ITM100 CHAPTER 8 QUIZ
51 Questions
15 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What type of malware can be transmitted to a smartphone without user intervention?

  • Worm (correct)
  • Adware
  • Trojan horse
  • Spyware
  • Which mobile operating system is targeted by most hackers according to the text?

  • Windows Mobile
  • iOS
  • BlackBerry OS
  • Android (correct)
  • What is the reported increase in malicious mobile malware attacks from 2017 to 2018 according to Kaspersky Lab?

  • 125%
  • 75%
  • 50%
  • 100% (correct)
  • Which social networking site is mentioned as a conduit for malware in the text?

    <p>LinkedIn</p> Signup and view all the answers

    What percentage of the world's spam is delivered by botnets?

    <p>90%</p> Signup and view all the answers

    Which type of attack involved the Mirai botnet in October 2016?

    <p>DDoS</p> Signup and view all the answers

    What is the average annualized cost of cybercrime security for organizations in 2018?

    <p>$13 million</p> Signup and view all the answers

    Which type of computer crime involves gaining unauthorized access?

    <p>Phishing</p> Signup and view all the answers

    What is a major concern that prevents many companies from reporting computer crimes?

    <p>Fear of reputational damage</p> Signup and view all the answers

    What type of attack involves activities of malicious insiders?

    <p>DDoS attacks</p> Signup and view all the answers

    In 2019, what were the fraud losses in the United States due to identity theft?

    <p>$16.9 billion</p> Signup and view all the answers

    Which phishing technique involves redirecting users to a bogus web page by gaining access to Internet address information?

    <p>Pharming</p> Signup and view all the answers

    What is the primary goal of phishing?

    <p>Obtaining personal data</p> Signup and view all the answers

    Which attack involves infecting computers with bot malware to open a back door for attackers to give instructions?

    <p>Botnet</p> Signup and view all the answers

    What type of attack involves launching a DDoS attack against Dyn in October 2016?

    <p>DDoS</p> Signup and view all the answers

    What is the primary concern for small and midsize businesses with less protected networks in relation to DDoS attacks?

    <p>Financial damage</p> Signup and view all the answers

    Which type of attack involves misrepresenting oneself through fake email addresses or redirecting web links to steal sensitive information?

    <p>Spoofing</p> Signup and view all the answers

    What type of malware appears benign but performs unexpected actions, allowing the introduction of viruses or malicious code?

    <p>Trojan horse</p> Signup and view all the answers

    What type of attack exploits vulnerabilities in web application software to introduce malicious code into a company’s systems?

    <p>SQL injection</p> Signup and view all the answers

    Which type of attack floods network servers with false communications to crash the network?

    <p>Denial-of-service (DoS) attacks</p> Signup and view all the answers

    What type of attack extorts money by taking control of computers and encrypting data?

    <p>Ransomware</p> Signup and view all the answers

    What serves advertising and monitors user web-surfing activity, with keyloggers being a particularly nefarious type?

    <p>Spyware</p> Signup and view all the answers

    Which type of attack involves unauthorized access to computer systems, and criminal hackers, or crackers, engage in theft, system damage, and cybervandalism?

    <p>Hackers</p> Signup and view all the answers

    What involves using numerous computers to overwhelm the network with false communications?

    <p>Distributed denial-of-service (DDoS) attacks</p> Signup and view all the answers

    Which type of malware steals banking login credentials and infected 3.6 million computers in 2009?

    <p>ZeuS (Zbot) Trojan</p> Signup and view all the answers

    What type of attack can steal proprietary information from networks when used for criminal purposes?

    <p>Sniffers</p> Signup and view all the answers

    What poses security challenges from devices, platforms, communications, and connected systems?

    <p>The Internet of Things (IoT)</p> Signup and view all the answers

    What is needed to protect IoT devices and platforms from information attacks and physical tampering, and to encrypt their communications?

    <p>New security tools</p> Signup and view all the answers

    What is the average cost of a data breach among 507 surveyed companies globally, according to the 2019 Cost of a Data Breach Report?

    <p>$3.92 million</p> Signup and view all the answers

    When did the U.S. Congress address computer crime threats?

    <p>1986</p> Signup and view all the answers

    What is the main focus of cyberwarfare?

    <p>Penetrating computers or networks to cause damage and disruption</p> Signup and view all the answers

    Which entities are considered targets of cyberwarfare?

    <p>Military, power grids, financial systems, and communication networks</p> Signup and view all the answers

    What did foreign hackers steal from the United States?

    <p>Source code, blueprints, and plans for critical infrastructure</p> Signup and view all the answers

    Which countries are reported to be developing offensive cyberattack capabilities?

    <p>Russia, China, Iran, and North Korea</p> Signup and view all the answers

    What is the role of the U.S. Cyber Command?

    <p>Coordinates and directs operations and defense of Department of Defense information networks</p> Signup and view all the answers

    What does cyberwarfare pose a serious threat to?

    <p>Infrastructure of modern societies, including major financial, health, government, and industrial institutions</p> Signup and view all the answers

    What is a significant cause of network security breaches according to the text?

    <p>User lack of knowledge</p> Signup and view all the answers

    How might employees inadvertently compromise systems?

    <p>Forgetting passwords or falling victim to social engineering tactics</p> Signup and view all the answers

    What may failure to comply with legal and regulatory requirements for electronic records management lead to?

