CHAPTER SUMMARY

Now that you understand the impact of a security breach and how attackers often combine several attack vectors in a single breach incident, you will be able to design access controls that mitigate those attack vectors. You will also be less likely to underestimate weak access controls.

KEY CONCEPTS AND TERMS

Breach

California Identity Theft Statute

Computer Fraud and Abuse Act (CFAA)

Data Encryption Standard (DES) encryption

Digital Millennium Copyright Act (DMCA)

Hash salt

LAN Manager (LM) hash

NT LAN Manager (NTLM) hash

Privacy impact assessment (PIA)

Radio Frequency Identification (RFID) badge

Shadow password file

World Intellectual Property Organization (WIPO)

CHAPTER 15 ASSESSMENT

  1. Information security falls strictly under the jurisdiction of federal law—state law does not restrict information security practices.
    1. True
    2. False
  2. The CEO of a major company received an email message requesting her password. The message claimed to be from the organization’s help desk, but it was actually sent by an attacker. What term best describes this attack?
    1. Phishing
    2. Eavesdropping
    3. Denial of service
    4. System exploit
  3. Under DMCA, Internet service providers must immediately block access to content that infringes on the copyright of another individual or group upon receiving proper notice from the copyright owner.
    1. True
    2. False
  4. A(n) _____ is a comprehensive process for determining the privacy, confidentiality, and security risks associated with the collection, use, and disclosure of personal information.
  5. Which of the following are effective physical security policies?
    1. All physical security must comply with all applicable regulations such as building and fire codes.
    2. Access to secure computing facilities will be granted only to individuals with a legitimate business need for access.
    3. All secure computing facilities that allow visitors must have an access log.
    4. Visitors must be escorted at all times.
    5. All of the above.
  6. What are the two primary causes of access control failure discussed in the chapter? (Select two.)
    1. People
    2. Planning
    3. Technology
    4. Follow-up analysis
  7. Which of the following are types of security breaches? (Select all that apply.)
    1. System exploits
    2. DoS attacks
    3. PII
    4. Eavesdropping
    5. Social engineering
  8. Anything from an organization’s operating system to its choice of web browser or instant messaging client could be an access point for unauthorized access to the systems.
    1. True
    2. False
  9. When should a privacy impact assessment be performed?
    1. During the planning stages of a new system
    2. After a new system is designed
    3. After a new system is implemented
    4. After a security breach
  10. The two most common motives for a security breach are monetary gain and _____.
  11. A security breach can result in criminal penalties as well as financial losses.
    1. True
    2. False
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.233.150