Premium Essay

Intro to Computer Security Chap 2 Review Questions

In: Computers and Technology

Submitted By missrainny
Words 1293
Pages 6
Linda Fernandez
Chap 2 Review Questions 1. Why is information security a management problem? What can management do that technology cannot?
Both management and IT management are responsible for the protection necessary to secure information. They are the ones who make the decisions regarding the appropriate security system and what level of security will work for the system.

2. Why is data the most important asset an organization possesses? What other assets in the organization require protection?
Data is important because it keeps a record of all changes and activity. Without data, the company or organization may fail because they have no records, and therefore be of no good use.

3. Which management groups are responsible for implementing information security to protect the organizations’ ability to function?
General Management and IT Management are responsible because it has to be set up for that specific system. If one part fails, then they are the ones to fix it and make it usable

4. Has the implementation of networking technology created more or less risk for businesses that use information technology? Why?
Networking has caused more risk for businesses using information technology because it made it much easier for attackers to breach the security systems. They are even more of a target with the internet connection. 5. What is information extortion? Describe how such an attack can cause losses, using an example not found in the text.
Information extortion is where information is taken and held for some type of ransom or demands.
An example would be, breaching a company’s credit card files from customers, and then saying they will be released everywhere if the company didn’t pay them something or subject to their demands.

6. Why do employees constitute one of the greatest threats to information security?
Employees…...

Similar Documents

Premium Essay

Pricinples of Information Security, Chapter 5 Review Questions

...1. How can a security framework assist in the design and implementation of a security infrastructure? Designing a working plan for securing the organization s information assets begins by creating or validating an existing security blueprint for the implementation of needed security controls to protect the information assets.  A framework is the outline from which a more detailed blueprint evolves.  The blueprint is the basis for the design, selection, and implementation of all subsequent security policies, education and training programs, and technologies.  The blueprint provides scaleable, upgradeable, and comprehensive security for the coming years.  The blueprint is used to plan the tasks to be accomplished and the order in which to proceed. What is information security governance? Governance is “the set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise’s resources are used responsibly.”1 Governance describes the entire process of governing, or controlling, the processes used by a group to accomplish some objective. Just like governments, corporations and other organizations have guiding documents—corporate charters or partnership agreements—as well as appointed or elected leaders or officers, and planning and operating procedures. These elements in combination......

Words: 4589 - Pages: 19

Premium Essay

Intro to Computer Security

...CSS150 – Introduction to Information Security Phase 5 Individual Project Kenneth A. Crawford Dr. Shawn P. Murray June 23, 2013 Table of Contents Phase 1 Discussion Board 2 3 Phase 1 Individual Project 5 Phase 2 Discussion Board 8 Richmond Investments: Remote Access Policy 8 Phase 2 Individual Project 11 Richmond Investments: LAN-to-WAN, Internet, and Web Surfing Acceptable Use Policy 11 Phase 3 Discussion Board: Blaster Worm 17 Phase 3 Individual Project 19 Phase 4 Individual Project: 4 Methods to Keeping Systems Secure 22 1. Keep all software up to date: 22 2. Surf the web cautiously: 22 3. Be cautious with e-mail: 22 4. Anti-Virus Software: 23 Phase 5 Individual Project: 4 Methods to Keeping Systems Secure 24 1. Firewalls: 24 2. System Backups: 24 3. Passwords: 25 4. File Sharing: 26 References 27 Phase 1 Discussion Board 2 The “Internal Use Only” (IUO) data classification includes all data and information not intended for public access. The best way to describe this classification is all company and client information that we do not want to see in a newspaper or on the internet. Some examples of this are: Client lists, Client account numbers, Human Resource files, Payroll files, E-Mails, and many others. This data classification affects all seven IT domains. The first and most important IT domain that the IUO affects is the “User Domain”. The users have to be taught general security and proper use of the......

Words: 5085 - Pages: 21

Premium Essay

Chapter 2 Review Questions Solutions

...Chapter 2 Review Questions Solutions 1. Describe and compare the six sources of software. The six sources of software identified in the textbook are: (1) information technology services firms, (2) packaged software providers, (3) vendors of enterprise solution software, (4) application service providers and managed service providers, (5) open-source software, and (6) in-house development. IT services firms help companies develop custom information systems for internal use; they develop, host, and run applications for customers; or they provide other services. An IT services firm may be chosen if the system can’t be developed internally or requires customer support. Packaged software providers are companies that produce software exclusively, like Microsoft or Intuit, and are preferable if the task needing the system is generic. Vendors of enterprise solution software create a system that is composed of a series of integrated modules. Each module supports a business function, such as accounting, or human resources. ERP systems may be appropriate if a complete system is required that can cross functional boundaries. A more intense option for larger, more customizable solutions are Managed service providers who can provide more services than application service providers. ASPs and MSPs may be appropriate when instant access to an application is desired, and in the case of ASPs, when the task is generic. Open-source software is a type of software that is developed......

