Chapter 1: Introduction to Security


Download 126.54 Kb.
NameChapter 1: Introduction to Security
A typeDocumentation


Chapter 1: Introduction to Security

Student: ___________________________________________________________________________

1. The demand for IT professionals who know how to secure networks and computers is at an all-time low. 
True    False

 

2. Recent employment trends indicate that employees with security certifications are in high demand. 
True    False

 

3. The CompTIA Security+ Certification is aimed at an IT security professional with the recommended background of a minimum of two years experience in IT administration, with a focus on security. 
True    False

 

4. Weakness in software can be more quickly uncovered and exploited with new software tools and techniques. 
True    False

 

5. In a general sense, assurance may be defined as the necessary steps to protect a person or property from harm. 
True    False

 

6. An information security ____ position focuses on the administration and management of plans, policies, and people. 
A. manager
B. engineer
C. auditor
D. inspector

 

7. A study by Foote Partners showed that security certifications earn employees ____ percent more pay than their uncertified counterparts. 
A. 10 to 14
B. 12 to 15
C. 13 to 14
D. 14 to 16

 

8. The position of ____ is generally an entry-level position for a person who has the necessary technical skills. 
A. security technician
B. security administrator
C. CISO
D. security manager

 

9. ____ attacks are responsible for half of all malware delivered by Web advertising. 
A. “Canadian Pharmacy”
B. Fake antivirus
C. Melissa
D. Slammer

 

10. Approximately ____ percent of households in the United States use the Internet for managing their finances. 
A. 60
B. 70
C. 80
D. 90

 

11. In a ____ attack, attackers can attackers use hundreds or thousands of computers in an attack against a single computer or network. 
A. centered
B. local
C. remote
D. distributed

 

12. The term ____ is frequently used to describe the tasks of securing information that is in a digital format. 
A. network security
B. information security
C. physical security
D. logical security

 

13. ____ ensures that only authorized parties can view information. 
A. Security
B. Availability
C. Integrity
D. Confidentiality

 

14. ____ ensures that information is correct and that no unauthorized person or malicious software has altered that data. 
A. Availability
B. Confidentiality
C. Integrity
D. Identity

 

15. ____ ensures that the individual is who they claim to be (the authentic or genuine person) and not an imposter. 
A. Encryption
B. Authentication
C. Authorization
D. Accounting

 

16. In information security, a loss can be ____. 
A. theft of information
B. a delay in transmitting information that results in a financial penalty
C. the loss of good will or a reputation
D. all of the above

 

17. In information security, an example of a threat agent can be ____. 
A. a force of nature such as a tornado that could destroy computer equipment
B. a virus that attacks a computer network
C. an unsecured computer network
D. both a and b

 

18. Business ____ theft involves stealing proprietary business information such as research for a new drug or a list of customers that competitors are eager to acquire. 
A. identity
B. data
C. plan
D. record

 

19. ____ involves stealing another person’s personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain. 
A. Cyberterrorism
B. Identity theft
C. Phishing
D. Scam

 

20. Under the ____, health care enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format. 
A. HIPAA
B. HLPDA
C. HCPA
D. USHIPA

 

21. What is the maximum fine for those who wrongfully disclose individually identifiable health information with the intent to sell it? 
A. $100,000
B. $250,000
C. $500,000
D. $1,000,000

 

22. The ____ Act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information. 
A. Gramm-Leach-Bliley
B. Sarbanes-Oxley
C. California Database Security Breach
D. USA Patriot

 

23. The single most expensive malicious attack was the 2000 ____, which cost an estimated $8.7 billion. 
A. Nimda
B. Slammer
C. Love Bug
D. Code Red

 

24. ____ are a loose-knit network of attackers, identity thieves, and financial fraudsters. 
A. Cybercriminals
B. Cyberterrorists
C. Computer spies
D. Hackers

 

25. Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information is sometimes known as ____. 
A. spam
B. phishing
C. cybercrime
D. cyberterrorism

 

26. What is another name for unsolicited e-mail messages? 
A. spam
B. spawn
C. trash
D. scam

 

27. _________________________ is focused on protecting the valuable electronic information of organizations and users. 
________________________________________

 

28. Security ____________________ have both technical knowledge and managerial skills and analyze and design security solutions within a specific entity. 
________________________________________

 

