Ethics in Information Technology 5th Edition George Reynolds- Test Bank

 

To Purchase this Complete Test Bank with Answers Click the link Below

 

https://tbzuiqe.com/product/ethics-in-information-technology-5th-edition-george-reynolds-test-bank/

 

If face any problem or Further information contact us At tbzuiqe@gmail.com

 

 

Sample Test

Ch03_Computer_and_Internet_Crime

1.    

2.   VishingfrequentlyleadsconsumerstocounterfeitWebsitesdesignedtotrickthemintoinitiatingadenial-of-service

1.   True

2.   False

 

ANSWER: False

 

3.   TheFifthAmendmentregulatesthecollectionofthecontentofwireandelectronic

1.   True

2.   False

 

ANSWER: False

 

4.   Smartandtalentedhackerswhoaretechnicallyineptarereferredtoaslamersorscriptkiddiesbymoreskilled

1.   True

2.   False

 

ANSWER: True

 

5.   Computervirusesdifferfromwormsinthatvirusescanpropagatewithouthumanintervention,oftensendingcopiesofthemselvestoothercomputersby

1.   True

2.   False

 

ANSWER: False

 

6.   Thecosttorepairtheworldwidedamagedonebyacomputerwormhasexceeded$1billiononmorethan

1.   True

2.   False

 

ANSWER: True

 

7.   Thesecurityofanysystemornetworkisacombinationoftechnology,policy,andpeopleandrequiresawiderangeofactivitiestobe

1.   True

2.   False

 

ANSWER: True

 

8.   Accordingtothe2010/11CSIComputerCrimeandSecuritySurvey,malwareinfectionincidentswerethemostcommonsecurity

1.   True

2.   False

 

ANSWER: True

 

9.   Aspear-phishingattacktypicallyemploysagroupofzombiestokeepthetargetsobusyrespondingtoastreamofautomatedrequeststhatlegitimateuserscannotaccessthe

1.   True

2.   False

 

ANSWER: False

 

10.                Rootkitisasetofprogramsthatenablesitsuserstogainadministrator-levelaccesstoacomputerwithouttheend

user’sconsentorknowledge.

1.   True

2.   False

 

ANSWER: True

 

11.                Trojanhorsehasbecomeanumbrellatermformanytypesofmalicious

1.   True

2.   False

 

ANSWER: False

 

12.                Thecostofcreatinganemailcampaignforaproductoraserviceistypicallymoreexpensiveandtakeslongertoconductthanadirect-mail

1.   True

2.   False

 

ANSWER: False

 

13.                Fraudbymaliciousinsidersofteninvolvessomeformofcollusion,orcooperation,betweenanemployeeand

1.   True

2.   False

 

ANSWER: True

 

14.                Competitiveintelligenceisconductedbyindustrial

1.   True

2.   False

 

ANSWER: False

 

15.                Maliciousinsidersmeanwellbuthavethepotentialtocauseconsiderabledamagethroughtheir

1.   True

2.   False

 

ANSWER: False

 

 

16.                TheUSAPatriotActdefinescyberterrorismashackingattemptsthatcause$5,000inaggregatedamageinoneyeartomedicalequipment,orthatcauseinjurytoany

1.   True

2.   False

 

ANSWER: True

 

17.                Acompletedriskassessmentidentifiesthemostdangerousthreatstoacompanyandhelpsfocussecurityeffortsontheareasofhighest

1.   True

2.   False

 

ANSWER: True

 

18.                Asecuritypolicyoutlinesexactlywhatneedstobedonetosafeguardcomputersandtheirdata,butnothowitmustbe

1.   True

2.   False

 

ANSWER: True

 

19.                Wheneverpossible,automatedsystemrulesshouldmirroranorganization’swritten

1.   True

2.   False

 

ANSWER: True

 

20.                Employeesandcontractworkersmustbeeducatedabouttheimportanceofsecuritysothattheywillbemotivatedtounderstandandfollowthesecurity

