K201 lecture notes chapter 10: Q1-Q3, Q4-Q7
Unlock all answers in this set
Unlock answersquestion
Email spoofing is a synonym for phishing?
answer
True
question
In the context of security threats, pretexting, sniffing, spoofing, & phishing are all examples of
answer
Unauthorized data disclosure
question
A _____ is a type of virus that self-propagates using the Internet or other computer network.
answer
Worm
question
In information security, which of the following is true about managing risk?
answer
Organizations should implement safeguards that balance the trade-off between risks and costs
question
___________ involve the people and procedure components of information systems
answer
Human Safeguards
question
How should organizations respond to security threats?
answer
- Est. a company-wide security policy - Technical, data, & human safeguards - Manage risk - Proactive
question
What are technical safeguards?
answer
- ID & authentication - Encryption - Firewalls - Malware Protection - Design secure applications
question
ID & authentication
answer
Username & passwords/smart card/biometrics
question
Encryption
answer
Transforms clear text into coded, unintelligible text, requiring a key to read
question
Firewalls
answer
Prevent unauthorized access to the network
question
Malware Protection
answer
Virus, Trojan horse, worm, spyware, adware
question
Design Secure applications
answer
Prevent common attacks like SQL injection attacks
question
What are data safeguards?
answer
- Define data policies - Data rights & responsibilities - Enforce rights with usernames & passwords - Data encryption - Backup & recovery procedures - Physical security
question
Who are responsible for safeguards?
answer
- Data administration - An organization-wide function develops data policies & enforces data standards - Database administration - Develop procedures & practices to ensure efficient & orderly multiuser processing, control changes, and protect databases
question
Positive Definitions
answer
- Document whether or not the job involve sensitive data (how sensitive) - Provide separation of duties and authorities; determine least priviledge
question
Hiring and Screening
answer
Background checks, references, & social media posts
question
Dissemination of Policies & Enforcement
answer
Employee security training
question
Termination Policies
answer
Revoke access to systems promptly
question
Account Administration
answer
- Manage accounts - Password management - Help desk policies
question
System Procedures
answer
- Normal operation - Backup - Recovery
question
Securing Monitoring
answer
- Activity log analysis - Security testing - Investigating security incidents
question
How do organizations respond to security incidents?
answer
- Have a plan in place - Centralized reporting - Specific responses - Practice
