Now that you understand the impact of a security breach and how attackers often combine several attack vectors in a single breach incident, you will be able to design access controls that mitigate those attack vectors. You will also be less likely to underestimate weak access controls.
Information security falls strictly under the jurisdiction of federal law—state law does not restrict information security practices.
True
False
The CEO of a major company received an email message requesting her password. The message claimed to be from the organization’s help desk, but it was actually sent by an attacker. What term best describes this attack?
Phishing
Eavesdropping
Denial of service
System exploit
Under DMCA, Internet service providers must immediately block access to content that infringes on the copyright of another individual or group upon receiving proper notice from the copyright owner.
True
False
A(n) _____ is a comprehensive process for determining the privacy, confidentiality, and security risks associated with the collection, use, and disclosure of personal information.
Which of the following are effective physical security policies?
All physical security must comply with all applicable regulations such as building and fire codes.
Access to secure computing facilities will be granted only to individuals with a legitimate business need for access.
All secure computing facilities that allow visitors must have an access log.
Visitors must be escorted at all times.
All of the above.
What are the two primary causes of access control failure discussed in the chapter? (Select two.)
People
Planning
Technology
Follow-up analysis
Which of the following are types of security breaches? (Select all that apply.)
System exploits
DoS attacks
PII
Eavesdropping
Social engineering
Anything from an organization’s operating system to its choice of web browser or instant messaging client could be an access point for unauthorized access to the systems.
True
False
When should a privacy impact assessment be performed?
During the planning stages of a new system
After a new system is designed
After a new system is implemented
After a security breach
The two most common motives for a security breach are monetary gain and _____.
A security breach can result in criminal penalties as well as financial losses.