ISM Exam 4 || with Complete Solutions.
Two reasons to secure data correct answers 1. Data is the most powerful asset we have
2. Privacy regulations
Reasons to secure info systems themselves correct answers computers themselves could be
hacked
digital identities correct answers log-in credentials such as username and password
annual growth rate for security incidents correct answers 66%
Zero Day Exploit correct answers The situation where on the very day the software engineers
or cyber security workers learn about the problems, the hackers are already exploiting this
flaw
Biggest hack in history correct answers Spam email malware and five months worth of
service lost
Categories of IT vulnerability correct answers Physical, technological and human
Physical Vulnerabilities: Lost Laptops- percentage lost correct answers 7%
Physical Vulnerabilities: __% of smartphones lost each year, and about __% had sensitive
data, __% unprotected correct answers 5%; 60%; 57%
Physical Vulnerabilities: Flash drives; each data record loss costs a company about $___; __
% of companies suffered loss of sensitive/confidential info correct answers $214 per data;
70%
Physical Vulnerabilities: What is Shoulder Surfing? correct answers Someone is looking over
your shoulder to see sensitive data
Physical Vulnerabilities: Dumpster diving; what kind of info found here? What kind of things
found here? correct answers "Gold Mine of Information"
1. Pre-attack research to receive data about the company
2. Sensitive company info
Things:
Printouts with source code, media with passwords, phone lists with phone numbers
Physical Vulnerabilities: Equipment Disposal correct answers Hard drives may store
documents on them that you may not think to wipe before donating or getting rid of it
Technological Vulnerabilities: Software Bugs; what is a bug? Is it reasonable to expect that
large software systems would be truly and totally bug-free? What can an attacker do with a
bug? correct answers Bug- programming flaw/oversight; No- it is easy to make a mistake in
systems that have millions of lines of code; Exploit it by running malware, accessing data, or
gaining full control of the system
, Tech Vulnerabilities: Passwords- 3 User Password Vulnerabilities correct answers Sticky
note, guessable, lack of complexity
Tech Vulnerabilities: Mobile and BYOD: organizations spend most of their IT security
dollars protecting _______ ________, which are unprotected because they spend much time
__________ _____ __________. correct answers mobile devices; outside the walls
Two examples of mobile/BYOD technical risks correct answers Direct Data Flow, Mobile
Sync
Direct Data Flow correct answers A quarter of data traffic goes directly from mobile devices
and into the cloud, bypassing traditional "castle wall" security defense; this is a tech
vulnerability
Mobile Sync correct answers 40% of enterprise contact info leaks into Facebook via
employee's increased use of mobile device collaboration systems (sync)
Human Vulnerabilities: Social Engineering correct answers Outsider exploits a naïve insider;
trickery
Human: "Insider"; what percentage of insiders are involved in incidents? Why would they be
a serious threat? correct answers current or former employee, contract or other partner that
has had or has now authorized access to an organization's network, servers or data; 70%; if
you do not cut them off from data after the cease working
What are the real drivers behind modern cyber-attacks? correct answers Money and power
Source of the most malicious hacking and their characteristics correct answers Cyber Crime
Syndicates
Hacktivists correct answers A loosely grouped set of people dedicated to political activism;
seek publicity and fame on behalf of their political cause
Goals of hacktivists correct answers Cause monetary pain, embarrass victim or cause pain,
seek public support
Strategies used by hacktivists correct answers 1. Denial of Service attack: the attackers
overwhelm victim's network or servers with requests (denies service to actual customers)
2. Info Exposure- embarrass the victim by exposing the their data
What is IP? correct answers Intellectual Property- creations of the mind
Why is IP stolen? correct answers To be sold to someone else
"determined human adversary" correct answers common in IP theft; this is someone
undeterred by early failures (repeat attacks, variety of techniques, significant resources)
What is the Digital Workplace? What is its goal? How does it accomplish that goal? correct
answers A business strategy to boost employee engagement and agility through a more
