Is an attacker or formerly trusted insider stealing information from a computer system and demanding compensation for its return or non use?

2. Why is data the most important asset an organization possesses? What other assets in the organization require protect?
Data in an organization represents its transaction records and its ability to deliver to its customer. Without this the organization would not be able to carry out day to day work.

3. Which management groups are responsible for implementing information security to protect the organization’s ability to function?
Both management and IT management are responsible for implementing security to protect an organizations ability to function.

4. Has the implementation of networking technology created more or less risk for businesses that use information technology? Why?
Networking is usually considered to have created more risk for businesses that use information security. The reason is that potential attackers have reader access to the information system.

5. What is information extortion? Describe how such an attack can cause losses, using an example not found in the text
Information extortion is the act of an attacker or trusted insider who steals information from a computer system and demand compensation for its return or for an agreement not to disclose the information. For example the hacking group Rex Mundi went on a public blitz, claiming it had managed to steal customer records for 650,000 European Domino's Pizza customers. The group said it stole the records from the pizza chain's website, which had used only an MD5 hash to encrypt the data. Rex Mundi threatened to release those records if the company didn't pay it a ransom of €30,000 ($40,800) by Monday of last week.

6. Why are employees one of the greatest threats to information security?
Employee mistakes can easily lead to the following, classified data, accidental deletion, or modification of data, storage of data in unprotected areas and failure to protect information.

7. How can you protect against shoulder surfing?
Some ways an individual can protect against shoulder surfing is to shield your computer when typing personal information, be aware of your surroundings.

8. How has the perception of the hacker changed over recent years? What is the profile of a hacker today?
Hackers can spend long hour examining type and structures of the targeted system. The profile of a hacker today is aged 12 to 60, male or female, unknown background with varying technical skill level.

9. What is the difference of a skilled hacker and an unskilled hacker, other than skills level? How does the protection against each differ?
Skilled hackers are those who develop software scripts and programs. Unskilled hackers have limited skills who use expertly written software to attack a system. As a result of preparation and continued vigilance, attacks by scripts are usually predictable and can be adequately defended against.

10. What are the various types of malware? How do worms differ from viruses? Do Trojan horses carry viruses or worms?
Types of malware are viruses, worm, Trojan horses, DOS attacks, logic bombs and back door. Worms differ from viruses because they do not require a host file to replicate. A worm will usually utilize flaws in a network. Trojan horses carry viruses.

11. Why does polymorphism cause greater concern that traditional malware? How does it affect detection?
Polymorphism causes greater concern the traditional malware because it changes it appears to anti-virus software programs making it undetectable. It affects detection because they change their size and the external file characteristics so they are not detected by anti-virus programs.

12. What is the most common violation of intellectual property? How does an organization protect against it? What agencies fight it?
The most common violation of intellectual property is the unlawful use or duplication pf software. Organizations protect against this with the use of copyright and license agreement that everyone must agree before they can use the purchased software.

13. What are the various forces of nature? Which type might be of greatest concern to an organization in Las Vegas? Jakarta? Oklahoma City? Amsterdam? Miami? Tokyo?
The various forces of nature are fire, floods, lightning, tornadoes, earthquakes, hurricanes.
Concerns in Las Vegas is earthquakes, Miami is flood, Oklahoma City is tornadoes, and LA is earthquake and lightning.

14. How is technological obsolescence a threat to information security? How can an organization protect against it?
Technological obsolescence is a threat to information technology because of outdated technology. Organizations can protected by keeping technology up to date.

15. Does the intellectual property owned by an organization usually have value? If so, how can attackers threaten that value?
Yes, many organizations create or support the development of intellectual property as a part of their business operations. Intellectual property losses may result from the successful exploitation of vulnerabilities in asset protection controls.

16. What are the types of password attacks? What can a systems administrator do to protect against them?
The types of password attacks are brute force, cracking, and dictionary and rainbow table. Using best practice polices like the 10.3 password rule and systems that allow case-sensitive passwords.

17. What is the difference between a denial-of-service attack and a distributed denial-of-service attack? Which is more dangerous? Why?
The difference is denial-of-service attack is a hacker compromises a system uses that system to attack the target computer. Distributed denial-of-service attacks dozen or even hundreds of computers. The distributed denial-of-service (DDoS) is more dangerous because they are difficult to defend against and currently there are no controls that any single organization can apply.

18. For a sniffer attack to succeed, what must the attacker do? How can an attacker gain access to a network to use the sniffer system?
The attacker must first gain access to a network to install the sniffer. This is done by using social engineering to get into the building to plant a physical sniffer device.

19. What methods does a social engineering hacker use to gain information about a user’s login D and password? How would this method differ if it targeted an administrator’s assistant versus a data-entry clerk?
Methods of how a social engineering hacker use to gain information is posing as an organization’s IT professional to gain access to systems by contacting low-level employees. Posing as a friendly help-desk or repair technician, asks for their username and password.

20. What is a buffer overflow, and how is it used against a Web server?
A buffer overflow is an application error that occurs when more data is sent to a program buffer than it is designed to handle. On the webserver the attacker runs a executable code to manipulate files directly or creating backdoor for later use.