Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
1
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall
The Importance of Information Systems Management, 8e (McNurlin/Sprague/Bui)
Chapter 11 Managing Information Security
1) The overarching goal of information security is to ensure data integrity, availability,
and confidentiality.
2) Managing security refers to a comprehensive set of activities that develop, implement,
direct, and monitor the organization’s security strategy and activities.
3) All business executives need to understand threats and countermeasures and continually
fund security work to protect their businesses.
4) The most expensive cybercrime are computer viruses.
5) Vein-viewing technology can be used to replace signatures, keys, and passwords.
6) Computer attacks by insiders can be among the most expensive and most damaging security
treats.
7) A common profile of an insider criminal is a poor performance review.
8) A certificate is a mechanism to verify an identity on a computer system over a computer
network.
9) Mobile computing and telecommuting actually decrease the possibility for cybercrime
because the greater number of network openings provides more opportunities for law
enforcement.
10) The Internet does not have intrinsic security protocols.
2
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall
11) Hacker tools are becoming increasingly sophisticated and easier to use allowing hackers to
outsmart the countermeasures used by companies to protect themselves.
12) A malicious program can be housed inside an innocent program that appears to be helpful.
13) Nonrepudiation is moving toward application-level security, requiring authentication for
each application a user wants to access.
14) Authentication is a means of providing proof of data transmission or receipt so that the
occurrence of a transaction cannot later be refused.
15) Identification services can prove that someone was the actual sender of a message.
16) Virtual Private Networks are hardware or software that controls access between networks.
17) Biometrics are the most widely used security technology.
18) For digital signatures to work, a trusted third party must issue the keys to individuals and
firms.
19) Tunneling creates a temporary connection between to remote computer which blocks access
to anyone trying to intercept messages sent over that link.
20) The trend in computer security is toward policy-based management.
21) The core challenge of security management is:
A) finding the right balance between shielding the organization’s main assets from
potential harm.
B) finding the right balance between shielding the organization’s main processes from
potential harm.
C) enabling staff to do their jobs.
D) All of the above
3
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall
Diff: 2 Page Ref: 397
22) The top security concern among all organizations is:
A) computer viruses.
B) identity theft.
C) data theft.
D) password breachs.
23) An estimation by the Computer Security Institute suggests that losses caused by insider
attacks account for between________ percent of the entire organization’s losses related to
computer crimes.
A) 10 and 20
B) 30 and 50
C) 40 and 60
D) 20 and 80
24) Which of the following areas are considered important to maintaining a safe computing
environment?
A) Egress security
B) Facility security
C) Network security
D) All of the above
25) Memory management, access to I/O devices, file management, and hardware configuration
are all examples of:
A) Application security
B) Operating systems security
C) Network security
D) Middleware and Web services security
E) None of the above
26) A common credit card fraud is called:
A) application fraud.
B) network fraud.
C) impersonation.
D) None of the above
4
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall
27) Which of the following hacker tricks involves placing oneself between two communicating
parties and either substituting one’s own information in place of one of the parties’
information or denying one party access to a session?
A) Man-in-the-middle
B) Denial of service
C) Trojan horse
D) Network sniffing
28) Which of the following hacker tricks involves launching software that monitors all traffic
looking for passwords or other valuable information?
A) Man-in-the-middle
B) Denial of service
C) Trojan horse
D) Network sniffing
29) Which of the following hacker tricks involves flooding a Web site, with so much useless
traffic that the site becomes overwhelmed and freezes?
A) Man-in-the-middle
B) Denial of service
C) Trojan horse
D) Network sniffing
30) The security technique that prevents parties from denying actions they have taken is known
as:
A) Authentication
B) Nonrepudiation
C) Identification
D) Indemnification
E) None of the above
31) The security technique that protects information from being seen is known as:
A) Authentication
B) Nonrepudiation
C) Identification
D) Indemnification
E) None of the above
5
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall
32) To protect against hacking, companies install ______ which controls access between
networks.
A) Virtual Private Networks
B) Encryption
C) firewalls
D) Intrusion detection
E) None of the above
33) The security technique used to protect systems against sniffing is called:
A) Virtual Private Networks
B) Encryption
C) firewalls
D) Intrusion detection
E) None of the above
34) The most common public key encryption method is:
A) RSA
B) DES
C) AES
D) SSL
35) To protect against spoofing, firms need a way to:
A) authenticate the identity of an individual.
B) repudiate the identity of an individual.
C) dispute the identity of an individual.
D) All of the above
36) Defining security policies and then centrally managing and enforcing those policies via
security management products and services is known as:
A) intrusion-based management.
B) policy-based management.
C) incident-based management.
D) None of the above
37) ________ remain the source of the largest financial losses.
A) Virus attacks
B) Denial of service attacks
C) Trojan horse attacks
D) Application vulnerabilities
6
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall
38) Business continuity is a(n):
A) business issue.
B) IT issue.
C) disaster recovery issue
D) All of the above
39) Security is often thought by many to be a(n):
A) business problem.
B) staff problem.
C) IT problem.
D) technological problem.
40) Which of the following strategies involves creating a culture for enforcing IT security?
A) Creating and communicating an enterprise software security framework.
B) Knowledge management training.
C) Assuring internal security policy and external regulator compliance.
D) Governance in the design and implementation process of system development or
maintenance.
41) List four common profiles of an “insider” criminal.
7
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall
42) List five areas exposed to threats and vulnerabilities where security must be applied.
43) List five steps that can be taken to protect from credit card fraud.
8
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall
44) List five fundamental pillars that make up all security countermeasures and techniques.
45) Describe a VPN and how a VPN can be used for secure organizational communications.
46) List three requirements noted by Tucker associated with business continuity.
47) Describe the management/business issues around both business continuity and IT disaster
recovery.
9
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall
48) Describe three steps required for an organization to develop and information-centric
security strategy.
49) Name five types of security threats.
50) What is a digital certificate?