29. In a general sense, ____________________ may be defined as the necessary steps to protect a person or property from harm. 
________________________________________

 

30. ____________________  provides tracking of events. 
________________________________________

 

31. An example of a(n) ____________________ that information security must deal with is a software defect in an operating system that allows an unauthorized user to gain access to a  computer without the user’s knowledge or permission. 
________________________________________

 

32. Match the following terms to the appropriate definitions. 

1. the likelihood that a threat agent will exploit a vulnerability 

     risk 

  ____ 

2. an event or action that might defeat security measures in place and result in a loss 

     cyberterrorism 

  ____ 

3. a person who has been hired to break into a computer and steal information 

     threat agent 

  ____ 

4. a person or thing that has the power to carry out a threat 

     computer spy 

  ____ 

5. a weakness that allows a threat agent to bypass security 

     asset 

  ____ 

6. plans and policies established by an organization to ensure that people correctly use the products 

     exploit 

  ____ 

7. to take advantage of a vulnerability 

     threat 

  ____ 

8. intended to cause panic, provoke violence, or result in a financial catastrophe 

     vulnerability 

  ____ 

9. something that has value 

     procedures 

  ____ 

 

33. List and describe two of the four generally recognized security positions. 


 


 


 


 

 

34. Why is the speed of attacks making the challenge of keeping computers secure more difficult? 


 


 


 


 

 

35. Discuss why delays in patching are making information security more difficult. 


 


 


 


 

 

36. List and describe three of the characteristics of information that must be protected by information security? 


 


 


 


 

 

37. Information security is achieved through a combination of what three entities? Provide at least one example of each entity. 


 


 


 


 

 

38. List three of the federal and state laws that have been enacted to protect the privacy of electronic data. 


 


 


 


 

 

39. What is a hacker? 


 


 


 


 

 

40. Describe script kiddies. 


 


 


 


 

 

41. Briefly describe computer spies. 


 


 


 


 

 

42. Describe the security principle of simplicity. 


 


 


 


 

 
Chapter 1: Introduction to Security Key
 

1. The demand for IT professionals who know how to secure networks and computers is at an all-time low. 
FALSE

 

2. Recent employment trends indicate that employees with security certifications are in high demand. 
TRUE

 

3. The CompTIA Security+ Certification is aimed at an IT security professional with the recommended background of a minimum of two years experience in IT administration, with a focus on security. 
TRUE

 

4. Weakness in software can be more quickly uncovered and exploited with new software tools and techniques. 
TRUE

 

5. In a general sense, assurance may be defined as the necessary steps to protect a person or property from harm. 
FALSE

 

6. An information security ____ position focuses on the administration and management of plans, policies, and people. 
A. manager
B. engineer
C. auditor
D. inspector

 

7. A study by Foote Partners showed that security certifications earn employees ____ percent more pay than their uncertified counterparts. 
A. 10 to 14
B. 12 to 15
C. 13 to 14
D. 14 to 16

 

8. The position of ____ is generally an entry-level position for a person who has the necessary technical skills. 
A. security technician
B. security administrator
C. CISO
D. security manager

 

9. ____ attacks are responsible for half of all malware delivered by Web advertising. 
A. “Canadian Pharmacy”
B. Fake antivirus
C. Melissa
D. Slammer

 

10. Approximately ____ percent of households in the United States use the Internet for managing their finances. 
A. 60
B. 70
C. 80
D. 90

 

11. In a ____ attack, attackers can attackers use hundreds or thousands of computers in an attack against a single computer or network. 
A. centered
B. local
C. remote
D. distributed

 

12. The term ____ is frequently used to describe the tasks of securing information that is in a digital format. 
A. network security
B. information security
C. physical security
D. logical security

 

13. ____ ensures that only authorized parties can view information. 
A. Security
B. Availability
C. Integrity
D. Confidentiality

 

14. ____ ensures that information is correct and that no unauthorized person or malicious software has altered that data. 
A. Availability
B. Confidentiality
C. Integrity
D. Identity

 

15. ____ ensures that the individual is who they claim to be (the authentic or genuine person) and not an imposter. 
A. Encryption
B. Authentication
C. Authorization
D. Accounting

 

16. In information security, a loss can be ____. 
A. theft of information
B. a delay in transmitting information that results in a financial penalty
C. the loss of good will or a reputation
D. all of the above

