Download MBI 600 Chapter 5 Exam Questions and Answers: Cybersecurity Concepts and Threats and more Exams Information Systems in PDF only on Docsity!
MBI 600 Chapter 5 Exam Questions With
Accurate Answers
Data incident - ANSWER an attempted or successful unauthorized access to a network, system, or application; unwanted disruption or denial of service; unauthorized use of a system for processing or storage of data; changes to system without the owners knowledge, instruction or consent Data breach - ANSWER the successful retrieval of sensitive information by an individual , group or software system Vulnerability - ANSWER a gap in IT security defenses of a network, system or application that can be exploited by a threat to gain unauthorized access Cyberthreat - ANSWER is a threat posed by means of the internet (aka cyberspace) and the potential source of malicious attempts to damage or disrupt a computer network, system or application Confidentiality - ANSWER no unauthorized data disclosure integrity - ANSWER data, documents messages and other files have not been altered in any unauthorized way availability - ANSWER data is accessible when needed by those authorized to do so 2016 biggest data breaches worldwide - ANSWER -anthem insurance -turkish general directorate of population and citizenship affairs -Korean pharmaceutical information center -U.S. office personnel management -Experian Anthem insurance breach - ANSWER health insurer identity theft breach that resulted in the theft of 78.8 million records
Turkish general directorate of population and citizenship affairs breach - ANSWER identity theft attack at the hands of a malicious outside. the attack exposed 50 million records Korean pharmaceutical information center breach - ANSWER 43 million records breached and 90% of south korean population was sold to a multinational firm US office of personnel management breach - ANSWER 22 million data breached Experian breach - ANSWER 15 million breached Hacking - ANSWER broadly defined as intentionally accessing a computer without authorization or exceeding authorized access. Various state and federal laws govern computer hacking. Hacktivist - ANSWER short for hacker-activist or someone who performs hacking to promote awareness for or otherwise support a social, political, economic or other cause. Hacking an application, system, or network without authorization, regardless of motive, is a crime. Three Classes of Hackers - ANSWER White Hat Black Hat Gray Hat White Hat - ANSWER Characteristics: Computer security specialist who breaks into protected systems and networks to test and assess their security Outcome: use their skills to improve security by exposing vulnerabilities before malicious hackers (black hats) can detect and exploit them Black Hat - ANSWER Characteristics: Person who attempts to find computer security vulnerabilities and exploit them for personal financial gain or other malicious reasons Outcome: can inflict major damage on both individual computer users and large organizations by stealing personal financial information; compromising security of major systems, or
rootkits, worms, trojan horses, ransomware, and other malicious programs used to disrupt computer or mobile operations, gather sensitive information, gain access to private computer systems. spyware - ANSWER tracking software that is not designed to intentionally damage or disable a system but to monitor or track activities Adware - ANSWER software that embeds advertisement in the application Ransomware - ANSWER type of malware that is designed to block access to a computer system until a sum of money has been paid Attack Vector - ANSWER a path or means by which a hacker can gain access to a computer or network server in order to deliver a malicious outcome. Botnets - ANSWER group of external attacking entities and is a totally different attack method/vector from malware, which is internal to the system. Zombies - ANSWER a group of infected computers, can be controlled and organized into a network of zombies on the command of a remote botmaster (also called a bot herder) Distributed Denial of Service - ANSWER Crashes a network or website by bombarding it with traffic and effectively denies service to all those legtimately using it, leaving it vulnerable to other threats Telephony denial of service - ANSWER floods a network with phone calls and keeps the callsup for long durations to overwhelm an agent or circuit and prevent legitimate callers, such as customers, partners, and suppliers from using network resources
permanent denial of service - ANSWER prevents the targets system or device from working instead of collecting data or providing some on going perverse function, its objective is to completely prevent the targets devices from functioning attack vector - ANSWER a path or means by which a hacker can gain access to a computer or network server in order to deliver a malicious outcome targets - ANSWER for cyberattacks include critical infrastructure, theft of intellectual property, identity theft, BYOD, and social media Intellectual property - ANSWER is a work or invention that is the result of creativity that has commercial value. Includes copyrighted property such as a blueprint, manuscript or a design, and is protected by law from unauthorized use by others. can represent more than 80% of a company's value. Losing customer data to hackers can be costly and embarrassing but losing intellectual property, commonly known as trade secrets, could threaten a company's existence. Identity Theft - ANSWER one of the worst and most prevalent cyberthreats Bring your own Device - ANSWER -employees providing their own (mobile) devices for business purposes to reduce expenses through cut purchase and maintenance costs. -Roughly 74% of U.S. organizations are using or planning to use BYOD -Cuts business costs by not having to purchase and maintain employees' mobile devices -Security risk: mobile devices rarely have strong authentication, access controls, and encryption even though they connect to mission-critical data and cloud services. Could
Internal Controls - ANSWER a process to ensure that sensistive data are protected and accurate designed to achieve reliability of financial reporting, operational efficiency, compliance with laws and safeguarding of assets Major objectives of Defense Strategies - ANSWER Prevention and deterrence Detection Contain the Damage (damage control) Recovery Correction Awareness and compliance COBIT 5 - ANSWER the internationally accepted IT governance and control framework 5 principles of COBIT 5 - ANSWER 1 meeting stakeholder needs 2 covering the endterprise end to end 3 applying a single integrated framework 4 enablng a holistic approach 5 separating governance from management
