Managing information security has more to do with policy and enforcement rather than technology. Management must address information security in terms of business impact and the cost. 2. Why is data the most important asset an organization possesses? What other assets in the organization require protect? Show
3. Which management groups are responsible for implementing information security to protect the organization’s ability to function? 4. Has the implementation of networking technology created more or less risk for
businesses that use information technology? Why? 5. What is information extortion? Describe how such an attack can cause losses, using an example not found in the text
6. Why are employees one of the greatest threats to information security? 7. How can you protect against shoulder surfing? 8. How has
the perception of the hacker changed over recent years? What is the profile of a hacker today? 9. What is the difference of a skilled hacker and an unskilled hacker, other than skills level? How does the protection against each differ? 10. What are the various types of malware? How do worms differ from viruses? Do Trojan horses carry viruses or worms? 11. Why does polymorphism cause greater concern that traditional malware? How does it affect detection? 12. What is the most common violation of intellectual property? How does an organization protect against it? What agencies fight it? 13. What are the various forces of nature? Which type might be
of greatest concern to an organization in Las Vegas? Jakarta? Oklahoma City? Amsterdam? Miami? Tokyo? 14. How is technological obsolescence a threat to information security? How can an organization protect against it? 15. Does the intellectual property owned by an organization usually have value? If so, how can attackers threaten that value? 16. What are the types of password attacks? What can a systems administrator do to protect against them? 17. What is the difference between a denial-of-service attack and a distributed denial-of-service attack? Which is more dangerous? Why? 18. For a sniffer attack to succeed, what must the attacker do? How can an attacker gain access to a network to use the sniffer system? 19. What methods does a social engineering hacker use to gain information about a user’s login D and password? How would this method differ if it targeted an administrator’s assistant versus a data-entry clerk? 20. What is a buffer overflow, and how is it used against a Web server? When an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it?Information extortion occurs when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. Extortion is common in credit card number theft.
When the attacker gains access to system or network using known or previously unknown access mechanism this is called?Cards
Which type of attacker will hack systems to conduct terrorist activities via network or Internet pathways?Cyberterrorists hack systems to conduct terrorist activities via network or Internet pathways.
What is deliberate software attacks?Deliberate Software Attacks
When an individual or group designs software to attack systems, they create malicious code/software called malware. Designed to damage, destroy, or deny service to the target systems.
|