Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
11
44) Zero defects cannot be achieved in larger software programs because fully testing programs
that contain thousands of choices and millions of paths would require thousands of years.
AACSB: Information Technology
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
45) Zeus is an example of a Trojan horse.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
46) Malicious software programs referred to as malware include a variety of threats such as
computer viruses, worms, and Trojan horses.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
47) Three major concerns of system builders and users are disaster, security, and human error. Of
the three, which do you think is most difficult to deal with? Why?
AACSB: Analytical Thinking; Written and Oral Communication
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
12
48) What are the security challenges faced by the use of wireless networks?
AACSB: Information Technology; Written and Oral Communication
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
13
49) Why is software quality important to security? What specific steps can an organization take
to ensure software quality?
AACSB: Analytical Thinking; Written and Oral Communication
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
50) Explain how an SQL injection attack works and what types of systems are vulnerable to this
type of attack.
AACSB: Information Technology; Written and Oral Communication
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
14
51) The HIPAA Act of 1996:
A) requires financial institutions to ensure the security of customer data.
B) specifies best practices in information systems security and control.
C) imposes responsibility on companies and management to safeguard the accuracy of financial
information.
D) outlines medical security and privacy rules.
E) requires that companies retain electronic records for at least 10 years.
AACSB: Application of Knowledge
LO: 8.2: What is the business value of security and control?
52) The Gramm-Leach-Bliley Act:
A) requires financial institutions to ensure the security of customer data.
B) specifies best practices in information systems security and control.
C) imposes responsibility on companies and management to safeguard the accuracy of financial
information.
D) outlines medical security and privacy rules.
E) requires that companies retain electronic records for at least 10 years.
AACSB: Application of Knowledge
LO: 8.2: What is the business value of security and control?
53) The Sarbanes-Oxley Act:
A) requires financial institutions to ensure the security of customer data.
B) specifies best practices in information systems security and control.
C) imposes responsibility on companies and management to safeguard the accuracy of financial
information.
D) outlines medical security and privacy rules.
E) requires that companies retain electronic records for at least 10 years.
AACSB: Application of Knowledge
LO: 8.2: What is the business value of security and control?
54) The most common type of electronic evidence is:
A) voice-mail.
B) spreadsheets.
C) instant messages.
D) email.
E) e-commerce transactions over the Internet.
AACSB: Application of Knowledge
LO: 8.2: What is the business value of security and control?
15
55) All of the following are types of information systems general controls except:
A) application controls.
B) implementation controls.
C) physical hardware controls.
D) administrative controls.
E) data security controls.
AACSB: Information Technology
LO: 8.2: What is the business value of security and control?
56) Computer forensics tasks include all of the following except:
A) presenting collected evidence in a court of law.
B) securely storing recovered electronic data.
C) collecting physical evidence on the computer.
D) finding significant information in a large volume of electronic data.
E) recovering data from computers while preserving evidential integrity.
AACSB: Application of Knowledge
LO: 8.2: What is the business value of security and control?
57) Which of the following sued BJ's Wholesale Club for allowing hackers to access its systems
and steal credit and debit card data for fraudulent purchases?
A) The U.S. Justice Department
B) The U.S. Food and Drug Administration
C) The U.S. Federal Trade Commission
D) The Federal Bureau of Investigation
E) The U.S. Securities and Exchange Commission
AACSB: Application of Knowledge
LO: 8.2: What is the business value of security and control?
16
58) Hackers and their companion viruses are an increasing problem, especially on the Internet.
What are the most important measurers for a firm to take to protect itself from this? Is full
protection feasible? Why or why not?
AACSB: Analytical Thinking; Written and Oral Communication
LO: 8.2: What is the business value of security and control?
59) Define computer forensics and describe the types of problems it is designed to address.
AACSB: Application of Knowledge; Written and Oral Communication
LO: 8.2: What is the business value of security and control?
60) Your company, an online clothing store, has calculated that a loss of Internet connectivity for
5 hours results in a potential loss of $1,000 to $2,000 and that there is a 50% chance of this
occurring. What is the annual expected loss from this exposure?
A) $750
B) $1,000
C) $1,500
D) $2,000
E) $3,000
AACSB: Application of Knowledge
LO: 8.3: What are the components of an organizational framework for security and control?
17
61) Application controls:
A) can be classified as input controls, processing controls, and output controls.
B) govern the design, security, and use of computer programs.
C) apply to all computerized applications and consist of a combination of hardware, software,
and manual procedures that create an overall control environment.
D) include software controls, computer operations controls, and implementation controls.
E) govern the security of data files in general throughout the organization.
AACSB: Information Technology
LO: 8.3: What are the components of an organizational framework for security and control?
62) ________ controls ensure that valuable business data files on either disk or tape are not
subject to unauthorized access, change, or destruction while they are in use or in storage.
A) Software
B) Administrative
C) Data security
D) Implementation
E) Authentication
AACSB: Information Technology
LO: 8.3: What are the components of an organizational framework for security and control?
63) Analysis of an information system that rates the likelihood of a security incident occurring
and its cost is included in a(n):
A) security policy.
B) AUP.
C) risk assessment.
D) business impact analysis.
E) What-if analysis.
AACSB: Application of Knowledge
LO: 8.3: What are the components of an organizational framework for security and control?
64) Statements ranking information risks and identifying security goals are included in a(n):
A) security policy.
B) AUP.
C) risk assessment.
D) business impact analysis.
E) What-if analysis.
AACSB: Application of Knowledge
LO: 8.3: What are the components of an organizational framework for security and control?
18
65) Which of the following defines acceptable uses of a firm's information resources and
computing equipment?
A) An information systems audit policy
B) A CA policy
C) A MSSP
D) A UTM system
E) An AUP
AACSB: Application of Knowledge
LO: 8.3: What are the components of an organizational framework for security and control?
66) Which of the following focuses primarily on the technical issues of keeping systems up and
running?
A) Business continuity planning
B) Security policies
C) Disaster recovery planning
D) An AUP
E) An information systems audit
AACSB: Application of Knowledge
LO: 8.3: What are the components of an organizational framework for security and control?
67) An acceptable use policy defines the acceptable level of access to information assets for
different users.
AACSB: Application of Knowledge
LO: 8.3: What are the components of an organizational framework for security and control?
19
68) How can a firm's security policies contribute and relate to the six main business objectives?
Give examples.
AACSB: Analytical Thinking; Written and Oral Communication
LO: 8.3: What are the components of an organizational framework for security and control?
20
69) You have just been hired as a security consultant by MegaMalls Inc., a national chain of
retail malls, to make sure that the security of their information systems is up to par. Outline the
steps you will take to achieve this.
AACSB: Analytical Thinking; Written and Oral Communication
LO: 8.3: What are the components of an organizational framework for security and control?
70) How is the security of a firm's information system and data affected by its people,
organization, and technology? Is the contribution of one of these dimensions any more important
than the other? Why?
AACSB: Analytical Thinking; Written and Oral Communication
LO: 8.3: What are the components of an organizational framework for security and control?