 

17. In information security, an example of a threat agent can be ____. 
A. a force of nature such as a tornado that could destroy computer equipment
B. a virus that attacks a computer network
C. an unsecured computer network
D. both a and b

 

18. Business ____ theft involves stealing proprietary business information such as research for a new drug or a list of customers that competitors are eager to acquire. 
A. identity
B. data
C. plan
D. record

 

19. ____ involves stealing another person’s personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain. 
A. Cyberterrorism
B. Identity theft
C. Phishing
D. Scam

 

20. Under the ____, health care enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format. 
A. HIPAA
B. HLPDA
C. HCPA
D. USHIPA

 

21. What is the maximum fine for those who wrongfully disclose individually identifiable health information with the intent to sell it? 
A. $100,000
B. $250,000
C. $500,000
D. $1,000,000

 

22. The ____ Act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information. 
A. Gramm-Leach-Bliley
B. Sarbanes-Oxley
C. California Database Security Breach
D. USA Patriot

 

23. The single most expensive malicious attack was the 2000 ____, which cost an estimated $8.7 billion. 
A. Nimda
B. Slammer
C. Love Bug
D. Code Red

 

24. ____ are a loose-knit network of attackers, identity thieves, and financial fraudsters. 
A. Cybercriminals
B. Cyberterrorists
C. Computer spies
D. Hackers

 

25. Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information is sometimes known as ____. 
A. spam
B. phishing
C. cybercrime
D. cyberterrorism

 

26. What is another name for unsolicited e-mail messages? 
A. spam
B. spawn
C. trash
D. scam

 

27. _________________________ is focused on protecting the valuable electronic information of organizations and users. 
Information security

 

28. Security ____________________ have both technical knowledge and managerial skills and analyze and design security solutions within a specific entity. 
administrators

 

29. In a general sense, ____________________ may be defined as the necessary steps to protect a person or property from harm. 
security

 

30. ____________________  provides tracking of events. 
Accounting

 

31. An example of a(n) ____________________ that information security must deal with is a software defect in an operating system that allows an unauthorized user to gain access to a  computer without the user’s knowledge or permission. 
vulnerability

 

32. Match the following terms to the appropriate definitions. 

1. the likelihood that a threat agent will exploit a vulnerability 

     risk 

  1 

2. an event or action that might defeat security measures in place and result in a loss 

     cyberterrorism 

  8 

3. a person who has been hired to break into a computer and steal information 

     threat agent 

  4 

4. a person or thing that has the power to carry out a threat 

     computer spy 

  3 

5. a weakness that allows a threat agent to bypass security 

     asset 

  9 

6. plans and policies established by an organization to ensure that people correctly use the products 

     exploit 

  7 

7. to take advantage of a vulnerability 

     threat 

  2 

8. intended to cause panic, provoke violence, or result in a financial catastrophe 

     vulnerability 

  5 

9. something that has value 

     procedures 

  6 

 

33. List and describe two of the four generally recognized security positions. 

Chief Information Security Officer (CISO). This person reports directly to the CIO (large organizations may have more layers of management for reporting). Other titles used are Manager for Security and Security Administrator. They are responsible for the assessment, management, and implementation of security.

Security manager. The security manager reports to the CISO and supervises technicians, administrators, and security staff. Typically, a security manager works on tasks identified by the CISO and resolves issues identified by technicians. This position requires an understanding of configuration and operation but not necessarily technical mastery.

Security administrator. The security administrator has both technical knowledge and managerial skills. A security administrator manages daily operations of security technology, and may analyze and design security solutions within a specific entity as well as identify users’ needs.

Security technician. This is generally an entry-level position for a person who has the necessary technical skills. Technicians provide technical support to configure security hardware, implement security software, and diagnose and troubleshoot problems.

 

34. Why is the speed of attacks making the challenge of keeping computers secure more difficult? 

With modern tools at their disposal, attackers can quickly scan systems to find weaknesses and launch attacks with unprecedented speed. Many tools can even initiate new attacks without any human participation, thus increasing the speed at which systems are attacked.

 

35. Discuss why delays in patching are making information security more difficult. 

Hardware and software vendors are overwhelmed trying to keep pace with updating their products against attacks. One antivirus software vendor receives over 200,000 submissions of potential malware each month. At this rate, the antivirus vendors would have to update and distribute their updates every 10 minutes to keep users protected. The delay in vendors patching their own products adds to the difficulties in defending against attacks.