Words: 897 - Pages: 4

Free Essay

Information Security Chap 1-2

...Principles of Information security textbook problems Chapter 1 & 2 … Study this se t o nline at: http://www.cram.co m/cards/136 20 58 What is the dif f erence between a threat and a threat agent? A threat is a constant danger to an asset, whereas a threat agent is the facilitator of an attack. What is the dif f erence between vulnerability and exposure? Vu l n e r a b i l i ty i s a fa u l t wi ti n th e s ys te m , s u ch a s s o ftwa r e p a cka g e fl a ws , u n l o cke d d o o r s o r a n u n p r o te cte d s ys te m p o r t. It l e a ve s th i n g s o p e n to a n a tta ck o r d a m a g e . Exp o s u r e i s a s i n g l e i n s ta n ce wh e n a s ys te m i s o p e n to d a m a g e . Vu l n e r a b i l i ti e s ca n i n tu r n b e th e ca u s e o f e xp o s u r e . Who has the def inition of hack evolved over the last 30 years? In te e a r l y d a ys o f co m p u ti n g , e n th u s i a s ts we r e ca l l e d h a cks o r h a cke r s , b e ca u s e th e y co u l d te a r a p a r t th e i n s tr u cti o n co d e o r e ve n th e co m p tu e r i ts e l f to m a n i p u l a te i ts o u tp u t. Th e te r m h a cke r a t o n e ti m e e xp r e s s e d r e s p e ct fo r a n o th e r s a b i l i ty. In r e ce n t ye a r s th e a s s o ci a ti o n wi th a n i l l i g a l a cti vi ty h a s n e g a ti vl y ti n g e d th e te r m . What type of security was dominant in the early years of computing? Early security was entirely physical security. C o n fi d e n......

Words: 3982 - Pages: 16

Free Essay

Intro to Programing Chapter 2 Review

...Short answer 1. Determine the steps that the program must perform. 2. A language that has no syntax errors and is not meant to be executed 3. Input, Process, output 4. Programs that are easy to use for the customer or user. 5. Variable’s name and variable’s data type 6. Nothing, the variable hasn’t been assigned a value Algorithm Workbench 1. Declare real height Display “How tall are you?” Input height Display “this is how tall you are: “, height 2. Declare string color Display “what is your favorite color?” Input color Display “this is your favorite color: “, color 3. 2 + a = b b x 4 = a a/3.14 = b b – 8 = a Programming exercises 1. Display “enter your name.” Input name Display “enter your address with city, state, and zip Input address Display “Enter your telephone number” Input telephone number Display “what is your college major?” Input college major Display “here is your information: “, name, address, telephone number, college major 4. Display “Enter price 1” Input price 1 Display “enter price 2” Input price 2 Display “enter price 3 Input price 3 Display “enter price 4” Input price 4 Display “enter price 5” Set subtotal = price1+price2+price3+price4+price5 Display subtotal Set tax = 6% Set total = subtotal + tax Display “your total is “, total 6. display “Enter purchase price” Input price Set state tax = 0.04 Set county tax = 0.02 Set total = price(State tax + county tax) + Price Display “Your......

Words: 275 - Pages: 2

Free Essay

Intro to Computer Security

...Name 4 Security Tips that the end user can implement. For this week`s task we have been asked to name four security tips that users can do themselves to help protect their computers. The four security tips that I have selected to discuss are; update Windows software, use strong passwords, run a virus scan on a schedule, and update virus definitions daily. Describe the goal of each security tip. Windows update should be run to make sure that your computer has the latest patches. These updates are designed to close security holes that have been found in the operating system and hopefully will help guard your computer from getting infected or hacked. Strong passwords can be very helpful in slowing down or even defeating different attack methods of compromising the user`s computer. Users should think of passwords like a lock on their door, a strong password will make a strong lock. A hacker`s software toolkit will most likely include an offline dictionary, this automated program can quickly identify simple and commonly used passwords. Running a scheduled virus scan should be done by anyone who has a computer. If the user is running AVG for their anti-virus it is pretty easy to set up a scheduled scan. The user can just right click the AVG icon in the system tray, select the tools menu > advanced settings > schedules. From here the user can set the day and time for the schedule to run. It can be set to run a scan once a week or each day. This software scans for any......