1.   True

2.   False

 

ANSWER: True

 

21.                Computerforensicsissuchanewfieldthatthereislittletrainingorcertificationprocessesavailableto

1.   True

2.   False

 

ANSWER: False

 

22.                Installationofacorporatefirewallistheleastcommonsecurityprecautiontakenbybusinessesasitdoesnotprovidesufficient

1.   True

2.   False

 

ANSWER: False

 

 

23.                Asasafeguardagainstattacksbymaliciousinsiders,organizationsmustdefineemployeerolessothatasingleemployeecaninputaswellasapprovepurchase

1.   True

2.   False

 

ANSWER: False

 

24.                Itisnotunusualforasecurityaudittorevealthattoomanypeoplehaveaccesstocriticaldataandthatmanypeoplehavecapabilitiesbeyondthoseneededtoperformtheir

1.   True

2.   False

 

ANSWER: True

 

25.                Evenwhenpreventivemeasuresareimplemented,noorganizationiscompletelysecurefromadeterminedcomputer

1.   True

2.   False

 

ANSWER: True

 

26.                Discussingsecurityattacksthroughpublictrialsandtheassociatedpublicityhasnotonlyenormouspotentialcostsinpublicrelationsbutrealmonetarycostsas

1.   True

2.   False

 

ANSWER: True

 

27.                Inasecurityincident,theprimarygoalmustbetoregaincontrolandlimitdamage,andnottoattempttomonitororcatchan

1.   True

2.   False

 

ANSWER: True

 

28.                Theuseofcloudcomputingandvirtualizationsoftwarehassignificantlyreducedcomputersecurity

1.   True

2.   False

 

ANSWER: False

 

29.                Hacktivisminvolvesusingillegalmeanstoobtaintradesecretsfrom

1.   True

2.   False

 

ANSWER: False

 

 

30.                Anintrusiondetectionsystemmonitorssystemandnetworkresourcesandactivities,andnotifiesthenetworksecuritywhenitdetectsattemptstocircumventthesecuritymeasuresofanetworkedcomputer

1.   True

2.   False

 

ANSWER: True

 

31.                Competitiveintelligencecombineselementsoflawandcomputersciencetoidentify,collect,examine,andpreservedatasothatitisadmissibleinacourtof

1.   True

2.   False

 

ANSWER: False

 

32.                Oftenasuccessfulattackonaninformationsystemisduetopoorsystemdesignorimplementation.Oncesuchavulnerabilityisdiscovered,softwaredevelopersquicklycreateandissuea toeliminatethe

1.   patch bot

c.rootkit        d.Trojanhorse

 

ANSWER: a

 

33.                The isapartnershipbetweentheDepartmentofHomelandSecurityandthepublicandprivatesectors,

establishedin2003toprotectthenation’sInternetinfrastructureagainstcyberattacks.

1.   CarnegieMellon’sComputerResponseTeam

2.   S.ComputerEmergencyReadinessTeam

3.   TheNationalInstituteofStandardsandTechnology

4.   TheScienceandTechnologyDirectorateofHomelandSecurity

 

ANSWER: b

 

34.                The codegetsarootkitinstallationstartedandcanbeeasilyactivatedbyclickingonalinktoamaliciousWebsiteinanemailoropeninganinfectedPDF

1.   logicbomb zombie

c.dropper           d.loader

 

ANSWER: c

 

35.                Theconcept of recognizesthatmanagersmustusetheirjudgmenttoensurethatthecostofcontroldoesnot

exceedthesystem’sbenefitsortherisksinvolved.

