978-0132437158 Chapter 11

1

The Importance of Information Systems Management, 8e (McNurlin/Sprague/Bui)

Chapter 11 Managing Information Security

1) The overarching goal of information security is to ensure data integrity, availability,

and confidentiality.

2) Managing security refers to a comprehensive set of activities that develop, implement,

direct, and monitor the organization’s security strategy and activities.

3) All business executives need to understand threats and countermeasures and continually

fund security work to protect their businesses.

4) The most expensive cybercrime are computer viruses.

5) Vein-viewing technology can be used to replace signatures, keys, and passwords.

6) Computer attacks by insiders can be among the most expensive and most damaging security

treats.

7) A common profile of an insider criminal is a poor performance review.

8) A certificate is a mechanism to verify an identity on a computer system over a computer

network.

9) Mobile computing and telecommuting actually decrease the possibility for cybercrime

because the greater number of network openings provides more opportunities for law

enforcement.

10) The Internet does not have intrinsic security protocols.

2

11) Hacker tools are becoming increasingly sophisticated and easier to use allowing hackers to

outsmart the countermeasures used by companies to protect themselves.

12) A malicious program can be housed inside an innocent program that appears to be helpful.

13) Nonrepudiation is moving toward application-level security, requiring authentication for

each application a user wants to access.

14) Authentication is a means of providing proof of data transmission or receipt so that the

occurrence of a transaction cannot later be refused.

15) Identification services can prove that someone was the actual sender of a message.

16) Virtual Private Networks are hardware or software that controls access between networks.

17) Biometrics are the most widely used security technology.

18) For digital signatures to work, a trusted third party must issue the keys to individuals and

firms.

19) Tunneling creates a temporary connection between to remote computer which blocks access

to anyone trying to intercept messages sent over that link.

20) The trend in computer security is toward policy-based management.

21) The core challenge of security management is:

A) finding the right balance between shielding the organization’s main assets from

potential harm.

B) finding the right balance between shielding the organization’s main processes from

potential harm.

C) enabling staff to do their jobs.

D) All of the above

22) The top security concern among all organizations is:

A) computer viruses.

B) identity theft.

C) data theft.

D) password breachs.

23) An estimation by the Computer Security Institute suggests that losses caused by insider

attacks account for between________ percent of the entire organization’s losses related to

computer crimes.

A) 10 and 20

B) 30 and 50

C) 40 and 60

D) 20 and 80

24) Which of the following areas are considered important to maintaining a safe computing

environment?

A) Egress security

B) Facility security

C) Network security

D) All of the above

25) Memory management, access to I/O devices, file management, and hardware configuration

are all examples of:

A) Application security

B) Operating systems security

C) Network security

D) Middleware and Web services security

E) None of the above

26) A common credit card fraud is called:

A) application fraud.

B) network fraud.

C) impersonation.

D) None of the above

4

27) Which of the following hacker tricks involves placing oneself between two communicating

parties and either substituting one’s own information in place of one of the parties’

information or denying one party access to a session?

A) Man-in-the-middle

B) Denial of service

C) Trojan horse

D) Network sniffing

28) Which of the following hacker tricks involves launching software that monitors all traffic

looking for passwords or other valuable information?

A) Man-in-the-middle

B) Denial of service

C) Trojan horse

D) Network sniffing

29) Which of the following hacker tricks involves flooding a Web site, with so much useless

traffic that the site becomes overwhelmed and freezes?

A) Man-in-the-middle

B) Denial of service

C) Trojan horse

D) Network sniffing

30) The security technique that prevents parties from denying actions they have taken is known

as:

A) Authentication

B) Nonrepudiation

C) Identification

D) Indemnification

E) None of the above

31) The security technique that protects information from being seen is known as:

A) Authentication

B) Nonrepudiation

C) Identification

D) Indemnification

E) None of the above

5

32) To protect against hacking, companies install ______ which controls access between

networks.

A) Virtual Private Networks

B) Encryption

C) firewalls

D) Intrusion detection

E) None of the above

33) The security technique used to protect systems against sniffing is called:

A) Virtual Private Networks

B) Encryption

C) firewalls

D) Intrusion detection

E) None of the above

34) The most common public key encryption method is:

A) RSA

B) DES

C) AES

D) SSL

35) To protect against spoofing, firms need a way to:

A) authenticate the identity of an individual.

B) repudiate the identity of an individual.

C) dispute the identity of an individual.

D) All of the above

36) Defining security policies and then centrally managing and enforcing those policies via

security management products and services is known as:

A) intrusion-based management.

B) policy-based management.

C) incident-based management.

D) None of the above

37) ________ remain the source of the largest financial losses.

A) Virus attacks

B) Denial of service attacks

C) Trojan horse attacks

D) Application vulnerabilities

6

38) Business continuity is a(n):

A) business issue.

B) IT issue.

C) disaster recovery issue

D) All of the above

39) Security is often thought by many to be a(n):

A) business problem.

B) staff problem.

C) IT problem.

D) technological problem.

40) Which of the following strategies involves creating a culture for enforcing IT security?

A) Creating and communicating an enterprise software security framework.

B) Knowledge management training.

C) Assuring internal security policy and external regulator compliance.

D) Governance in the design and implementation process of system development or

maintenance.

41) List four common profiles of an “insider” criminal.

7

42) List five areas exposed to threats and vulnerabilities where security must be applied.

43) List five steps that can be taken to protect from credit card fraud.

8

44) List five fundamental pillars that make up all security countermeasures and techniques.

45) Describe a VPN and how a VPN can be used for secure organizational communications.

46) List three requirements noted by Tucker associated with business continuity.

47) Describe the management/business issues around both business continuity and IT disaster

recovery.

9

48) Describe three steps required for an organization to develop and information-centric

security strategy.

49) Name five types of security threats.

50) What is a digital certificate?

Information Systems Management 8th Edition