Chat with us, powered by LiveChat Review Questions - EssayAbode

13 Mar Review Questions

Posted at 08:41h in General Questions by

Chapter 2:

1. Why is information security a management problem? What can management do that

technology cannot?

2. Why is data the most important asset an organization possesses? What other assets in

the organization require protection?

3. Which management groups are responsible for implementing information security to

protect the organization’s ability to function?

4. Has the implementation of networking technology created more or less risk for businesses that use information technology? Why?

5. What is information extortion? Describe how such an attack can cause losses, using an

example not found in the text.

6. Why are employees one of the greatest threats to information security?

7. How can you protect against shoulder surfing?

8. How has the perception of the hacker changed over recent years? What is the profile of

a hacker today?

9. What is the difference between a skilled hacker and an unskilled hacker, other than

skill levels? How does the protection against each differ?

10. What are the various types of malware? How do worms differ from viruses? Do Trojan

horses carry viruses or worms?

11. Why does polymorphism cause greater concern than traditional malware? How does it

affect detection?

12. What is the most common violation of intellectual property? How does an organization

protect against it? What agencies fight it?

13. What are the various forces of nature? Which type might be of greatest concern to an

organization in Las Vegas? Jakarta? Oklahoma City? Amsterdam? Miami? Tokyo?

14. How is technological obsolescence a threat to information security? How can an organization protect against it?

15. Does the intellectual property owned by an organization usually have value? If so, how

can attackers threaten that value?

16. What are the types of password attacks? What can a systems administrator do to protect against them?

17. What is the difference between a denial-of-service attack and a distributed denialof-service attack? Which is more dangerous? Why?

18. For a sniffer attack to succeed, what must the attacker do? How can an attacker gain

access to a network to use the sniffer system?

19. What methods does a social engineering hacker use to gain information about a user’s

login ID and password? How would this method differ if it targeted an administrator’s

assistant versus a data-entry clerk?

20. What is a buffer overflow, and how is it used against a Web server?

 

 

Chapter 3:

Review Questions

1. What is the difference between law and ethics?

2. What is civil law, and what does it accomplish?

3. What are the primary examples of public law?

4. Which law amended the Computer Fraud and Abuse Act of 1986, and what did it change?

5. Which law was created specifically to deal with encryption policy in the United States?

6. What is privacy in an information security context?

7. What is another name for the Kennedy-Kassebaum Act (1996), and why is it important

to organizations that are not in the healthcare industry?

8. If you work for a financial services organization such as a bank or credit union, which

1999 law affects your use of customer data? What other effects does it have?

9. What is the primary purpose of the USA PATRIOT Act and how has it been revised

since its original passage?

10. What is PCI DSS and why is it important for information security?

11. What is intellectual property (IP)? Is it afforded the same protection in every country of

the world? What laws currently protect IP in the United States and Europe?

12. How does the Sarbanes-Oxley Act of 2002 affect information security managers?

13. What is due care? Why should an organization make sure to exercise due care in its

usual course of operations?

14. How is due diligence different from due care? Why are both important?

15. What is a policy? How is it different from a law?

16. What are the three general categories of unethical and illegal behavior?

17. What is the best method for preventing an illegal or unethical activity?

18. Of the information security organizations listed in this chapter that have codes of

ethics, which has been established for the longest time? When was it founded?

19. Of the organizations listed in this chapter that have codes of ethics, which is focused on

auditing and control?

 

20. How do people from varying ethnic backgrounds differ in their views of computer ethics?

Related Tags

Academic APA Assignment Business Capstone College Conclusion Course Day Discussion Double Spaced Essay English Finance General Graduate History Information Justify Literature Management Market Masters Math Minimum MLA Nursing Organizational Outline Pages Paper Presentation Questions Questionnaire Reference Response Response School Subject Slides Sources Student Support Times New Roman Title Topics Word Write Writing