978-0134238241 Chapter 8 Part 2

Unlock access to all the studying documents.

View Full Document

44) Zero defects cannot be achieved in larger software programs because fully testing programs

that contain thousands of choices and millions of paths would require thousands of years.

AACSB: Information Technology

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

45) Zeus is an example of a Trojan horse.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

46) Malicious software programs referred to as malware include a variety of threats such as

computer viruses, worms, and Trojan horses.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

47) Three major concerns of system builders and users are disaster, security, and human error. Of

the three, which do you think is most difficult to deal with? Why?

AACSB: Analytical Thinking; Written and Oral Communication

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

48) What are the security challenges faced by the use of wireless networks?

AACSB: Information Technology; Written and Oral Communication

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

49) Why is software quality important to security? What specific steps can an organization take

to ensure software quality?

AACSB: Analytical Thinking; Written and Oral Communication

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

50) Explain how an SQL injection attack works and what types of systems are vulnerable to this

type of attack.

AACSB: Information Technology; Written and Oral Communication

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

51) The HIPAA Act of 1996:

A) requires financial institutions to ensure the security of customer data.

B) specifies best practices in information systems security and control.

C) imposes responsibility on companies and management to safeguard the accuracy of financial

information.

D) outlines medical security and privacy rules.

E) requires that companies retain electronic records for at least 10 years.

AACSB: Application of Knowledge

LO: 8.2: What is the business value of security and control?

52) The Gramm-Leach-Bliley Act:

A) requires financial institutions to ensure the security of customer data.

B) specifies best practices in information systems security and control.

C) imposes responsibility on companies and management to safeguard the accuracy of financial

information.

D) outlines medical security and privacy rules.

E) requires that companies retain electronic records for at least 10 years.

AACSB: Application of Knowledge

LO: 8.2: What is the business value of security and control?

53) The Sarbanes-Oxley Act:

A) requires financial institutions to ensure the security of customer data.

B) specifies best practices in information systems security and control.

C) imposes responsibility on companies and management to safeguard the accuracy of financial

information.

D) outlines medical security and privacy rules.

E) requires that companies retain electronic records for at least 10 years.

AACSB: Application of Knowledge

LO: 8.2: What is the business value of security and control?

54) The most common type of electronic evidence is:

A) voice-mail.

B) spreadsheets.

C) instant messages.

D) email.

E) e-commerce transactions over the Internet.

AACSB: Application of Knowledge

LO: 8.2: What is the business value of security and control?

55) All of the following are types of information systems general controls except:

A) application controls.

B) implementation controls.

C) physical hardware controls.

D) administrative controls.

E) data security controls.

AACSB: Information Technology

LO: 8.2: What is the business value of security and control?

56) Computer forensics tasks include all of the following except:

A) presenting collected evidence in a court of law.

B) securely storing recovered electronic data.

C) collecting physical evidence on the computer.

D) finding significant information in a large volume of electronic data.

E) recovering data from computers while preserving evidential integrity.

AACSB: Application of Knowledge

LO: 8.2: What is the business value of security and control?

57) Which of the following sued BJ’s Wholesale Club for allowing hackers to access its systems

and steal credit and debit card data for fraudulent purchases?

A) The U.S. Justice Department

B) The U.S. Food and Drug Administration

C) The U.S. Federal Trade Commission

D) The Federal Bureau of Investigation

E) The U.S. Securities and Exchange Commission

AACSB: Application of Knowledge

LO: 8.2: What is the business value of security and control?

58) Hackers and their companion viruses are an increasing problem, especially on the Internet.

What are the most important measurers for a firm to take to protect itself from this? Is full

protection feasible? Why or why not?

AACSB: Analytical Thinking; Written and Oral Communication

LO: 8.2: What is the business value of security and control?

59) Define computer forensics and describe the types of problems it is designed to address.

AACSB: Application of Knowledge; Written and Oral Communication

LO: 8.2: What is the business value of security and control?

60) Your company, an online clothing store, has calculated that a loss of Internet connectivity for

5 hours results in a potential loss of $1,000 to $2,000 and that there is a 50% chance of this

occurring. What is the annual expected loss from this exposure?

A) $750

B) $1,000

C) $1,500

D) $2,000

E) $3,000

AACSB: Application of Knowledge

LO: 8.3: What are the components of an organizational framework for security and control?

61) Application controls:

A) can be classified as input controls, processing controls, and output controls.

B) govern the design, security, and use of computer programs.

C) apply to all computerized applications and consist of a combination of hardware, software,

and manual procedures that create an overall control environment.

D) include software controls, computer operations controls, and implementation controls.

E) govern the security of data files in general throughout the organization.

AACSB: Information Technology

LO: 8.3: What are the components of an organizational framework for security and control?

62) ________ controls ensure that valuable business data files on either disk or tape are not

subject to unauthorized access, change, or destruction while they are in use or in storage.

A) Software

B) Administrative

C) Data security

D) Implementation

E) Authentication

AACSB: Information Technology

LO: 8.3: What are the components of an organizational framework for security and control?

63) Analysis of an information system that rates the likelihood of a security incident occurring

and its cost is included in a(n):

A) security policy.

B) AUP.

C) risk assessment.

D) business impact analysis.

E) What-if analysis.

AACSB: Application of Knowledge

LO: 8.3: What are the components of an organizational framework for security and control?

64) Statements ranking information risks and identifying security goals are included in a(n):

A) security policy.

B) AUP.

C) risk assessment.

D) business impact analysis.

E) What-if analysis.

AACSB: Application of Knowledge

LO: 8.3: What are the components of an organizational framework for security and control?

65) Which of the following defines acceptable uses of a firm’s information resources and

computing equipment?

A) An information systems audit policy

B) A CA policy

C) A MSSP

D) A UTM system

E) An AUP

AACSB: Application of Knowledge

LO: 8.3: What are the components of an organizational framework for security and control?

66) Which of the following focuses primarily on the technical issues of keeping systems up and

running?

A) Business continuity planning

B) Security policies

C) Disaster recovery planning

D) An AUP

E) An information systems audit

AACSB: Application of Knowledge

LO: 8.3: What are the components of an organizational framework for security and control?

67) An acceptable use policy defines the acceptable level of access to information assets for

different users.

AACSB: Application of Knowledge

LO: 8.3: What are the components of an organizational framework for security and control?

68) How can a firm’s security policies contribute and relate to the six main business objectives?

Give examples.

AACSB: Analytical Thinking; Written and Oral Communication

LO: 8.3: What are the components of an organizational framework for security and control?

69) You have just been hired as a security consultant by MegaMalls Inc., a national chain of

retail malls, to make sure that the security of their information systems is up to par. Outline the

steps you will take to achieve this.

AACSB: Analytical Thinking; Written and Oral Communication

LO: 8.3: What are the components of an organizational framework for security and control?

70) How is the security of a firm’s information system and data affected by its people,

organization, and technology? Is the contribution of one of these dimensions any more important

than the other? Why?

AACSB: Analytical Thinking; Written and Oral Communication

LO: 8.3: What are the components of an organizational framework for security and control?