Review Questions Chapter 2
Download Review Questions Chapter 2...
1. Why is information security a management problem? What can management do that technology cannot? Management is responsible for implementing information security to protect the ability of the organization to function. They must set policy and operate the organization in a manner t hat complies with the laws that govern the use of technology. Technology alone cannot solve information security issues. Management must make policy choices and enforce those policies to protect the value of the organization or ganization’s data. 2. Why is data the most important asset an o rganization possesses? What other assets in the organization require protection? Data is important to an organization because without it an organization will lose its re cord of transactions and/or its ability to furnish valuable deliverables to its customers. Other assets that require protection include the ability of the organization to function, the safe operation of applications, and technology assets. 3. Which management groups are responsible for implementing information security to protect the organization’s ability to function?
Both general management and IT management are r esponsible for implementing information security. 4. Has the implementation of networking technology created more or less r isk for businesses that use information technology? Why? The implementation of networking technology has created more risk for businesses that use information technology because business networks are now connected to the internet and other networks external to the organization. This has made it easier for people to g ain unauthorized access to the organization’s networks. 5. What is information extortion? Describe how such an attack can cause losses, using an example not found in the text. Information extortion occurs when an attacker steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. For example, if a hacker gains unauthorized access to a celebrity’s computer and discovers embarrassing photos
or videos of the star, he could then blackmail the star into giving him money in exchange for keeping the photos quiet. This causes not only a monetary loss for the celebrity, but also a loss of privacy and security. 6. Why do employees constitute one of the greatest threats to information security? Employees constitute one of the greatest threats to information security because employee mistakes can lead to the revelation of classified data, entry of e rroneous data, accidental deletion or modification of data, the storage of data in unprotected areas, or they could fail to follow procedures to protect data.
7. What measures can individuals take to protect against shoulder surfing? Individuals can protect themselves against shoulder surfing by not accessing personal or private information when another person is present and can see what is being entered. 8. How has the perception of the hacker changed over recent years? What is the profile of a hacker today? The perception of a hacker has evolved from being a male, age 13-18, with limited parental supervision who spends all his free time at the computer to the current profile of being male or female, aged 12-60, with varying te chnical skill who could be internal or external to an organization. 9. What is the difference between a skilled hacker and an unskilled hacker (other than skill levels)? How does the protection against each differ? An expert hacker is one who develops software scripts and codes to exploit unknown vulnerabilities. An expert hacker is a master of several programming languages, networking protocols, and operating systems. An unskilled hacker is one who uses scripts and code developed by skilled hackers. They rarely create or write their own hacks, and are unskilled in programming languages, networking protocols, and operating systems. Protecting against expert hackers is difficult because they use newly developed attack code not yet detectable by anti-virus programs. Protecting against unskilled hackers is easier because they use hacking codes that are publicly available and can be thwarted by simply staying up-to-date on the latest software patches and being aware of the latest tools being published by expert hackers. 10. What are the various types of malware? How do worms differ from viruses? Do Trojan horses carry viruses or worms? The various types of malware include: viruses, worms, Trojan horses, logic bombs, and back doors. Worms differ from viruses in that they do not require a program environment to replicate itself. Trojan horses can disguise both viruses and/or worms as a non-threatening piece of software to get it into a computer network. 11. Why does polymorphism cause greater concern than traditional malware? How does it affect detection? Polymorphism causes greater concern than tr aditional malware because the malicious code changes the way it appears over time which makes these threats harder to detect. An ti-virus software is not able to detect the signature of the virus after it changes making the anti-virus software ineffective. 12. What is the most common form of violation of intellectual property? How does an o rganization protect against it? What agencies fight it? The most common form of violation of intellectual property involves the unlawful use or duplication of software-based intellectual property, or software piracy. Some ways that an
organization can protect against it are digital watermarks, embedded code, copyright codes, and requiring an online registration to be able to use all of the software features. There are two organizations that investigate software piracy , the Software and Information Industry Association (SIIA) and the Business Software Alliance (BSA). 13. What are the various types of force majeure? Which type might be of greatest concern to an organization in Las Vegas? Oklahoma City? Miami? Los Angeles? Force majeure refers to forces of nature, or acts of God, that people do not have control over. Some examples of force majeure include fires, floods, earthquakes, lightning strikes, landslides, tornados, windstorms, hurricanes, tsunamis, electrostatic discharge, and dust contamination. The greatest concern for an organization in Las Veg as might be dust contamination, in Oklahoma City tornados, in Miami hurricanes, and in Los Angeles earthquakes. 14. How does technological obsolescence constitute a threat to information security? How can an organization protect against it? Technological obsolescence occurs when an organization’s computer infrastructure becomes outdated, which leads to unreliable and untrustworthy systems. As a result, there is a risk of loss of data integrity from attacks. Two ways to prevent against t his is through proper planning by management and systematic replacement of outdated technologies. 15. Does the intellectual property owned by an organization usually have value? If so, how can attackers threaten that value? The intellectual property owned by an organization does have value. The weight of the value depends on the type and popularity of the intellectual property. Attackers can threaten that value because they can gain access to that data and make the property public so that the organization does not have exclusive use of the intellectual property anymore. 16. What are the types of password attacks? What can a systems administrator do to protect against them? The types of password attacks are password cracks, brute force and dictionary attacks. To protect against password attacks, security administrators can implement controls that limit the number of password entry attempts allowed, require the use of numbers and special characters in passwords, and restrict the use of passwords that are found in a dictionary. 17. What is the difference between a denial-of-service attack and a distributed denial-of-service attack? Which is more dangerous? Why? A denial-of-service attack is accomplished when an attacker sends a large number of connection or information requests to a target and t herefore overloading the system. A distributed denialof-service attack is where an attacker coordinates a stream of requests against a target from many different locations and overloading the system. Distributed denial-of-service attacks are more dangerous because there are no definitive controls that an organization can implement to defend against such an attack.
18. For a sniffer attack to succeed, what must the attacker do? How can an attacker gain access to a network to use the sniffer system? In order for a sniffer attack to succeed, an attacker must gain access to a network in order to install the sniffer. An attacker could use social engineering to trick an em ployee of an organization into giving him access to the network. 19. What methods does a social engineering hacker use to gain information about a user’s login id and password? How would this method differ if it were tar geted towards an administrator’s assistant versus a data-entry clerk? Social engineering is the process of using social skills to convince people to reveal access information and/or other important information. An example of this could be a hacker posing as an executive of an organization calling to retrieve information. The hacker could also pose as a new hire or other employee of the organization begging for information to prevent getting fired. An attack targeted toward a data-entry clerk could be successful by just mentioning an executive’s name and threatening the wrath of the executive if they do not get certain
information. An attack targeting an administrative assistant would probably need more details and other information to make the inquiries more credible. 20. What is a buffer overflow, and how is it used against a Web server? A buffer overflow is an application error that occurs when more data is sent to a program buffer than it can handle. These types of errors can be used against a web server by attaching malicious code at the end of the extra data allowing the attacker to take over the server and run any code that the attacker wants.