1.   competitive intelligence reasonableassurance

c.separation of duties          d.riskassessment

 

ANSWER: b

 

 

36.                The isafederallawthatprovidesadefinitionofthetermcyberterrorismandunderwhichyoungpeopleprimarilyinvolvedinwhattheyconsidertobeminorcomputerprankshavebeentriedas

1.   USA Patriot Act ComputerFraudandAbuseAct

 

1.   StoredWireandElectronicCommunicationsandTransactionalRecordsAccessStatutes

1.   IdentityTheftandAssumptionDeterrenceAct

 

 

ANSWER: a

 

 

37.                 

havebecomeacommonandeasilycreatedformofmalwarethatarecreatedusingapplicationssuchas

 

VisualBasicorVBScript.

1.   Macro viruses Logicbombs

c.Trojanhorses        d.Zombies

 

ANSWER: a

 

38.                Thefundamentalproblemwithtryingtodetectarootkitisthattheoperatingsystemcannotbetrustedtoprovide

_____.

1.   valid test results correctsystemloginids

c.thecorrectdateandtime         d.sufficientmemoryforoperations

 

ANSWER: a

 

39.                istheabuseofemailsystemstosendunsolicitedemailtolargenumbersof

1.   Abotnet Spam

c.Logicbombing         d.Aworm

 

ANSWER: b

 

40.                The protectsagainstunreasonablesearchand

1.   Fourth Amendment FifthAmendment

c.Wiretap Act                 d.PenRegistersandTrapandTraceDevicesStatute

 

ANSWER: a

 

41.                Spammerscandefeattheregistrationprocessoffreeemailservicesbylaunchingacoordinated attackthatcansignupforthousandsofuntraceableemail

1.   distributeddenial-of-service bot

c.CAPTCHA                              d.logicbomb

 

ANSWER: b

 

 

42.                testthelimitationsofinformationsystemsoutofintellectualcuriositytoseewhethertheycangainaccessandhowfartheycan

1.   Industrialspies Hackers

c.Cyberterrorists      d.Hacktivists

 

ANSWER: b

 

43.                A(n) isatypeofcomputercrimeperpetratorwhoseprimarymotiveistoachievefinancial

1.   industrialspy hacktivist

c.scriptkiddie        d.cybercriminal

 

ANSWER: d

 

44.                Asoftwareand/orhardwarethatmonitorssystemandnetworkresourcesandactivities,andnotifiesnetworksecuritypersonnelwhenitidentifiesnetworktrafficthatattemptstocircumventthesecuritymeasuresofanetworkedcomputerenvironmentisa(n) .

1.   anti-virusdevice intrusionpreventionsystem

c.intrusiondetectionsystem      d.virtualprivatenetwork

 

ANSWER: c

 

45.                A isaformofTrojanhorsewhichexecuteswhenitistriggeredbyaspecificeventsuchasachangeinaparticularfile,bytypingaspecificseriesofkeystrokes,orbyaspecifictimeor

1.   denial-of-serviceattack logicbomb

c.botnet                                d.rootkit

 

ANSWER: b

 

46.                In computing, a(n) isatermforanysortofgeneralattackonaninformationsystemthattakesadvantageofaparticularsystem

1.   exploit patch

c.firewall      d.securityaudit

 

ANSWER: a

 

47.                Anantivirussoftwarescansforaspecificsequenceofbytes,knownasa ,thatindicatesthepresenceofspecific

1.   scriptkiddie virussignature

c.CAPTCHA       d.Trojanhorse

 

ANSWER: b

 

 

48.                isanannualgatheringinLasVegasofcomputer

1.   Woodstock DEFCON

c.ComputerSecurityInstituteconvention      d.CAPTCHA

 

ANSWER: b

 

49.                A attackkeepsthetargetsobusyrespondingtoastreamofautomatedrequeststhatlegitimateuserscannotget

1.   spam rootkit

c.logicbomb        d.distributeddenial-of-service

 

ANSWER: d

 

50.                pledgedtodeliveronatrustworthycomputinginitiativeanddefinedfourpillarsoftrustworthy

1.   IBM Microsoft

c.Oracle       d.HewlettPackard

 