    <p>Costly litigation</p> Signup and view all the answers

    What is the primary focus of the Sarbanes-Oxley Act of 2002?

    <p>Ensuring the accuracy and integrity of financial information</p> Signup and view all the answers

    What is the main focus of disaster recovery planning?

    <p>Restoration of disrupted computing and communications services</p> Signup and view all the answers

    What is the purpose of business continuity planning?

    <p>Restoring business operations after a disaster</p> Signup and view all the answers

    What is the goal of business impact analysis?

    <p>Identifying critical systems and determining the maximum amount of downtime</p> Signup and view all the answers

    What do information systems audits primarily examine?

    <p>The firm’s security environment and controls</p> Signup and view all the answers

    What is the main focus of audits in relation to Sarbanes-Oxley?

    <p>Internal controls to govern the creation and documentation of financial information</p> Signup and view all the answers

    What is the purpose of using duplicate computer centers or cloud-based disaster recovery services?

    <p>Restoring computing and communications services</p> Signup and view all the answers

    What is the focus of PricewaterhouseCoopers LLP (PwC) UK's business continuity plans?

    <p>Providing resilient and recoverable operations in the event of crises</p> Signup and view all the answers

    What is the primary purpose of an information systems audit?

    <p>Examine the firm’s security environment and controls</p> Signup and view all the answers

    What is the main goal of business impact analysis?

    <p>Identify critical systems and determine the maximum amount of time the business can survive with its systems down</p> Signup and view all the answers

    What is the primary purpose of disaster recovery planning?

    <p>Restore disrupted computing and communications services</p> Signup and view all the answers

    What is the main focus of business continuity planning?

    <p>Restore business operations after a disaster</p> Signup and view all the answers

    Study Notes

    Cybersecurity and Cyberwarfare Threats

    • The 2019 Cost of a Data Breach Report found that the average cost of a data breach among 507 surveyed companies globally was $3.92 million.
    • The U.S. Congress addressed computer crime threats in 1986 with the Computer Fraud and Abuse Act, making unauthorized computer system access illegal.
    • European nations and most U.S. states have similar laws addressing computer crimes.
    • Cyberwarfare involves state-sponsored activities designed to cripple and defeat other nations by penetrating their computers or networks to cause damage and disruption.
    • Cyberwarfare targets include military, power grids, financial systems, and communication networks, and can be conducted by nonstate actors such as terrorists or criminal groups.
    • Foreign hackers have stolen source code, blueprints, and plans for critical infrastructure from the United States.
    • U.S. intelligence reports that over 30 countries are developing offensive cyberattack capabilities, including Russia, China, Iran, and North Korea.
    • The U.S. Cyber Command coordinates and directs operations and defense of Department of Defense information networks and prepares for military cyberspace operations.
    • Cyberwarfare poses a serious threat to the infrastructure of modern societies, including their major financial, health, government, and industrial institutions that rely on the Internet for daily operations.
    • Insiders pose serious security problems for businesses, with user lack of knowledge being the greatest cause of network security breaches.
    • Employees may inadvertently compromise systems by forgetting passwords or falling victim to social engineering tactics.
    • Companies face legal and regulatory requirements for electronic records management, such as the General Data Protection Regulation (GDPR) in the EU, and failure to comply may lead to costly litigation.

    Information Security Regulations and Auditing

    • HIPAA (Health Insurance Portability and Accountability Act) of 1996 outlines security and privacy rules for healthcare data, including privacy, security, and electronic transaction standards.
    • The U.S. Financial Services Modernization Act (Gramm-Leach-Bliley Act) requires financial institutions to ensure the security and confidentiality of customer data, including storage and transmittal.
    • The Sarbanes-Oxley Act of 2002 is designed to protect investors in public companies by ensuring the accuracy and integrity of financial information.
    • In the UK, regulations such as the Records Management Code of Practice for Health and Social Care and the Companies Act 2006 impose specific requirements for managing records and corporate governance.
    • Sarbanes-Oxley focuses on internal controls to govern the creation and documentation of financial information, requiring consideration of information systems security and controls.
    • Disaster recovery planning focuses on the restoration of disrupted computing and communications services, while business continuity planning focuses on restoring business operations after a disaster.
    • Firms may use duplicate computer centers, cloud-based disaster recovery services, or firms providing spare computers for emergency backup.
    • Business continuity plans identify critical business processes and action plans for handling mission-critical functions if systems go down.
    • PricewaterhouseCoopers LLP (PwC) UK has developed business continuity plans to provide resilient and recoverable operations in the event of crises.
    • Business impact analysis is conducted to identify critical systems and determine the maximum amount of time the business can survive with its systems down.
    • Information systems audits examine the firm’s security environment and controls, trace the flow of transactions, and may simulate an attack or disaster to test the response.
    • Audits list and rank control weaknesses, estimating the probability of their occurrence and assessing financial and organizational impacts.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Explore the world of cybersecurity and cyberwarfare threats, including state-sponsored activities, data breaches, insider security problems, and the impact on modern societies. Learn about information security regulations and auditing, including laws like HIPAA, the Gramm-Leach-Bliley Act, and the Sarbanes-Oxley Act, as well as disaster recovery planning and business impact analysis.

    More Like This

    North Korea's Cyber Warfare Quiz
    10 questions
    Cybersecurity Threats and Campaigns
    9 questions
    Cybersecurity Chapter 6 Review Flashcards
    12 questions
    Use Quizgecko on...
    Browser
    Browser