WGU C841 LEGAL ISSUES IN INFORMATION
SECURITY
What is a standard? - Answers - A list of mandatory activities that must be completed
to achieve an information security goal.
What is a procedure? - Answers - A checklist of actions that should be performed to
achieve a certain goal.
What is information security? - Answers - The types of steps an organization should
take to protect its information. The study and practice of protecting information.
What is Cryptography? - Answers - It is the practice of hiding information so that
unauthorized persons cannot read it.
What is shoulder surfing? - Answers - A type of intentional attack. It occurs when an
attacker scretly looks "over the should" of someone at a computer and tries to discover
his or her sensitive information without permission.
What is social engineering? - Answers - These attack rely heavily on human
interaction. They take advantage of how people normally talk with one another and
interact. It is not a technical attack, but rather involves tricking other people to break
security rules and share sensitive information.
What is a vulnerability? - Answers - It is a weakness or flaw in an information system.
That can be classifed into four broad categories including people, process, facility, and
technology.
What is the separation of duties? - Answers - This rule requies that two or more
employees must split critical task functions so that no one employee knows all the steps
of the critical task.
What is a patch? - Answers - It is a piece of software or code that updates a program
to address security or other operational problems.
What is an exploit? - Answers - Exploit are successful attacks against a vulnerability.
They take place in a period known as the window of vulnerability.
What is a threat? - Answers - Anything that can harm an information system.
What are the four categories of threats? - Answers - 1. Humans
2. Natural
3. Technological and operational
4. Physical and environmental.
,What is risk? - Answers - A risk is the likelihood that a threat will exploit a vulnerability
and cause harm to the organization.
What are the six categories of risks? - Answers - 1. Financial
2. System/Service
3. Operational
4. Reputational
5. Compliance
6. Strategic
What is risk analysis? - Answers - The process of reviewing known vulnerabilities and
threats.
What are the four categories to respond to risk? - Answers - 1. Risk avoidance
2. Risk Mitigation
3. Risk transfer
4. Risk acceptance.
What is risk avoidance? - Answers - It is the process of applying safeguards to avoid a
negative impact. A risk avoidance strategy seeks to eliminate all risk.
What is risk mitigation? - Answers - Organizations apply safeguards to vulnerabilities
and threats to lower risk to an acceptable level.
What is residual risk? - Answers - The amount of risk left over after applying
safeguards.
What is whaling? - Answers - It is a type of targeted phishing scam in which attackers
target corporate executives.
What are Business email compromise (BEC) attacks? - Answers - They are
sophiscated phising scams that target recepients who are responsible for processing
payments at organizations.
What is malware? - Answers - Malware is a general term that refers to any type of
software that performs some sort of harmful, unauthroized, or unknown activity. The
term malware is a combination of the words malicious and software. Malware is usally a
computer virus or worm, or a combination of one or more viruses or worms.
What is a computer virus? - Answers - These are programs that spread by infecting
applications on a computer. When the infected virus code is executed, it tries to place
intself into uninfected software.
What is a computer worm? - Answers - A computer worm is similar to a virus. Unlike a
virus, however, a computer worm is a self-contained program that does not require
,external assistance to propagate. Some well-known interent worms include the Morris
worm, SQL Slammer, and Blackworm.
What is a Trojan horse? - Answers - It is a subset of malware that pretendes to be a
legitimate and desirable software file that a user wants. In reality, it is malicious. A
Trojan horse spreads when a user downloads the seemingly legitimate file. While the
user believes a legitimate file is downloading, the Trojan horse is actually loading. This
type of malware is especially prevalent on social networking sites. Accepting virtual
"gifts" on these sites can often expose users to a nasty surprise.
What is ransomware? - Answers - It is a subset of malware that prevents organizations
and users from accessing data or information systems until they pay a ransom. The
ransomware may encrypt data to make it inaccessible, or it may lock information
systems, until an organization pays the attacker to decrypt the data or unlock the
system.
What is spyware? - Answers - Spyware is any technology that secretly gathers
information about a person or organization. Many users inadvertently download
spyware with other programs from the internet. Spyware hides on a system, where it
collects information about individuals and their internet browsing habits.
What is a keystroke logger? - Answers - It is a device or program that records
keystrokes made on a keyboard or mouse. Attackers secretly install keystroke loggers
and then are able to recover computer keyboard entries and sometimes even mouse
clicks from them. They can review the data retrieved froma keystroke logger to find
sensitive information such as usernames, passwords, and other confidential
information.
What are the three classification you can categorize safeguards based on they act? -
Answers - 1. Preventive
2. Dectective
3. Corrective.
What is a preventive control and what are some examples? - Answers - These are
safeguards used to prevent security incidents. These controls keep an incident from
happening. For example, door locks are a preventive safegaurd, because they help
keep intruders out of a locked area. Fencing around a building is a similar preventive
control. Teaching employees how to avoid information security threats is another
preventive control.