Words: 803 - Pages: 4

Premium Essay

Chapter 2 Review Question

...chapter 2 1. Why is information security a management problem? What can management do that Technology cannot? Management is an information problem due to the fact that policymaking and training of securing systems from users fall into the responsibility of their role. These responsibilities can include limiting access as well as disabling certain functions that are not related to the organizations’ function. Management can set policies that may arise due to improper uses or manipulations of systems and asses the threats that are unknown due to the introduction of new hardware and software. 2. Why is data the most important asset an organization possesses? What other assets in the organization require protection? The integrity of the data is most important because it relates to the overall company operations. Securing the data from people not authorized to see or change it ensures that the correct information about the company is being generated without interference or manipulations of data. Other important assets that requires protection are the computer terminals, networking infrastructure, which need to be protected from misuse from internal and external threats whether intentional or not. 3. Which management groups are responsible for implementing information security to protect the organization’s ability to function? The responsibility relies on several management groups such as CIO, who is responsible for the overall protection of system, but the......

Words: 1762 - Pages: 8

Premium Essay

Chapter 2 Review Questions

...information security that protects the organization's ability to function. Management is responsible for implementing information security to protect the ability of the organization to function. They must set policy and operate the organization in a manner that complies with the laws that govern the use of technology. Technology alone cannot solve information security issues. Management must make policy choices and enforce those policies to protect the value of the organizations data. 2. Data is important to an organization because without it an organization will lose its record of transactions and/or its ability to furnish valuable deliverables to its customers. Other assets that require protection include the ability of the organization to function, the safe operation of applications, and technology assets. 3. Both general management and IT management are responsible for implementing information security. 4. The implementation of networking technology has created more risk for businesses that use information technology because business networks are now connected to the internet and other networks external to the organization. This has made it easier for people to gain unauthorized access to the organization’s networks. 5. Information extortion occurs when an attacker steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. For example, if a hacker gains unauthorized access to a celebrity’s......

Words: 1114 - Pages: 5

Premium Essay

Principles of Information Security Chapter 2 Review Questions

...1. Management is responsible for implementing information security to protect the ability of the organization to function. They must set policy and operate the organization in a manner that complies with the laws that govern the use of technology. Technology alone cannot solve information security issues. Management must make policy choices and enforce those policies to protect the value of the organization’s data. 2. Data is important to an organization because without it an organization will lose its record of transactions and/or its ability to furnish valuable deliverables to its customers. Other assets that require protection include the ability of the organization to function, the safe operation of applications, and technology assets. 3. Both general management and IT management are responsible for implementing information security. 4. The implementation of networking technology has created more risk for businesses that use information technology because business networks are now connected to the internet and other networks external to the organization. This has made it easier for people to gain unauthorized access to the organization’s networks. 5. Information extortion is when an attacker steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. One example could be someone that gains access to PII such as SSN’s through a company’s database and ransoms the information for money. If not paid, he......

Words: 1112 - Pages: 5

Free Essay

Chapter 2 Review Questions Principles of Information Security

...1. Information security is more of a management issue because it is up to management to decide what end users should have access to and what they should not. Also technology can only do what it is told to do but if management sets up training to teach end users about the threats of say opening an unknown email then the company is safer. 2. Without data an organization loses its record of transactions and/or its ability to deliver value to its customers. Page 42 Principles of Information Security 3. Both general and It management 4. It has created more and the reason why is it is much easier to spread viruses, worms, etc. now that the can get from system to system without having to attach to a physical disc. 5. Information extortion occurs when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. Page 60 Principles of Information Security. An example would be if someone would steal the latest album from a well-known artist before its release date and demanded to be paid or it would be released onto the internet. 6. Employees are one of the biggest threats for several reasons the can accidently allow someone access to the system by installing a back door or it is possible for them to become angry with the company and just hand out IP to rival companies. It is also possible that they could accidently delete valuable data from the system that has no backup. 7. Make sure......

Words: 908 - Pages: 4

Premium Essay

Computer Security Chapter 2 Review

...Nguyen Dinh Computer Security Assignment 2 1. Both general management and IT management are responsible for implementing information security to protect the ability of the organization to function. Decision-makers in organizations have to set policy and operate their organization in a manner that complies with the complex, shifting political legislation on the use of technology. Management is responsible for informed policy choices and the enforcement of decisions that affect applications and the IT infrastructures that support them. Management can also implement an effective information security program to protect the integrity and value of the organization’s data. 2. Data is mostly important in the organization because without it, an organization will lose its record of transactions and/or its ability to deliver value to its customers. Since any business, educational institution, or government agency that is functional within the modern social context of connected and responsive service depends on information systems to support these services, protecting data in motion and data at rest are both critical. Other assets that require protection include the ability of the organization to function, the safe operation of applications, and technology assets. 3. Both general management and IT management are responsible for implementing information security that protects the organization’s ability to function. Although many......