ANSWER: b

 

51.                Astrongsecurityprogrambeginsby .

1.   assessingthethreatstoanorganization’scomputersandnetwork

2.   authorizingalargebudgettopayforthenecessaryhardwareandsoftware

3.   hiringachiefsecurityofficer

4.   monitoringthenetworkforpotentialintrusions

 

ANSWER: a

 

52.                The policyisatemplateavailablefromtheSANSInstitutethatdefinesthemeanstoestablishacultureofopenness,trust,andintegrityinbusiness

1.   informationsensitivity riskassessment

c.ethics                               d.voice-mailpolicy

 

ANSWER: c

 

53.                Installationof a corporate isthemostcommoncomputersecurityprecautiontakenby

1.   emergencyresponseteam rootkit

c.virtualprivatenetwork            d.firewall

 

ANSWER: d

 

54.                A isdefinedasanexploitthattakesplacebeforethesecuritycommunityorsoftwaredeveloperknowsaboutthevulnerabilityorhasbeenabletorepair

1.   logicbomb DDoSattack

c.zero-dayattack       d.rootkit

 

ANSWER: c

 

55.                istheactoffraudulentlyusingemailtotrytogettherecipienttorevealpersonal

1.   Pharming Phishing

c.Spamdexing      d.Flyposting

 

ANSWER: b

 

56.                isthesendingoffraudulentemailstoanorganization’semployeesdesignedtolookliketheycamefromhigh­

levelexecutivesfromwithintheorganization.

1.   Spamdexing Vishing

c.Smishing            d.Spear-phishing

 

ANSWER: d

 

57.                arepoorlytrainedandinadequatelymanagedemployeeswhomeanwellbuthavethepotentialtocausemuch

1.   Whistleblowers Negligentinsiders

c.Maliciousinsiders      d.Industrialspies

 

ANSWER: b

 

58.                A(n) worksbyusingtheInternettorelaycommunications;itmaintainsprivacythroughsecurityproceduresandtunnelingprotocols,whichencryptdataatthesendingendanddecryptitatthereceiving

1.   firewall socialnetwork

c.intrusiondetectiondevice      d.virtualprivatenetwork

 

ANSWER: d

 

59.                BeforetheITsecuritygroupcanbeginaneradicationeffort,itmust .

1.   seek permission of the firm’s legal counsel collectandlogallpossiblecriminalevidencefromthesystem

c.considerthepotentialfornegativepublicity       d.developanestimateforthemonetarydamagecaused

 

ANSWER: b

 

60.                Technically,a(n) isapieceofprogrammingcode,usuallydisguisedassomethingelse,thatcausesacomputertobehaveinanunexpectedandusuallyundesirable

1.   virus operatingsystem

c.zombie       d.CAPTCHA

 

ANSWER: a

 

 

61.                The regulatesthecollectionofthecontentofwireandelectronic

1.   Fourth Amendment FifthAmendment

c.Wiretap Act                 d.PenRegistersandTrapandTraceDevicesStatute

 

ANSWER: c

 

62.                operatesinasoftwarelayerthatrunsontopoftheoperating

 

ANSWER: Virtualizationsoftware

 

63.                A(n) isaharmfulprogramthatresidesintheactivememoryofthecomputerandduplicates

 

ANSWER: worm

 

64.                A(n) isaformofmalwareinwhichmaliciouscodeishiddeninsideaseeminglyharmless

 

ANSWER: Trojanhorse

 

65.                Workersinmanyorganizationsoperateina(n) environmentinwhichsoftwareanddatastorageareservicesprovidedviathe

 

ANSWER: cloudcomputing

 

66.                Alargegroupofcomputerscontrolledfromoneormoreremotelocationsbyhackerswithouttheknowledgeorconsentoftheirownersiscalleda(n) .