consumerized work environment
Two reasons to secure data correct answers 1. Data is the most powerful asset we have
2. Privacy regulations
Reasons to secure info systems themselves correct answers computers themselves could be
hacked
digital identities correct answers log-in credentials such as username and password
annual growth rate for security incidents correct answers 66%
Zero Day Exploit correct answers The situation where on the very day the software engineers
or cyber security workers learn about the problems, the hackers are already exploiting this
flaw
Biggest hack in history correct answers Spam email malware and five months worth of
service lost
Categories of IT vulnerability correct answers Physical, technological and human
Physical Vulnerabilities: Lost Laptops- percentage lost correct answers 7%
Physical Vulnerabilities: __% of smartphones lost each year, and about __% had sensitive
data, __% unprotected correct answers 5%; 60%; 57%
Physical Vulnerabilities: Flash drives; each data record loss costs a company about $___; __
% of companies suffered loss of sensitive/confidential info correct answers $214 per data;
70%
Physical Vulnerabilities: What is Shoulder Surfing? correct answers Someone is looking over
your shoulder to see sensitive data
Physical Vulnerabilities: Dumpster diving; what kind of info found here? What kind of things
found here? correct answers "Gold Mine of Information"
1. Pre-attack research to receive data about the company
2. Sensitive company info
Things:
Printouts with source code, media with passwords, phone lists with phone numbers
Physical Vulnerabilities: Equipment Disposal correct answers Hard drives may store
documents on them that you may not think to wipe before donating or getting rid of it
Technological Vulnerabilities: Software Bugs; what is a bug? Is it reasonable to expect that
large software systems would be truly and totally bug-free? What can an attacker do with a
bug? correct answers Bug- programming flaw/oversight; No- it is easy to make a mistake in
systems that have millions of lines of code; Exploit it by running malware, accessing data, or
gaining full control of the system
, Tech Vulnerabilities: Passwords- 3 User Password Vulnerabilities correct answers Sticky
note, guessable, lack of complexity
Tech Vulnerabilities: Mobile and BYOD: organizations spend most of their IT security
dollars protecting _______ ________, which are unprotected because they spend much time
__________ _____ __________. correct answers mobile devices; outside the walls
Two examples of mobile/BYOD technical risks correct answers Direct Data Flow, Mobile
Sync
Direct Data Flow correct answers A quarter of data traffic goes directly from mobile devices
and into the cloud, bypassing traditional "castle wall" security defense; this is a tech
vulnerability
Mobile Sync correct answers 40% of enterprise contact info leaks into Facebook via
employee's increased use of mobile device collaboration systems (sync)
Human Vulnerabilities: Social Engineering correct answers Outsider exploits a naïve insider;
trickery
Human: "Insider"; what percentage of insiders are involved in incidents? Why would they be
a serious threat? correct answers current or former employee, contract or other partner that
has had or has now authorized access to an organization's network, servers or data; 70%; if
you do not cut them off from data after the cease working
What are the real drivers behind modern cyber-attacks? correct answers Money and power
Source of the most malicious hacking and their characteristics correct answers Cyber Crime
Syndicates
Hacktivists correct answers A loosely grouped set of people dedicated to political activism;
seek publicity and fame on behalf of their political cause
Goals of hacktivists correct answers Cause monetary pain, embarrass victim or cause pain,
seek public support
Strategies used by hacktivists correct answers 1. Denial of Service attack: the attackers
overwhelm victim's network or servers with requests (denies service to actual customers)
2. Info Exposure- embarrass the victim by exposing the their data
What is IP? correct answers Intellectual Property- creations of the mind
Why is IP stolen? correct answers To be sold to someone else
"determined human adversary" correct answers common in IP theft; this is someone
undeterred by early failures (repeat attacks, variety of techniques, significant resources)
What is the Digital Workplace? What is its goal? How does it accomplish that goal? correct
answers A business strategy to boost employee engagement and agility through a more
consumerized work environment
