Management Chapter 8 1 Why are information systems vulnerable to destruction, error, and abuse?

Unlock access to all the studying documents.

View Full Document

Management Information Systems, 14e (Laudon)

Chapter 8 Securing Information Systems

1) ________ refers to policies, procedures, and technical measures used to prevent unauthorized

access, alteration, theft, or physical damage to information systems.

A) “Security”

B) “Controls”

C) “Benchmarking”

D) “Algorithms”

E) “Identity management”

2) ________ refers to all of the methods, policies, and organizational procedures that ensure the

safety of the organization’s assets, the accuracy and reliability of its accounting records, and

operational adherence to management standards.

A) “Legacy systems”

B) “SSID standards”

C) “Vulnerabilities”

D) “Security policy”

E) “Controls”

3) Large amounts of data stored in electronic form are ________ than the same data in manual

form.

A) less vulnerable to damage

B) more secure

C) vulnerable to many more kinds of threats

D) more critical to most businesses

E) prone to more errors

4) Electronic data are more susceptible to destruction, fraud, error, and misuse because

information systems concentrate data in computer files that

A) are easily decrypted.

B) can be opened with easily available software.

C) may be accessible by anyone who has access to the same network.

D) are unprotected by up-to-date security systems.

E) are rarely validated.

5) The communications lines in a client/server environment are specifically vulnerable to

A) vandalism.

B) malware.

C) software failure.

D) tapping.

E) errors.

6) Client software in a client/server environment is specifically vulnerable to

A) DoS attacks.

B) vandalism.

C) fraud.

D) radiation.

E) unauthorized access.

7) In a client/server environment, corporate servers are specifically vulnerable to

A) unauthorized access.

B) sniffing.

C) malware.

D) radiation.

E) tapping.

8) The Internet poses specific security problems because

A) it was designed to be easily accessible.

B) Internet data is not run over secure lines.

C) Internet standards are universal.

D) it changes so rapidly.

E) there is no formal controlling body.

9) Which of the following statements about the Internet security is not true?

A) The use of P2P networks can expose a corporate computer to outsiders.

B) A corporate network without access to the Internet is more secure than one that provides

access.

C) VoIP is more secure than the switched voice network.

D) Instant messaging can provide hackers access to an otherwise secure network.

E) Smartphones have the same security weaknesses as other Internet devices.

10) A Trojan horse

A) is software that appears to be benign but does something other than expected.

B) is a virus that replicates quickly.

C) is malware named for a breed of fast-moving Near-Eastern horses.

D) installs spyware on users’ computers.

E) is a type of sniffer used to infiltrate corporate networks.

11) A salesperson clicks repeatedly on the online ads of a competitor’s in order to drive the

competitor’s advertising costs up. This is an example of

A) phishing.

B) pharming.

C) spoofing.

D) evil twins.

E) click fraud.

12) Which of the following is a virus that uses flaws in Windows software to take over a

computer remotely?

A) Sasser

B) Zeus Trojan

C) Melissa

D) ILOVEYOU

E) Conficker

13) ________ is malware that hijacks a user’s computer and demands payment in return for

giving back access.

A) A Trojan horse

B) Ransomware

C) Spyware

D) A virus

E) An evil twin

14) ________ is malware that logs and transmits everything a user types.

A) Spyware

B) A Trojan horse

C) A keylogger

D) A worm

E) A sniffer

15) Hackers create a botnet by

A) infecting Web search bots with malware.

B) using Web search bots to infect other computers.

C) causing other people’s computers to become “zombie” PCs following a master computer.

D) infecting corporate servers with “zombie” Trojan horses that allow undetected access through

a back door.

E) pharming multiple computers.

16) Using numerous computers to inundate and overwhelm the network from numerous launch

points is called a(n) ________ attack.

A) DDoS

B) DoS

C) SQL injection

D) phishing

E) botnet

17) Which of the following is not an example of a computer used as a target of crime?

A) knowingly accessing a protected computer to commit fraud

B) sccessing a computer system without authority

C) illegally accessing stored electronic communication

D) threatening to cause damage to a protected computer

E) breaching the confidentiality of protected computerized data

18) Which of the following is not an example of a computer used as an instrument of crime?

A) theft of trade secrets

B) intentionally attempting to intercept electronic communication

C) unauthorized copying of software

D) breaching the confidentiality of protected computerized data

E) schemes to defraud

19) Social networking sites have become a new conduit for malware because

A) they are used by so many people.

B) they allow users to post media and image files.

C) they are especially vulnerable to social engineering.

D) they allow users to post software code.

E) they have poor user authentication.

20) The intentional defacement or destruction of a Web site is called

A) spoofing.

B) cybervandalism.

C) cyberwarfare.

D) phishing.

E) pharming.