 

ANSWER: botnet

 

67.                differfromvirusesinthattheypropagatewithouthumanintervention,sendingcopiesofthemselvestoothercomputersby

 

ANSWER: Worms

 

68.                detractsrecipientsfromtheabilityofrecipientstocommunicateeffectivelyduetofullmailboxesandrelevantemailsbeinghiddenamongmanyunsolicited

 

ANSWER: Spam

 

69.                Spammerscandefeattheregistrationprocessoffreee-mailservicesbylaunchingacoordinatedbotattackthatcansign upforthousands ofemailaccounts. Apartialsolution tothisproblem istheuse of toensurethatonlyhumansobtainfree

 

ANSWER: CAPTCHA

 

70.                The Actwentintoeffectin2004andstatesthatitislegaltospam,providedthemessagesmeetafewbasic

 

ANSWER: CAN-SPAM

 

71.                Usingtextmessaging(SMS)fraudulentlytotrytogettherecipienttorevealpersonaldataiscalled .

 

ANSWER: smishing

72.                Theuseofvoicemailtotellsomeonetocallaphonenumber,oraccessaWebsite,inanattempttogainpersonalinformation aboutthat personiscalled .

 

ANSWER: vishing

 

73.                A(n) isasecurityincidentpreventiontoolthatevaluateswhetheranorganizationhasawell-consideredsecurity policyinplace andifitis being

 

ANSWER: securityaudit

 

74.                hasbecomeanumbrellatermformanytypesofmalicious

 

ANSWER: Computervirus

 

75.                Toinitiateadenial­of­serviceattack,atinyprogramisdownloadedsurreptitiouslyfromtheattacker’scomputertodozens,hundreds,oreventhousandsofcomputersallovertheworld.Basedonacommandbytheattackeroratapreset time,thebotnetcomputers,called ,gointoaction,eachsendingasimplerequestforaccesstothetargetsiteagainand

 

ANSWER: zombies

 

76.                The ActaddressesthedisclosureofstoredwiredandelectroniccommunicationsandtransactionrecordsbyInternetservice

 

ANSWER: StoredWireandElectronicCommunicationsAct

 

77.                Anemployeewhoseekstodisrupthisfirm’sinformationsystemsortousethemtoseekfinancialgainiscalleda(n)

_____.

 

ANSWER: maliciousinsider

 

78.                Thecooperationbetweenanemployeeofacompanyandanoutsidertocommitfraudagainstthecompanyiscalled

_____.

 

ANSWER: collusion

 

79.                islegallyobtainedinformationgatheredusingsourcesavailabletothe

 

ANSWER: Competitiveintelligence

 

80.                The encouragesprivateindustrytoshareconfidentialinformationaboutthenation’scriticalinfrastructurewiththeDepartmentofHomelandSecurityundertheassurancethattheinformationwillbeprotectedfrompublic

 

ANSWER: ProtectedCriticalInfrastructureInformationProgram

 

81.                Peoplewhouseillegalmeanstoobtaintradesecretsfromacompetitorarecalled .

 

ANSWER: industrialspies

 

 

82.                Hackingto achieve a political or social goal isknown as .

 

ANSWER: hacktivism

 

83.                Debitandcreditcardswhichcontainamemorychipthatisupdatedwithencrypteddataeverytimethecardsareusedarecalled .

 

ANSWER: smartcards

 

84.                isamethodofcomputingthatdeliverssecure,private,andreliablecomputingexperiencesbasedonsoundbusiness

 

ANSWER: Trustworthycomputing

 

85.                Theprocessofassessingsecurity­relatedrisksfrombothinternalandexternalthreatstoanorganization’scomputers

andnetworksiscalled            .

