1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source

1.1. Too many usersToo many users

2.2. Technical factorsTechnical factors

3.3. Organizational factorsOrganizational factors

4.4. Environmental factorsEnvironmental factors

5.5. Poor management decisionsPoor management decisions

Which of the following Which of the following

is is notnot a source of a source of

common threats against common threats against

contemporary contemporary

information systems? information systems?

1.1. Too many usersToo many users

2.2. Technical factorsTechnical factors

3.3. Organizational factorsOrganizational factors

4.4. Environmental factorsEnvironmental factors

5.5. Poor management decisionsPoor management decisions


is is notnot a source of a source of

common threats against common threats against

contemporary contemporary

information systems?information systems?

In the multitier client/server computing environment, vulnerabilities In the multitier client/server computing environment, vulnerabilities exist at each layer and in the communications between the layers.exist at each layer and in the communications between the layers.

1.1. eavesdropping.eavesdropping.

2.2. war driving.war driving.

3.3. driving interception.driving interception.

4.4. wireless interception.wireless interception.

5.5. Not sureNot sure

The act of The act of

eavesdroppers eavesdroppers

driving by buildings driving by buildings

or parking outside or parking outside

and intercepting and intercepting

wireless network wireless network

traffic is called…traffic is called…

1.1. eavesdropping.eavesdropping.

2.2. war driving.war driving.

3.3. driving interception.driving interception.

4.4. wireless interception.wireless interception.

5.5. Not sureNot sure

The act of The act of

eavesdroppers eavesdroppers

driving by buildings driving by buildings

or parking outside or parking outside

and intercepting and intercepting

wireless networkwireless network

traffic is called… traffic is called…

Wireless networks in many locations do not have basic protections against Wireless networks in many locations do not have basic protections against war driving, thereby leaving the networks susceptible to eavesdropping and war driving, thereby leaving the networks susceptible to eavesdropping and transmission interceptions.transmission interceptions.

1.1. spyware.spyware.

2.2. spam.spam.

3.3. groupware.groupware.

4.4. malware.malware.

5.5. macroware.macroware.

Computer viruses, Computer viruses,

worms, and Trojan worms, and Trojan

horses are collectively horses are collectively

called…called…


2.2. spam.spam.

3.3. groupware.groupware.

4.4. malware.malware.

5.5. macroware.macroware.

Computer viruses, Computer viruses,

worms, and Trojan worms, and Trojan

horses are collectively horses are collectively

called…called…

Malicious software programs are referred to as malware and constitute major threats to corporate and private systems.

1.1. Trojan horse.Trojan horse.

2.2. worm.worm.

3.3. virus.virus.

4.4. spoofer.spoofer.

5.5. spammer. spammer.

A rogue software A rogue software

program that attaches program that attaches

itself to other software itself to other software

programs or data files programs or data files

in order to be executed in order to be executed

is called a…is called a…


2.2. worm.worm.

3.3. virus.virus.


5.5. spammer .spammer .

A rogue software A rogue software

program that attaches program that attaches

itself to other software itself to other software

programs or data files programs or data files

in order to be executed in order to be executed

is called a…is called a…

Most computer viruses deliver a “payload” that may be relatively benign or highly destructive. Viruses typically spread from computer to computer when humans send an infected e-mail or copy an infected file.


2.2. worm.worm.

3.3. virus.virus.


5.5. spammer.spammer.

A software program A software program

that appears to be that appears to be

benign, but then does benign, but then does

something other than something other than

expected is called a…expected is called a…


2.2. worm.worm.

3.3. virus.virus.


5.5. spammer. spammer.

A software program A software program

that appears to be that appears to be

benign, but then does benign, but then does

something other than something other than

expected is called a…expected is called a…

A Trojan horse is not itself a virus because it does not replicate, but is often a way for viruses or other malicious code to be introduced into a computer system.

1.1. Trojan horseTrojan horse

2.2. worm.worm.

3.3. virus.virus.



An independent computer An independent computer

program that copies itself program that copies itself

from one computer to from one computer to

others over a network and others over a network and

operates on its own is operates on its own is

referred to as a … referred to as a …


2.2. worm.worm.

3.3. virus.virus.



An independent computer An independent computer

program that copies itself program that copies itself

from one computer to from one computer to

others over a network and others over a network and

operates on its own is operates on its own is

referred to as a …referred to as a …

Worms rely less on human behavior in order to spread from computer to computer than do viruses. This explains why computer worms spread much more rapidly than computer viruses.

1.1. a spoofer.a spoofer.

2.2. a sniffer.a sniffer.


4.4. spam.spam.

5.5. spybot.spybot.

A type of eavesdropping A type of eavesdropping

program that monitors program that monitors

information traveling information traveling

over a network is known over a network is known

as… as…

1.1. a spoofer.a spoofer.

2.2. a sniffer.a sniffer.


4.4. spam.spam.

5.5. spybot.spybot.

A type of eavesdropping A type of eavesdropping

program that monitors program that monitors

information traveling information traveling

over a network is known over a network is known

as…as…

When used legitimately, sniffers can help identify potential network trouble-spots or criminal activity on networks, but when used for criminal purposes, they can be damaging and difficult to detect.