21) Evil twins are

A) Trojan horses that appears to the user to be a legitimate commercial software application.

B) e-mail messages that mimic the e-mail messages of a legitimate business.

C) fraudulent Web sites that mimic a legitimate business’s Web site.

D) computers that fraudulently access a Web site or network using the IP address and

identification of an authorized computer.

E) bogus wireless network access points that look legitimate to users.

22) Pharming involves

A) redirecting users to a fraudulent Web site even when the user has typed in the correct address

in the Web browser.

B) pretending to be a legitimate business’s representative in order to garner information about a

security system.

C) setting up fake Web sites to ask users for confidential information.

D) using e-mails for threats or harassment.

E) setting up fake Wi-Fi access points that look as if they are legitimate public networks.

23) You have been hired as a security consultant for a law firm. Which of the following

constitutes the greatest source for network security breaches to the firm?

A) wireless network

B) employees

C) authentication procedures

D) lack of data encryption

E) software quality

24) Tricking employees to reveal their passwords by pretending to be a legitimate member of a

company is called

A) sniffing.

B) social engineering.

C) phishing.

D) pharming.

E) snooping

25) How do software vendors correct flaws in their software after it has been distributed?

A) They issue bug fixes.

B) They issue patches.

C) They re-release the software.

D) They release updated versions of the software.

E) They don’t; users purchase software at their own risk.

26) A practice in which eavesdroppers drive by buildings or park outside and try to intercept

wireless network traffic is referred to as

A) war driving.

B) sniffing.

C) cybervandalism.

D) drive-by tapping.

E) snooping.

27) ________ is a crime in which an imposter obtains key pieces of personal information to

impersonate someone else.

A) Identity theft

B) Spoofing

C) Social engineering

D) Evil twins

E) Pharming

28) ________ identify the access points in a Wi-Fi network.

A) NICs

B) Mac addresses

C) URLs

D) UTMs

E) SSIDs

29) A foreign country attempting to access government networks in order to disable a national

power grid would be an example of

A) phishing.

B) denial-of-service attacks.

C) cyberwarfare.

D) cyberterrorism.

E) evil twins.

30) Smartphones have the same security flaws as other Internet-connected devices.

31) In 2013, Panda Security reported approximately 30 million new kinds of malware strains.

32) Viruses can be spread through e-mail.

33) The term cracker is used to identify a hacker whose specialty is breaking open security

systems.

34) Wireless networks are more difficult for hackers to gain access too because radio frequency

bands are difficult to scan.

35) A computer virus replicates more quickly than a computer worm.

36) One form of spoofing involves forging the return address on an e-mail so that the e-mail

message appears to come from someone other than the sender.

37) Sniffers enable hackers to steal proprietary information from anywhere on a network,

including e-mail messages, company files, and confidential reports.

38) DoS attacks are used to destroy information and access restricted areas of a company’s

information system.

39) Zero defects cannot be achieved in larger software programs because fully testing programs

that contain thousands of choices and millions of paths would require thousands of years.

40) As discussed in the chapter opening case, magnetic stripes are an old technology that is

vulnerable to counterfeit and theft.

41) Malicious software programs referred to as spyware include a variety of threats such as

computer viruses, worms, and Trojan horses.

42) What are the security challenges faced by wireless networks?

43) Explain how an SQL injection attack works and what types of systems are vulnerable to this

type of attack.

44) How is the security of a firm’s information system and data affected by its people,

organization, and technology? Is the contribution of one of these dimensions any more important

than the other? Why?

45) The HIPAA Act of 1996

A) requires financial institutions to ensure the security of customer data.

B) specifies best practices in information systems security and control.

C) imposes responsibility on companies and management to safeguard the accuracy of financial

information.

D) outlines medical security and privacy rules.

E) identifies computer abuse as a crime and defines abusive activities.

46) The Gramm-Leach-Bliley Act

A) requires financial institutions to ensure the security of customer data.

B) specifies best practices in information systems security and control.

C) imposes responsibility on companies and management to safeguard the accuracy of financial

information.

D) outlines medical security and privacy rules.

E) identifies computer abuse as a crime and defines abusive activities.

47) The Sarbanes-Oxley Act

A) requires financial institutions to ensure the security of customer data.

B) specifies best practices in information systems security and control.

C) imposes responsibility on companies and management to safeguard the accuracy of financial

information.

D) outlines medical security and privacy rules.

E) identifies computer abuse as a crime and defines abusive activities.

48) The most common type of electronic evidence is

A) voice-mail.

B) spreadsheets.

C) instant messages.

D) e-mail.

E) VOIP data.

49) Which of the following is a type of ambient data?

A) computer log containing recent system errors

B) a file deleted from a hard disk

C) a file that contains an application’s user settings

D) a set of raw data from an environmental sensor

E) data that has been recorded over