CHAPTER SUMMARY

This chapter discussed how human nature both insists upon access control and fights against it. You read about how a skilled social engineer can exploit human nature to obtain unauthorized access to information and systems, and how training, organizational culture, and employee support can mitigate the weaknesses that human nature introduces into any access control system.

KEY CONCEPTS AND TERMS

Disgruntled employee

Hacker

Human nature

Pretexting

Separation of duties

Social engineering

Target

Two-person control

CHAPTER 3 ASSESSMENT

  1. Generally, hackers are motivated by ________ and ________.
  2. A target is a system or network that contains valuable data and has attracted the notice of the hacker.
    1. True
    2. False
  3. A typical social engineering strategy involves which of the following?
    1. Assumed identity
    2. Believability
    3. Multiple contacts
    4. Requests for information
    5. A and B only
    6. All of the above
  4. What element of human nature does a social engineer exploit?
    1. Fear
    2. Ambition
    3. Trust
    4. Desire for status
    5. Greed
  5. An employer can obtain an applicant’s driving records as part of a pre-employment background check.
    1. True
    2. False
  6. An employer can obtain an applicant’s medical history and credit reports without special consent of the applicant.
    1. True
    2. False
  7. Passive-aggressive behavior can be an indicator of a ________ employee.
  8. Prior to or during an employee termination meeting, which of the following should be locked or changed?
    1. The employee’s workstation and network accounts
    2. The employee’s email account(s)
    3. Passwords for online accounts accessible to the employee
    4. The employee’s accounts on databases and file servers
    5. All of the above
  9. Two-way communication is critical to the organizational structure model of access control.
    1. True
    2. False
  10. Which of the following can help uncover dishonesty, such as fraud or theft, in the workplace? (Select two.)
    1. Mandatory vacation
    2. Pre-employment checks
    3. Job rotation
    4. Ethics training
  11. ________ is designed to eliminate the opportunity for theft, fraud, or other harmful activity.
  12. Access owners are responsible for maintaining a list of authorized users.
    1. True
    2. False
  13. Informing employees of security and acceptable use policies during orientation is sufficient training.
    1. True
    2. False
  14. Human resources should be an integral part of enforcing security policy.
    1. True
    2. False
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.223.32.230