1.1. spoofing.spoofing.

2.2. identity theft.identity theft.

3.3. denial of service attack.denial of service attack.

4.4. fraud.fraud.

5.5. breach of confidentiality.breach of confidentiality.

A crime in which an A crime in which an

imposter obtains key imposter obtains key

pieces of personal pieces of personal

information in order to information in order to

impersonate another impersonate another

person is known as…person is known as…

1.1. spoofing.spoofing.

2.2. identity theft.identity theft.

3.3. denial of service attack.denial of service attack.

4.4. fraud.fraud.

5.5. breach of confidentiality.breach of confidentiality.

A crime in which an A crime in which an

imposter obtains key imposter obtains key

pieces of personal pieces of personal

information in order to information in order to

impersonate another impersonate another

person is known as…person is known as…

Identity theft is the fastest growing crime in the United States. Stolen information can be used to obtain credit, merchandise, or services in the name of the victim or to provide the thief with false credentials.

1.1. phishing.phishing.

2.2. faking.faking.

3.3. spotting.spotting.

4.4. denial of service.denial of service.

5.5. theft.theft.

The act of setting up fake The act of setting up fake

Web sites or sending Web sites or sending

emails that look like those emails that look like those

of legitimate businesses of legitimate businesses

asking users for asking users for

confidential personal data confidential personal data

is called…is called…

1.1. phishing.phishing.

2.2. faking.faking.

3.3. spotting.spotting.

4.4. denial of service.denial of service.

5.5. theft. theft.

The act of setting up fake The act of setting up fake

Web sites or sending Web sites or sending

e-mails that look like those e-mails that look like those

of legitimate businesses of legitimate businesses

asking users for asking users for

confidential personal data confidential personal data

is called…is called…

The e-mail instructs recipients to update or confirm records by providing social security numbers, bank and credit card information, and other confidential data by responding to the

e-mail or by entering the information at a bogus Web site.

1.1. the competition.the competition.

2.2. customers.customers.

3.3. suppliers.suppliers.

4.4. the government.the government.

5.5. insiders.insiders.

The largest financial The largest financial

threats to business threats to business

institutions come institutions come

from… from…

1.1. the competition.the competition.



4.4. the government.the government.

5.5. insiders.insiders.

The largest financial The largest financial

threats to business threats to business

institutions come institutions come

from…from…

Some of the largest disruptions to service, destruction of e-commerce sites, and diversion of customer credit data and personal information have come from insiders—once trusted employees.



3.3. business partners.business partners.

4.4. employees.employees.

5.5. networks.networks.

A major source of errors A major source of errors

introduced into an introduced into an

information system comes information system comes

from…from…



3.3. business partners.business partners.

4.4. employees.employees.

5.5. networks.networks.

A major source of errors A major source of errors

introduced into an introduced into an

information system comes information system comes

from…from…

Employees—both end users and information systems specialists—can introduce errors by entering faulty data or by not following the proper instructions for processing data and using computer equipment.

1.1. customer input.customer input.

2.2. supplier access.supplier access.

3.3. presence of hidden bugs.presence of hidden bugs.

4.4. network access points.network access points.

5.5. business partner input.business partner input.

A major problem with A major problem with

software is…software is…

1.1. customer input.customer input.

2.2. supplier access.supplier access.

3.3. presence of hidden bugs.presence of hidden bugs.

4.4. network access points.network access points.

5.5. business partner input.business partner input.

A major problem with A major problem with

software is…software is…

Studies have shown that it is virtually impossible to eliminate all bugs from large programs. The main source of bugs is the complexity of decision-making code.

1.1. HIPAAHIPAA

2.2. Gramm-Leach-Bliley ActGramm-Leach-Bliley Act

3.3. Sarbanes-Oxley Act of 2002Sarbanes-Oxley Act of 2002

4.4. ISO 17799ISO 17799

5.5. Child Decency ActChild Decency Act


pieces of government pieces of government

legislation was designed legislation was designed

to protect investors from to protect investors from

financial scandals? financial scandals?

1.1. HIPAAHIPAA

2.2. Gramm-Leach-Bliley ActGramm-Leach-Bliley Act

3.3. Sarbanes-Oxley Act of 2002Sarbanes-Oxley Act of 2002

4.4. ISO 17799ISO 17799

5.5. Child Decency ActChild Decency Act


pieces of government pieces of government

legislation was designed legislation was designed

to protect investors from to protect investors from

financial scandals?financial scandals?

This Act imposes responsibility on companies and their management to safeguard the integrity of the information that is used internally and released externally. The Act has had a significant impact on how information systems are structured and maintained.

1.1. general controls.general controls.

2.2. input controls.input controls.

3.3. processing controls.processing controls.

4.4. output controls.output controls.

5.5. network controls.network controls.

The type of control The type of control

associated with the associated with the

accuracy and accuracy and

completeness of data completeness of data

when they enter the when they enter the

system is referred to as… system is referred to as…

1.1. general controls.general controls.