 

36. List and describe three of the characteristics of information that must be protected by information security? 

Three of the characteristics of information that must be protected by information security are:
1. Confidentiality—Confidentiality ensures that only authorized parties can view the information.
2. Integrity—Integrity ensures that the information is correct and no unauthorized person
or malicious software has altered that data.
3. Availability—Availability ensures that data is accessible to authorized users.

 

37. Information security is achieved through a combination of what three entities? Provide at least one example of each entity. 

1.  Products (physical security):  The physical security around the data. May be as basic as door locks or as complicated as intrusion-detection systems and firewalls.
2.  People (personnel security):  Those who implement and properly use security products to protect data.
3.  Procedures (organizational security): Plans and policies established by an organization to ensure that people correctly use the products.

 

38. List three of the federal and state laws that have been enacted to protect the privacy of electronic data. 

1.  The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
2.  The Sarbanes-Oxley Act of 2002 (Sarbox)
3.  The Gramm-Leach-Bliley Act (GLBA)
4.  The California Database Security Breach Act (2003)

 

39. What is a hacker? 

In the past, the term hacker was commonly used to refer to a person who uses advanced computer skills to attack computers. White hat hackers said that their goal was only to expose security flaws and not steal or corrupt data. Although breaking into another computer system is illegal, they considered it acceptable as long as they did not commit theft, vandalism, or breach any confidentiality while trying to improve security by seeking out vulnerabilities. In contrast, the term black hat hackers was used to refer to attackers whose motive was malicious and destructive.

However, today the term hacker has been replaced with the more generic term attacker, without any attempt to distinguish between the motives. Although “hacker” is often used by the mainstream media to refer to an attacker, this term is no longer commonly used by the security community.

 

40. Describe script kiddies. 

Script kiddies are individuals who want to break into computers to create damage yet lack the advanced knowledge of computers and networks needed to do so. Instead, script kiddies do their work by downloading automated attack software (scripts) from Web sites and using it to perform malicious acts.

Today, these scripts have been replaced by attack software with menu systems. This makes creating attacks even easier for these unskilled users.

 

41. Briefly describe computer spies. 

A computer spy is a person who has been hired to break into a computer and steal information. Spies do not randomly search for unsecured computers to attack as script kiddies and other attackers do; rather, spies are hired to attack a specific computer or system that contains sensitive information. Their goal is to break into that computer and take the information without drawing any attention to their actions. Spies generally possess excellent computer skills to attack and then cover their tracks.

 

42. Describe the security principle of simplicity. 

Because attacks can come from a variety of sources and in many ways, information security is by its very nature complex. The more complex something becomes, the more difficult it is to understand. A security guard who does not understand how motion detectors interact with infrared trip lights may not know what to do when one system alarm shows an intruder but the other does not. In addition, complex systems allow many opportunities for something to go wrong. In short, complex systems can be a thief’s ally.

The same is true with information security. Complex security systems can be hard to understand, troubleshoot, and feel secure about. As much as possible, a secure system should be simple for those on the inside to understand and use. Complex security schemes are often compromised to make them easier for trusted users to work with—yet this can also make it easier for the attackers. In short, keeping a system simple from the inside but complex on the outside can sometimes be difficult but reaps a major benefit.

 


Share in:

Related:

Chapter 1: Introduction to Security iconIntroduction for Information Security Manual

Chapter 1: Introduction to Security iconChapter 02: The Need for Security

Chapter 1: Introduction to Security iconChapter 2: Planning for Security

Chapter 1: Introduction to Security iconChapter 2: Windows Security

Chapter 1: Introduction to Security iconChapter 02 Planning for Security

Chapter 1: Introduction to Security iconChapter 2: e-mail Security

Chapter 1: Introduction to Security iconChapter 1: Information Security Is Important

Chapter 1: Introduction to Security iconChapter 2: Computing Security and Ethics

Chapter 1: Introduction to Security iconChapter 2: Organizing Public Security in the United States

Chapter 1: Introduction to Security iconChapter 1: An Overview of Information Security and Risk Management




forms and shapes


When copying material provide a link © 2017
contacts
filling-form.info
search