What is a detective control and what are some examples? - Answers - Detective
controls are safeguards put in place in order to detect, and sometimes report, a security
incident while it is in progress. Examples of detective controls include logging system
activity and reviewing the logs. Log review can look for unauthorized access or other
security anomalies that require attention. An anomaly is something strange or unusual -
activity that is not normal.
, What is a logic bomb? - Answers - A logic bomb is harmful code intentionally left on a
computer system that lies dormant for a certain period. When specific conditions are
met, it "explodes" and carries out its malicious function. Programmers can create logic
bombs that explode on a certain day or when a specific event occurs. Attackers also
program logic bombs to explode in response to no action; for example, a logic bomb
may explode when its creator does not log onto the target computer system for a
predetermined number of days.
What is a backdoor? - Answers - A backdoor, also called a trapdoor, is a way to
access a computer program or system that bypasses normal mechanisms. A backdoor
is a security vulnerability regardless of its initial purpose. Attackers search for system
backdoors to explout them. Sometimes attackers install backdoors on system they want
to visit again. Attackers can have virtually unhindered access to a systemthrough a
backdoor.
What is a distributed denial of services attack (DDoS)? - Answers - It is another form of
DoS attack that occurs when attackers use multiple system to attack a targeted system.
These attacks really challenge the targeted system, because it often cannot ward off an
attack coming from hundreds or thousands of different computers. A DDoS attack sends
so many requests for services to a targeted system that the system or website is
overwhelmed and cannot respond.
What is an organization's governance? - Answers - An organization's governance
documents form the basis for its information security program. These documents
include: Policies, Standards, proceures, and guidelines.
What is a policy? - Answers - A policy tells an organization how it must act and the
consequences for faling to act properly. It is important for an organization;s
management team to support its policies, because policies often fail without that top-
level support.
What are standards? - Answers - It states the activities and actions needed to meet
policy goals.
What are procedures? - Answers - These are step-by-step checklists that explain how
to meet security goals.
What are guidelines? - Answers - Recommended actions and guides for employees,
tell users about information security concerns and suggest ways to deal with them.
What is restricted/confidential information? - Answers - Information that would harm
the organization, its reputation, or its competitive edge if publicly disclosed.
Which term refers to the security goal that ensure changes can't be made to data
without appropriate permission? - Answers - The correct answer is Integrity.
SECURITY
What is a standard? - Answers - A list of mandatory activities that must be completed
to achieve an information security goal.
What is a procedure? - Answers - A checklist of actions that should be performed to
achieve a certain goal.
What is information security? - Answers - The types of steps an organization should
take to protect its information. The study and practice of protecting information.
What is Cryptography? - Answers - It is the practice of hiding information so that
unauthorized persons cannot read it.
What is shoulder surfing? - Answers - A type of intentional attack. It occurs when an
attacker scretly looks "over the should" of someone at a computer and tries to discover
his or her sensitive information without permission.
What is social engineering? - Answers - These attack rely heavily on human
interaction. They take advantage of how people normally talk with one another and
interact. It is not a technical attack, but rather involves tricking other people to break
security rules and share sensitive information.
What is a vulnerability? - Answers - It is a weakness or flaw in an information system.
That can be classifed into four broad categories including people, process, facility, and
technology.
What is the separation of duties? - Answers - This rule requies that two or more
employees must split critical task functions so that no one employee knows all the steps
of the critical task.
What is a patch? - Answers - It is a piece of software or code that updates a program
to address security or other operational problems.
What is an exploit? - Answers - Exploit are successful attacks against a vulnerability.
They take place in a period known as the window of vulnerability.
What is a threat? - Answers - Anything that can harm an information system.
What are the four categories of threats? - Answers - 1. Humans
2. Natural
3. Technological and operational
4. Physical and environmental.
,What is risk? - Answers - A risk is the likelihood that a threat will exploit a vulnerability
and cause harm to the organization.
What are the six categories of risks? - Answers - 1. Financial
2. System/Service
3. Operational
4. Reputational
5. Compliance
6. Strategic
What is risk analysis? - Answers - The process of reviewing known vulnerabilities and
threats.
What are the four categories to respond to risk? - Answers - 1. Risk avoidance
2. Risk Mitigation
3. Risk transfer
4. Risk acceptance.
What is risk avoidance? - Answers - It is the process of applying safeguards to avoid a
negative impact. A risk avoidance strategy seeks to eliminate all risk.
What is risk mitigation? - Answers - Organizations apply safeguards to vulnerabilities
and threats to lower risk to an acceptable level.
What is residual risk? - Answers - The amount of risk left over after applying
safeguards.
What is whaling? - Answers - It is a type of targeted phishing scam in which attackers
target corporate executives.