2.2. input controls.input controls.

3.3. processing controls.processing controls.

4.4. output controls.output controls.

5.5. network controls.network controls.

The type of control The type of control

associated with the associated with the

accuracy and accuracy and

completeness of data completeness of data

when they enter the when they enter the

system is referred to as…system is referred to as…

There are specific input controls for input authorization, data conversion, data editing, and error handling.

1.1. Value of information assetsValue of information assets

2.2. Points of vulnerabilityPoints of vulnerability

3.3. Likely frequency of a problemLikely frequency of a problem

4.4. Potential for damagePotential for damage

5.5. Cost of erroneous dataCost of erroneous data

Which of the following is Which of the following is

notnot an element of a risk an element of a risk

assessment? assessment?

1.1. Value of information assetsValue of information assets

2.2. Points of vulnerabilityPoints of vulnerability

3.3. Likely frequency of a problemLikely frequency of a problem

4.4. Potential for damagePotential for damage

5.5. Cost of erroneous dataCost of erroneous data


notnot an element of a risk an element of a risk

assessment?assessment?

A risk assessment determines the level of risk to the firm if a specific activity or process is not properly controlled.

1.1. Ranking information risksRanking information risks

2.2. Identifying acceptable security Identifying acceptable security goalsgoals

3.3. Level of acceptable riskLevel of acceptable risk

4.4. Number of network access Number of network access pointspoints

5.5. Identifying security goalsIdentifying security goals


notnot an integral part of a an integral part of a

well-formulated security well-formulated security

policy?policy?

1.1. Ranking information risksRanking information risks

2.2. Identifying acceptable Identifying acceptable security goalssecurity goals

3.3. Level of acceptable riskLevel of acceptable risk

4.4. Number of network access Number of network access pointspoints

5.5. Identifying security goalsIdentifying security goals


notnot an integral part of an integral part of

a well-formulated security a well-formulated security

policy?policy?

The chief security officer is responsible for enforcing the firm’s security policy.

1.1. Fault-tolerant systemsFault-tolerant systems

2.2. High-availability systemsHigh-availability systems

3.3. Limiting the number of usersLimiting the number of users

4.4. Load balancingLoad balancing

5.5. Mirroring Mirroring


notnot a method of ensuring a method of ensuring

business continuity business continuity

associated with associated with


1.1. Fault-tolerant systemsFault-tolerant systems

2.2. High-availability systemsHigh-availability systems

3.3. Limiting the number of usersLimiting the number of users

4.4. Load balancingLoad balancing

5.5. Mirroring Mirroring


notnot a method of ensuring a method of ensuring

business continuity business continuity

associated with associated with


As companies increasingly rely on digital networks for their revenue and operations, they need to take additional steps to ensure that their systems and applications are always available.

1.1. Access controlAccess control

2.2. AuthenticationAuthentication

3.3. Biometric authenticationBiometric authentication

4.4. FirewallsFirewalls

5.5. Spyware Spyware


consists of all the policies consists of all the policies

and procedures a and procedures a

company uses to prevent company uses to prevent

improper system access improper system access

by unauthorized by unauthorized

outsiders?outsiders?

1.1. Access controlAccess control




5.5. Spyware Spyware


consists of all the policies consists of all the policies

and procedures a and procedures a

company uses to prevent company uses to prevent

improper system access improper system access

by unauthorized outsiders?by unauthorized outsiders?

To gain access to a system, a user must be authorized and authenticated. Access control is the first step to ensure that happens.

1.1. Intrusion Detection systemsIntrusion Detection systems




5.5. SpywareSpyware


access controls is access controls is

based on the based on the

measurement of a measurement of a

physical or behavioral physical or behavioral

trait that makes each trait that makes each

individual unique?individual unique?

1.1. Intrusion Detection systemsIntrusion Detection systems




5.5. SpywareSpyware


access controls is access controls is

based on the based on the

measurement of a measurement of a

physical or behavioral physical or behavioral

trait that makes each trait that makes each

individual unique?individual unique?

Biometric authentication represents a promising new technology that can overcome some of the limitations of passwords for authenticating system users.

1.1. secure sockets layer.secure sockets layer.

2.2. public key infrastructure.public key infrastructure.

3.3. secure hypertext transfer protocol.secure hypertext transfer protocol.

4.4. transport layer security.transport layer security.

5.5. digital certificates.digital certificates.

A method for A method for

encrypting data encrypting data

flowing over the flowing over the

Internet, but limited to Internet, but limited to

Web documents is… Web documents is…

1.1. secure sockets layer.secure sockets layer.

2.2. public key infrastructure.public key infrastructure.

3.3. secure hypertext transfer protocol.secure hypertext transfer protocol.

4.4. transport layer security.transport layer security.

5.5. digital certificates.digital certificates.

A method for A method for

encrypting data encrypting data

flowing over the flowing over the

Internet, but limited to Internet, but limited to

Web documents is…Web documents is…

S-HTTP encrypts data flowing over the Internet from Web documents. Secure sockets layer and transport layer security encrypt all data being passed between client and server.

Documents

1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source