Management Chapter 08 Lost And Inaccurate Data Would Lead to Compromised

Laudon/Laudon/Brabston, Management Information Systems, Seventh Canadian Edition

C) application proxy filtering

D) packet filtering

67) Which of the following is the greatest threat that employees pose to an organization’s

information systems?

A) forgetting passwords

B) lack of knowledge

C) entering faulty data

D) introducing software errors

68) Currently, the protocols used for secure information transfer over the Internet are

A) TCP/IP and SSL.

B) S-HTTP and CA.

C) HTTP and TCP/IP.

D) SSL, TLS, and S-HTTP.

69) Most antivirus software is effective against

A) only those viruses active on the Internet and through e-mail.

B) any virus.

C) any virus except those in wireless communications applications.

D) only those viruses already known when the software is written.

Laudon/Laudon/Brabston, Management Information Systems, Seventh Canadian Edition

70) In which method of encryption is a single encryption key sent to the receiver so both sender

and receiver share the same key?

A) SSL

B) symmetric key encryption

C) public key encryption

D) private key encryption

71) A digital certificate system

A) uses third-party CAs to validate a user’s identity.

B) uses digital signatures to validate a user’s identity.

C) uses tokens to validate a user’s identity.

D) is used primarily by individuals for personal correspondence.

72) Downtime refers to periods of time in which a

A) computer system is malfunctioning.

B) computer system is not operational.

C) company or organization is not operational.

D) computer is not online.

Laudon/Laudon/Brabston, Management Information Systems, Seventh Canadian Edition

73) For 100% availability, online transaction processing requires

A) high-capacity storage.

B) a multi-tier server network.

C) fault-tolerant computer systems.

D) dedicated phone lines.

74) In controlling network traffic to minimize slow-downs, a technology called ________ is

used to examine data files and sort low-priority data from high-priority data.

A) high availability computing

B) deep-packet inspection

C) application proxy filtering

D) stateful inspection

75) The development and use of methods to make computer systems resume their activities

more quickly after mishaps is called

A) high availability computing.

B) recovery oriented computing.

C) fault tolerant computing.

D) disaster recovery planning.

76) Smaller firms may outsource some or many security functions to

A) ISPs.

B) MISs.

Laudon/Laudon/Brabston, Management Information Systems, Seventh Canadian Edition

C) MSSPs.

D) CAs.

77) A ___________________________ is an individual who intends to gain unauthorized

access to a computer system.

A) hacker

B) cracker

C) fracker

D) jacker

78) A ___________________________ is typically used to denote a hacker with criminal intent.

A) hacker

B) cracker

C) fracker

D) jacker

79) A ___________________________ is typically used to denote a hacker with criminal

intent.

A) Software controls

B) Hardware controls

C) Computer operations controls

D) Data security controls

Laudon/Laudon/Brabston, Management Information Systems, Seventh Canadian Edition

80) ___________________________ ensure that computer hardware is physically secure and

check for equipment malfunction.

A) Software controls

B) Hardware controls

C) Computer operations controls

D) Data security controls

81) ___________________________ oversee the work of the computer department to ensure

that programmed procedures are consistently and correctly applied to the storage and

processing of data.

A) Software controls

B) Hardware controls

C) Computer operations controls

D) Data security controls

82) ___________________________ ensure that valuable business data files on either disk or

tape are not subject to unauthorized access, change, or destruction while they are in use or

in storage.

A) Software controls

B) Hardware controls

C) Computer operations controls

D) Data security controls

Laudon/Laudon/Brabston, Management Information Systems, Seventh Canadian Edition

83) ___________________________ devises plans for the restoration of computing and

communications services after they have been disrupted

A) Disaster recovery planning

B) Business continuity planning

C) MIS audit

D) Risk assessment

84) ___________________________ focuses on how the company can restore business

operations after a disaster strikes.

A) Disaster recovery planning

B) Business continuity planning

C) MIS audit

D) Risk assessment

85) An ___________________________ examines the firm’s overall security environment as

well as controls governing individual information systems.