 

ANSWER: riskassessment

 

86.                The leadsthefederalgovernment’seffortsin“securingciviliangovernmentcomputersystems,andworkswithindustryandstate,local,tribal,andterritorialgovernmentstosecurecriticalinfrastructureandinformation”

 

ANSWER: DepartmentofHomelandSecurity

 

87.                Definecomputerforensicsandbrieflydescribehowonemayprepareforaroleasacomputerforensics

 

ANSWER: Computerforensicsisadisciplinethatcombineselementsoflawandcomputersciencetoidentify,collect,examine,andpreservedatafromcomputersystems,networks,andstoragedevicesinamannerthatpreservestheintegrityofthedatagatheredsothatitisadmissibleasevidenceinacourtoflaw.

 

Extensivetrainingandcertificationincreasesthestatureofacomputerforensicsinvestigatorinacourtoflaw.Therearenumerouscertificationsrelatedtocomputerforensics,includingtheCCE(CertifiedComputerExaminer),CISSP(CertifiedInformationSystemsSecurityProfessional),CSFA(CyberSecurityForensicAnalyst),andGCFA(GlobalInformationAssuranceCertificationCertifiedForensicsAnalyst).TheEnCECertifiedExaminerprogramcertifiesprofessionalswhohavemasteredcomputerinvestigationmethodsaswellastheuseofGuidanceSoftware’sEnCasecomputerforensicssoftware.Numerousuniversities(bothonlineandtraditional)offerdegreesspecializingincomputerforensics.Suchdegreeprogramsshouldincludetraininginaccounting,particularlyauditing,asthisisveryusefulintheinvestigationofcasesinvolvingfraud.Acomputerforensicsinvestigatormustalsobeknowledgeableaboutthevariouslawsthatapplytothegatheringofevidence.

 

 

88.                Identifysafeguardsthatshouldbeimplementedtoprotectagainstattacksbymalicious

 

ANSWER: Thereareseveralstepsorganizationscantaketoreducethepotentialforattacksfrominsiders,includingthefollowing:

 

• Performathoroughbackgroundcheckaswellaspsychologicalanddrugtestingofcandidatesfor

sensitivepositions.

• Establishanexpectationofregularandongoingpsychologicalanddrugtestingasanormalroutinefor

peopleinsensitivepositions.

• Carefullylimitthenumberofpeoplewhocanperformsensitiveoperations,andgrantonlytheminimum

rightsandprivilegesnecessarytoperformessentialduties.

• Definejobrolesandproceduressoitisnotpossibleforthesamepersontobothinitiateandapprovean

action.

• Periodicallyrotateemployeesinsensitivepositionssothatanyunusualprocedurescanbedetectedby

thereplacement.

• Immediatelyrevokeallrightsandprivilegesrequiredtoperformoldjobresponsibilitieswhensomeone

inasensitivepositionmovestoanewposition.

• Implementanongoingauditprocesstoreviewkeyactionsand

 

 

89.                Identifyandbrieflydiscussfourreasonswhythenumber,variety,andimpactofsecurityincidentsis

 

ANSWER: Intoday’scomputingenvironmentofincreasingcomplexity,higheruserexpectations,expandingandchangingsystems,andincreasedrelianceonsoftwarewithknownvulnerabilities,itisnowonderthatthenumber,variety,andimpactofsecurityincidentsisincreasingdramatically.

 

IncreasingComplexityIncreasesVulnerability

 

Thecomputingenvironmenthasbecomeenormouslycomplex.Networks,computers,operatingsystems,applications,Websites,switches,routers,andgatewaysareinterconnectedanddrivenbyhundredsofmillionsoflinesofcode.Thisenvironmentcontinuestoincreaseincomplexityeveryday.Thenumberofpossibleentrypointstoanetworkexpandscontinuallyasmoredevicesareadded,increasingthepossibilityofsecuritybreaches.