Words: 1872 - Pages: 8

Premium Essay

Chapter 2 Review Question

...9/14/2015 Applications in Info Security Chapter 4 Review Questions: 1)It might depend on the risk, although all risks should be addressed. The conditions that an organization might have is if they don't have a risk management plan or if they don't have the money to identify and mitigate the risk 2) 3)Alignment is important because it can align organizational goals with ICT works. The benefits to an organization as a whole is that it can align security processes with business goals. 4)Evaluation is important because it can determine if your team is achieving the objectives and this is usually done through gathering data and then analyzing it. Organizations benefit by collecting quantitative data because it can be used to evaluate the options and implications of a decision. 5)A contract is an agreement between a customer and a supplier, while the RFP is technically a bid solicitation. 6)Typically a subcontractor role is to perform specific tasks given by a general contractor. They can be controlled by the supplier to follow the right procedures that are given in the contract. 7)The problem resolution is important because it involves two parties in agreeing that all problems are identified, analyzed, managed, and controlled to resolution. 8)There are two types of reviews: Formal Reviews Informal Reviews In a formal review, the ICT is presented to a team or to an individual before the actual review. In the other hand the informal review allows the......

Words: 334 - Pages: 2

Free Essay

Chapter 2 Review Questions

...Chapter 2 Review Questions 1. Why is information security a management problem? What can management do that technology cannot? Managing information security has more to do with policy and enforcement rather than technology. Management must address information security in terms of business impact and the cost. 2. Why is data the most important asset an organization possesses? What other assets in the organization require protect? Data in an organization represents its transaction records and its ability to deliver to its customer. Without this the organization would not be able to carry out day to day work. 3. Which management groups are responsible for implementing information security to protect the organization’s ability to function? Both management and IT management are responsible for implementing security to protect an organizations ability to function. 4. Has the implementation of networking technology created more or less risk for businesses that use information technology? Why? Networking is usually considered to have created more risk for businesses that use information security. The reason is that potential attackers have reader access to the information system. 5. What is information extortion? Describe how such an attack can cause losses, using an example not found in the text Information extortion is the act of an attacker or trusted insider who steals information from a computer system and demand compensation for its return or for an......

Words: 1152 - Pages: 5

Free Essay

Intro to Business Chapter 2 Review Questions

...a stock market drop & a rise in unemployment. In effort to avert recession, the Federal Reserve dropped interest rates dramatically. Once interest rates dropped the economy was overflowing with money which lead lenders to be able to provide mortgage loans to, previously, undesirable borrowers. Now the demand for houses rose & so did the prices for the houses making these subprime loans attractive to lenders because of the high return. So the Banks & investment houses continued to invest in mortgage securities but the financial institutions did not maintain enough reserves in case the housing market crashed. Naturally, the housing market came crashing down leaving borrowers “upside down” in their loans & they were forced to foreclose. When this happened, the banks became unwilling to lend money so funds were not available for businesses. Without funds for everyday operations, businesses struggled causing layoffs & raising the unemployment rate. 2. What steps did the Federal government and the Federal Reserve take to mitigate the crisis? The Federal Reserve bailed out Bear Stearns & AIG. The U.S. Department of the Treasury seized Fannie Mae & Freddie Mac. Congress passes the economic bailout plan TARP which spent $700 billion investing in banks & bailing out the auto industry. Congress also passed an $825 billion economic stimulus package called the American Recovery & Reinvestment Act which included cutting taxes, building......

Words: 489 - Pages: 2

Premium Essay

Chapter 2 Review Questions

...Chapter 1 PLD Review questions Multiple choice 1. A program is a set of instructions that a computer follows to perform a task. 2. The physical devices that a computer is made of are referred to as Hardware. 3. The part of a computer that runs programs is called the CPU. 4. Today, CPUS are small chips known as Microprocessors. 5. The computer stores a program while the program is running, as well as the data that the program is working with, in Main memory. 6. This is a volatile type of memory that is used only for temporary storage while a program is running. A. RAM 7. A type of memory that can hold data for long periods of time—even when there is no power to the computer—is called Secondary storage. 8. A component that collects data from people or other devices and sends it to the computer is called an input device. 9. A video display is a(n)output device. 10. A byte is enough memory to store a letter of the alphabet or a small number. 11. A byte is made up of eight bits. 12. In a binary numbering system, all numeric values are written as sequences of 0s and 1s. 13. A bit that is turned off represents the following value: 0 14. A set of 128 numeric codes that represent the English letters, various punctuation marks, and other characters is ASCII. 15. An extensive encoding scheme that can represent the characters of many of the languages in the world is Unicode. 16. Negative......

Words: 727 - Pages: 3