Securing Information Systems

According to the opening case study, what was a primary security failure that led to the 2012 LinkedIn password breach?

What is the term for the policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems?

What distinguishes a computer worm from a computer virus?

What is the term for a software program that appears to be benign but then does something other than expected, often introducing malicious code?

According to Symantec's 2012 report, how many new and unique threats from malicious software were detected in 2011?

What is the primary purpose of a Denial-of-Service (DoS) attack?

Which U.S. law, passed after the Enron and WorldCom scandals, imposes responsibility on companies and their management to safeguard the accuracy and integrity of financial information?

What is the scientific collection, examination, authentication, preservation, and analysis of data from computer storage media for use as evidence in a court of law called?

In the context of information systems controls, what is the primary function of general controls?

Based on the sample risk assessment for an online order processing system in Table 8.5, which risk has the highest expected annual loss?

What defines acceptable uses of a firm's information resources and computing equipment, including computers, wireless devices, and the Internet?

What is the primary function of a firewall in a corporate network?

Which technology for securing wireless networks replaces the older WEP standard with stronger security using longer, dynamically changing keys?

What is the process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and intended receiver?

What is a key difference between symmetric key encryption and public key encryption?

What is the primary purpose of a digital certificate in a Public Key Infrastructure (PKI)?

What is the primary goal of fault-tolerant computer systems?

According to the Ponemon Institute's study mentioned on page 333, what was the approximate cost per compromised customer record for data breaches in the U.S. in 2011?

What is the practice of tricking employees into revealing their passwords by pretending to be legitimate members of the company in need of information called?

The Stuxnet worm, a primary example of cyberwarfare discussed in the chapter, was specifically designed to target what type of system?

What does a business continuity plan focus on?

What type of biometric authentication involves technology that is now being equipped in many PC laptops and mobile devices?

What is the primary vulnerability of systems that are constantly connected to the Internet via cable modem or DSL?

In 2011, the second annual Cost of Cyber Crime Study by the Ponemon Institute found the median annualized cost of cyber crime for organizations was what amount?

What kind of systems contain redundant hardware, software, and power supply components to provide continuous, uninterrupted service?

The MWEB Business case study illustrates a security breach that occurred because hackers gained access to what system?

What is the primary cause of software vulnerability according to the textbook?

What term is used for small pieces of software created by vendors to repair flaws in their programs without disturbing the proper operation of the software?

According to the case study on Information Security Threats in Europe, what is a botnet?

What type of firewall technology examines the application content of packets and uses a proxy server to handle communication between internal and external users?

The Grum botnet, once the world's third-largest, was reportedly responsible for what percentage of worldwide spam traffic before it was shut down in 2012?

Which of the following is an example of a general control?

What is a 'hot site' in the context of disaster recovery planning?

The median annualized cost of cyber crime for the organizations in the 2011 Ponemon Institute study was:

What type of malware did Symantec identify as having 351 browser vulnerabilities in 2011?

Which of these is NOT a principal source of poor system performance?

What is the primary function of an intrusion detection system?

What percentage of responding organizations in the 2011 Computer Security Institute survey experienced a computer security incident within the past year?

What is the most common type of attack experienced by organizations, according to the 2011 Computer Security Institute survey?

Which law outlines medical security and privacy rules and procedures for simplifying the administration of health care billing?

The chapter discusses a new networking approach where control functions are managed by a central program, separate from the network devices. What is this approach called?

What is the purpose of a MIS audit?

How many days did the e-mail disruption for BlackBerry users last in October 2011?

What is the primary method used by the Zeus Trojan to steal financial and personal data?

What is the term for a wireless network that pretends to be a trustworthy Wi-Fi connection to capture users' passwords or credit card numbers?

What is the primary security concern with cloud computing discussed in the chapter?

In the context of the MWEB Business case study, how many attacks does MWEB claim to repel daily?

What kind of information systems control is a software control?

What is the primary function of deep packet inspection (DPI)?

In the Sony data breach of April 2011, how many users had their personal information, including credit and bank account numbers, compromised?