 

HigherComputerUserExpectations

 

Today,timemeansmoney,andthefastercomputeruserscansolveaproblem,thesoonertheycanbeproductive.Asaresult,computerhelpdesksareunderintensepressuretorespondveryquicklytousers’questions.Underduress,helpdeskpersonnelsometimesforgettoverifyusers’identitiesortocheckwhethertheyareauthorizedtoperformarequestedaction.Inaddition,eventhoughtheyhavebeenwarnedagainstdoingso,somecomputeruserssharetheirloginIDandpasswordwithothercoworkerswhohaveforgottentheirownpasswords.Thiscanenableworkerstogainaccesstoinformationsystemsanddataforwhichtheyarenotauthorized.

 

ExpandingandChangingSystemsIntroduceNewRisks

 

Businesshasmovedfromaneraofstand-alonecomputers,inwhichcriticaldatawasstoredonanisolatedmainframecomputerinalockedroom,toanetworkerainwhichpersonalcomputersconnecttonetworkswithmillionsofothercomputers,allcapableofsharinginformation.Businesseshavemovedquicklyintoe-commerce,mobilecomputing,collaborativeworkgroups,globalbusiness,andinterorganizationalinformationsystems.Informationtechnologyhasbecomeubiquitousandisanecessarytoolfororganizationstoachievetheirgoals.However,itisincreasinglydifficulttokeepupwiththepaceoftechnologicalchange,successfullyperformanongoingassessmentofnewsecurityrisks,andimplementapproachesfordealingwiththem.

 

IncreasedRelianceonCommercialSoftwarewithKnownVulnerabilities

 

Incomputing,anexploitisanattackonaninformationsystemthattakesadvantageofaparticularsystemvulnerability.Often,thisattackisduetopoorsystemdesignorimplementation.Oncethevulnerabilityisdiscovered,softwaredevelopersquicklycreateandissuea“fix”orpatchtoeliminatetheproblem.Usersofthesystemorapplicationareresponsibleforobtainingandinstallingthepatch,whichtheycanusuallydownloadfromtheWeb.(Thesefixesareinadditiontoothermaintenanceandprojectworkthatsoftwaredevelopersperform.)Anydelayininstallingapatchexposestheusertoasecuritybreach.

 

U.S.companiesincreasinglyrelyoncommercialsoftwarewithknownvulnerabilities.Evenwhenvulnerabilitiesareexposed,manycorporateITorganizationsprefertousealreadyinstalledsoftware“asis”ratherthanimplementsecurityfixesthatwillmakethesoftwarehardertouseoreliminate“nice­to­have”featuressuggestedbycurrentusersorpotentialcustomersthatwillhelpsellthesoftware.

 

90.                StatethepurposeofanITsecurityauditandbrieflydiscussthekeyelementsofsuchan

 

ANSWER: Animportantpreventiontoolisasecurityauditthatevaluateswhetheranorganizationhasawell-consideredsecuritypolicyinplaceandifitisbeingfollowed.Forexample,ifapolicysaysthatallusersmustchangetheirpasswordsevery30days,theauditmustcheckhowwellthepolicyisbeingimplemented.Theauditalsoshouldreviewwhohasaccesstoparticularsystemsanddataandwhatlevelofauthorityeachuserhas.Itisnotunusualforanaudittorevealthattoomanypeoplehaveaccesstocriticaldataandthatmanypeoplehavecapabilitiesbeyondthoseneededtoperformtheirjobs.Oneresultofagoodauditisalistofitemsthatneedtobeaddressedinordertoensurethatthesecuritypolicyisbeingmet.

 

Athoroughsecurityauditalsoshouldtestsystemsafeguardstoensurethattheyareoperatingasintended.Suchtestsmightincludetryingthedefaultsystempasswordsthatareactivewhensoftwareisfirstreceivedfromthevendor.Thegoalofsuchatestistoensurethatallsuch“known”passwordshavebeenchanged.

 

Someorganizationswillalsoperformapenetrationtestoftheirdefenses.Thisentailsassigningindividualstotrytobreakthroughthemeasuresandidentifyvulnerabilitiesthatstillneedtobeaddressed.Theindividualsusedforthistestareoftencontractorsratherthanemployees.Thecontractorsmaypossessspecialskillsorknowledgeandarelikelytotakeuniqueapproachestotestthesecuritymeasures.

