sits outside the organizational network; it is the first device that Internet traffic encounters. In addition to perimeter firewalls, some organizations employ internal firewalls inside the organizational network. A packet-filtering firewall examines each part of a message and determines whether to let that part pass. To make this decision, it examines the source address, the destination address(es), and other data. Packet-filtering firewalls can prohibit outsiders from starting a session with any user behind the firewall.
Page Ref: 290
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
6) How is a Trojan horse different from a worm?
Answer: There are many different types of viruses. Trojan horses are viruses that masquerade as useful programs or files. A typical Trojan horse appears to be a computer game, an MP3 music file, or some other useful, innocuous program. A worm is a virus that propagates using the Internet or other computer network. Worms spread faster than other virus types because they are specifically programmed to spread. Unlike nonworm viruses, which must wait for the user to share a file with a second computer, worms actively use the network to spread. Sometimes, worms so choke a network that it becomes unusable.
Page Ref: 291
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
7) What is the difference between adware and spyware?
Answer: Spyware programs are installed on the user's computer without the user's knowledge or permission. Spyware resides in the background and, unknown to the user, observes the user's actions and keystrokes, monitors computer activity, and reports the user's activities to sponsoring organizations. Some malicious spyware captures keystrokes to obtain user names, passwords, account numbers, and other sensitive information. Other spyware supports marketing analyses, observing what users do, Web sites visited, products examined and purchased, and so forth. Adware is similar to spyware in that it is installed without the user's permission and it also resides in the background and observes user behavior. Most adware is benign in that it does not perform malicious acts or steal data. It does, however, watch user activity and produce pop-up ads. Adware can also change the user's default window or modify search results and switch the user's search engine.
Page Ref: 291
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
8) List some important malware safeguards.
Answer: It is possible to avoid most malware using the following malware safeguards: (1) install antivirus and antispyware programs on your computer, (2) set up the anti-malware programs to scan your computer frequently, (3) update malware definitions, (4) open email attachments only from known sources, (5) promptly install software updates from legitimate sources, and (6) browse only in reputable Internet neighborhoods.
Page Ref: 292
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 3
9) How can data safeguards protect against security threats?
Answer: Data safeguards protect databases and other organizational data. Both data and database administration are involved in establishing the data safeguards. First, data administration should define data policies. Then, data administration and database administration(s) work together to specify user data rights and responsibilities. Third, those rights should be enforced by user accounts that are authenticated at least by passwords. The organization should protect sensitive data by storing it in encrypted form. It is important to periodically create backup copies of database contents. Physical security is another data safeguard.
Page Ref: 293
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 4
10) Explain how defining positions in an organization can safeguard against security threats.
Answer: Effective human safeguards begin with definitions of job tasks and responsibilities. In general, job descriptions should provide a separation of duties and authorities. For example, no single individual should be allowed both to approve expenses and write checks. Instead, one person should approve expenses, another pay them, and a third should account for the payment. Similarly, in inventory, no single person should be allowed to authorize an inventory withdrawal and also to remove the items from inventory. Given appropriate job descriptions, user accounts should be defined to give users the least possible privilege needed to perform their jobs. For example, users whose job description does not include modifying data should be given accounts with read-only privilege. Similarly, user accounts should prohibit users from accessing data their job description does not require. Because of the problem of semantic security, even access to seemingly innocuous data may need to be limited. Finally, the security sensitivity should be documented for each position. Some jobs involve highly sensitive data (e.g., employee compensation, salesperson quotas, and proprietary marketing or technical data). Other positions involve no sensitive data. Documenting position sensitivity enables security personnel to prioritize their activities in accordance with the possible risk and loss.
Page Ref: 294-295
Difficulty: Moderate
AACSB: Use of IT
Study Question: Study Question 5
11) What are the three interdependent factors involved in the enforcement of security policies and procedures?
Answer: Enforcement consists of three interdependent factors: responsibility, accountability, and compliance. First, the company should clearly define the security responsibilities of each position. The design of the security program should be such that employees can be held accountable for security violations. Procedures should exist so that when critical data are lost, it is possible to determine how the loss occurred and who is accountable. Finally, the security program should encourage security compliance. Employee activities should regularly be monitored for compliance, and management should specify disciplinary action to be taken in light of noncompliance.
Page Ref: 295
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 5
12) Explain account management.
Answer: Account management concerns the creation of new user accounts, the modification of existing account permissions, and the removal of unneeded accounts. Information system administrators perform all of these tasks, but account users have the responsibility to notify the administrators of the need for these actions. The IT department should create standard procedures for this purpose. The existence of accounts that are no longer necessary is a serious security threat. Information system administrators cannot know when an account should be removed; it is up to users and managers to give such notification.
Page Ref: 296
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 5
13) What is the difference between a hot site and a cold site?
Answer: Both hot sites and cold sites are backup processing centers. Hot sites are remote processing centers run by commercial disaster-recovery services. For a monthly fee, they provide all the equipment needed to continue operations following a disaster. Cold sites, in contrast, provide office space, but customers themselves provide and install the equipment needed to continue operations.
Page Ref: 299
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 6
14) Describe an incident-response plan.
Answer: Every organization should have an incident-response plan as part of the security program. The plan should include how employees are to respond to security problems, whom they should contact, the reports they should make, and steps they can take to reduce further loss.
The plan should provide centralized reporting of all security incidents that will enable an organization to determine if it is under systematic attack or whether an incident is isolated. Centralized reporting also allows the organization to learn about security threats, take consistent actions in response, and apply specialized expertise to all security problems. Viruses and worms can spread very quickly across an organization's networks, and a fast response will help to mitigate the consequences. Because of the need for speed, preparation pays. The incident-response plan should identify critical personnel and their off-hours contact information. These personnel should be trained on where to go and what to do when they get there. Finally, organizations should periodically practice incident response.
Page Ref: 300
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 7
15) What should an organization do when a security breach occurs in its information systems?
Answer: When an incident does occur, speed is of the essence. Viruses and worms can spread very quickly across an organization's networks, and a fast response will help to mitigate the consequences. Because of the need for speed, preparation pays. The incident-response plan should identify critical personnel and their off-hours contact information. These personnel should be trained on where to go and what to do when they get there. Without adequate preparation, there is substantial risk that the actions of well-meaning people will make the problem worse. Organizations should periodically practice incident response. Without such practice, personnel will be poorly informed on the response plan, and the plan itself may have flaws that only become apparent during a drill.
Page Ref: 300
Difficulty: Easy
AACSB: Use of IT
Study Question: Study Question 7