What are Business email compromise (BEC) attacks? - Answers - They are
sophiscated phising scams that target recepients who are responsible for processing
payments at organizations.
What is malware? - Answers - Malware is a general term that refers to any type of
software that performs some sort of harmful, unauthroized, or unknown activity. The
term malware is a combination of the words malicious and software. Malware is usally a
computer virus or worm, or a combination of one or more viruses or worms.
What is a computer virus? - Answers - These are programs that spread by infecting
applications on a computer. When the infected virus code is executed, it tries to place
intself into uninfected software.
What is a computer worm? - Answers - A computer worm is similar to a virus. Unlike a
virus, however, a computer worm is a self-contained program that does not require
,external assistance to propagate. Some well-known interent worms include the Morris
worm, SQL Slammer, and Blackworm.
What is a Trojan horse? - Answers - It is a subset of malware that pretendes to be a
legitimate and desirable software file that a user wants. In reality, it is malicious. A
Trojan horse spreads when a user downloads the seemingly legitimate file. While the
user believes a legitimate file is downloading, the Trojan horse is actually loading. This
type of malware is especially prevalent on social networking sites. Accepting virtual
"gifts" on these sites can often expose users to a nasty surprise.
What is ransomware? - Answers - It is a subset of malware that prevents organizations
and users from accessing data or information systems until they pay a ransom. The
ransomware may encrypt data to make it inaccessible, or it may lock information
systems, until an organization pays the attacker to decrypt the data or unlock the
system.
What is spyware? - Answers - Spyware is any technology that secretly gathers
information about a person or organization. Many users inadvertently download
spyware with other programs from the internet. Spyware hides on a system, where it
collects information about individuals and their internet browsing habits.
What is a keystroke logger? - Answers - It is a device or program that records
keystrokes made on a keyboard or mouse. Attackers secretly install keystroke loggers
and then are able to recover computer keyboard entries and sometimes even mouse
clicks from them. They can review the data retrieved froma keystroke logger to find
sensitive information such as usernames, passwords, and other confidential
information.
What are the three classification you can categorize safeguards based on they act? -
Answers - 1. Preventive
2. Dectective
3. Corrective.
What is a preventive control and what are some examples? - Answers - These are
safeguards used to prevent security incidents. These controls keep an incident from
happening. For example, door locks are a preventive safegaurd, because they help
keep intruders out of a locked area. Fencing around a building is a similar preventive
control. Teaching employees how to avoid information security threats is another
preventive control.
What is a detective control and what are some examples? - Answers - Detective
controls are safeguards put in place in order to detect, and sometimes report, a security
incident while it is in progress. Examples of detective controls include logging system
activity and reviewing the logs. Log review can look for unauthorized access or other
security anomalies that require attention. An anomaly is something strange or unusual -
activity that is not normal.
, What is a logic bomb? - Answers - A logic bomb is harmful code intentionally left on a
computer system that lies dormant for a certain period. When specific conditions are
met, it "explodes" and carries out its malicious function. Programmers can create logic
bombs that explode on a certain day or when a specific event occurs. Attackers also
program logic bombs to explode in response to no action; for example, a logic bomb
may explode when its creator does not log onto the target computer system for a
predetermined number of days.
What is a backdoor? - Answers - A backdoor, also called a trapdoor, is a way to
access a computer program or system that bypasses normal mechanisms. A backdoor
is a security vulnerability regardless of its initial purpose. Attackers search for system
backdoors to explout them. Sometimes attackers install backdoors on system they want
to visit again. Attackers can have virtually unhindered access to a systemthrough a
backdoor.
What is a distributed denial of services attack (DDoS)? - Answers - It is another form of
DoS attack that occurs when attackers use multiple system to attack a targeted system.
These attacks really challenge the targeted system, because it often cannot ward off an
attack coming from hundreds or thousands of different computers. A DDoS attack sends
so many requests for services to a targeted system that the system or website is
overwhelmed and cannot respond.
What is an organization's governance? - Answers - An organization's governance
documents form the basis for its information security program. These documents
include: Policies, Standards, proceures, and guidelines.
What is a policy? - Answers - A policy tells an organization how it must act and the
consequences for faling to act properly. It is important for an organization;s
management team to support its policies, because policies often fail without that top-
level support.
What are standards? - Answers - It states the activities and actions needed to meet
policy goals.
What are procedures? - Answers - These are step-by-step checklists that explain how
to meet security goals.
What are guidelines? - Answers - Recommended actions and guides for employees,
tell users about information security concerns and suggest ways to deal with them.
What is restricted/confidential information? - Answers - Information that would harm
the organization, its reputation, or its competitive edge if publicly disclosed.
Which term refers to the security goal that ensure changes can't be made to data
without appropriate permission? - Answers - The correct answer is Integrity.