 

91.                Brieflydescribehoweducatingemployeesandcontractworkersisacriticalpartofimplementingtrustworthy

 

ANSWER: Anongoingsecurityproblemforcompaniesiscreatingandenhancinguserawarenessofsecuritypolicies.Employeesandcontractworkersmustbeeducatedabouttheimportanceofsecurity,sotheywillbemotivatedtounderstandandfollowthesecuritypolicies.Often,thiscanbeaccomplishedbydiscussingrecentsecurityincidentsthataffectedtheorganization.Usersmustunderstandthattheyareakeypartofthesecuritysystemandthattheyhavecertainresponsibilities.Forexample,usersmusthelpprotectanorganization’sinformationsystemsanddatabydoingthefollowing:

 

• Guardingtheirpasswordstoprotectagainstunauthorizedaccesstotheiraccounts
• Prohibitingothersfromusingtheirpasswords
• Applyingstrictaccesscontrols(fileanddirectorypermissions)toprotectdatafromdisclosureordestruction
• Reportingallunusualactivitytotheorganization’sITsecuritygroup
• Ensuringthatportablecomputinganddatastoragedevicesareprotected(hundredsofthousandsoflaptopsarelostorstolenperyear)

 

CH05_Freedom_of_Expression

 

1.   AnonymouspoliticalexpressionplayedanimportantroleintheearlyformationoftheUnited

1.   True

2.   False

 

ANSWER: True

 

2.   TheFifthAmendmentprotectsAmerican’srightstofreedomofreligionandfreedomof

1.   True

2.   False

 

ANSWER: False

 

3.   TheSupremeCourthasruledthattheFifthAmendmentprotectstherighttospeakanonymouslyaspartofthe

1.   True

2.   False

 

ANSWER: False

 

4.   Ingeneral,thecloseranInternetserviceprovider(ISP)istoapureserviceproviderthantoacontentprovider,themorelikelythattheSection230immunityoftheCommunicationsDecencyAct(CDA)will

1.   True

2.   False

 

ANSWER: True

 

5.   Anoraldefamatorystatementis

1.   True

2.   False

 

ANSWER: False

 

6.   Withdynamiccontentfiltering,eachWebsite’scontentisevaluatedimmediatelybeforeitisdisplayed,using

techniquessuchasobjectanalysisandimagerecognition.

1.   True

2.   False

 

ANSWER: True

 

7.   Typically,Internetserviceproviders(ISPs)havetheresourcestoprescreenonline

1.   True

2.   False

 

ANSWER: False

 

 

8.   Anti-SLAPPlawscanidentifywhetherthereareanymeritstoa

1.   True

2.   False

 

ANSWER: True

 

9.   ThegoaloftheChildOnlineProtectionAct(COPA)wastoprotectchildrenfromharmfulmaterialontheWorldWideWeb,however,itwasruled

1.   True

2.   False

 

ANSWER: True

 

10.                Overtheyears,anumberoffederal,state,andlocallawshavebeenfoundunconstitutionalbecausetheyviolatedoneofthetenetsoftheFirst

1.   True

2.   False

 

ANSWER: True

 

11.                WithURLfiltering,aparticularURLordomainnameisidentifiedasanobjectionablesiteandtheuserisnotallowed

1.   True

2.   False

 

ANSWER: True

 

12.                Free-speechadvocatesbelievethatpurchasingadultpornographicmaterialisillegalandwrongevenforconsenting

1.   True

2.   False

 

ANSWER: False

 

13.                Therighttofreedomofexpressionisrestrictedwhentheexpressions,whetherspokenorwritten,areuntrueandcauseharmtoanother

1.   True

2.   False

 

ANSWER: True