A) Disaster recovery planning

B) Business continuity planning

C) MIS audit

D) Risk assessment

Laudon/Laudon/Brabston, Management Information Systems, Seventh Canadian Edition

86) A practice in which eavesdroppers drive by buildings or park outside and try to intercept

wireless network traffic is referred to as ________.

87) Malicious software programs referred to as ________ include a variety of threats such as

computer viruses, worms, and Trojan horses.

88) ________ is a crime in which an imposter obtains key pieces of personal information to

impersonate someone else.

89) ________ is the scientific collection, examination, authentication, preservation, and analysis

of data held on or retrieved from computer storage media in such a way that the information

can be used as evidence in a court of law.

90) The intentional disruption of a Web site or information system is called ________.

Laudon/Laudon/Brabston, Management Information Systems, Seventh Canadian Edition

Objective: 8.1

91) A(n) ________ examines the firm’s overall security environment as well as the controls

governing individual information systems.

92) ________ refers to the ability to know that a person is who he or she claims to be.

93) Comprehensive security management products, with tools for firewalls, VPNs, intrusion

detection systems, and more, are called ________ systems.

94) PKI is the use of public key cryptography working with a(n) ________.

95) When errors are discovered in software programs, the sources of the errors are found and

eliminated through a process called ________.

Laudon/Laudon/Brabston, Management Information Systems, Seventh Canadian Edition

96) __________________________ refers to the policies, procedures, and technical measures

used to prevent unauthorized access, alteration, theft, or physical damage to information

systems

97) __________________________ are independent computer programs that copy themselves

from one computer to other computers over a network.

98) A _________________________is a software program that appears to be benign but then

does something other than expected.

99) A ____________________ is an individual who intends to gain unauthorized access to a

computer system.

100) In a _______________________________ attack hackers flood a network server or Web

server with many thousands of false communications or requests for services to crash the

network.

Laudon/Laudon/Brabston, Management Information Systems, Seventh Canadian Edition

101) ____________________ govern the design, security, and use of computer programs and the

security of data files in general throughout the organization’s information technology

infrastructure.

102) ____________________ monitor the use of system software and prevent unauthorized

access of software programs, system software, and computer programs.

103) ____________________ ensure that computer hardware is physically secure and check for

equipment malfunction.

104) ____________________ oversee the work of the computer department to ensure that

programmed procedures are consistently and correctly applied to the storage and processing

of data.

Laudon/Laudon/Brabston, Management Information Systems, Seventh Canadian Edition

105) Discuss the issue of security challenges on the Internet as that issue applies to a global

enterprise. List at least five Internet security challenges.

106) How can a firm’s security policies contribute and relate to the six main business objectives?

Give examples.

107) Three major concerns of system builders and users are disaster, security, and human error.

Of the three, which do you think is most difficult to deal with? Why?

108) What are the security challenges faced by wireless networks?

Laudon/Laudon/Brabston, Management Information Systems, Seventh Canadian Edition

109) Why is software quality important to security? What specific steps can an organization take

to ensure software quality?

110) Hackers and their companion viruses are an increasing problem, especially on the Internet.

What are the most important measurers for a firm to take to protect itself from this? Is full

protection feasible? Why or why not?

Laudon/Laudon/Brabston, Management Information Systems, Seventh Canadian Edition

111) You have just been hired as a security consultant by MegaMalls Inc., a national chain of

retail malls, to make sure that the security of their information systems is up to par. Outline

the steps you will take to achieve this.

112) What is a digital certificate? How does it work?

Laudon/Laudon/Brabston, Management Information Systems, Seventh Canadian Edition

113) Define a fault-tolerant computer system and a high-availability computer system. How do

they differ? When would each be used?

114) How is the security of a firm’s information system and data affected by its people,

organization, and technology? Is the contribution of one of these dimensions any more

important than the other? Why?

Laudon/Laudon/Brabston, Management Information Systems, Seventh Canadian Edition