ITM100 CHAPTER 8 QUIZ

MemorableRadiance avatar
By MemorableRadiance

Quiz

Flashcards

51 Questions

What type of malware can be transmitted to a smartphone without user intervention?

Which mobile operating system is targeted by most hackers according to the text?

What is the reported increase in malicious mobile malware attacks from 2017 to 2018 according to Kaspersky Lab?

Which social networking site is mentioned as a conduit for malware in the text?

What percentage of the world's spam is delivered by botnets?

Which type of attack involved the Mirai botnet in October 2016?

What is the average annualized cost of cybercrime security for organizations in 2018?

Which type of computer crime involves gaining unauthorized access?

What is a major concern that prevents many companies from reporting computer crimes?

What type of attack involves activities of malicious insiders?

In 2019, what were the fraud losses in the United States due to identity theft?

Which phishing technique involves redirecting users to a bogus web page by gaining access to Internet address information?

What is the primary goal of phishing?

Which attack involves infecting computers with bot malware to open a back door for attackers to give instructions?

What type of attack involves launching a DDoS attack against Dyn in October 2016?

What is the primary concern for small and midsize businesses with less protected networks in relation to DDoS attacks?

Which type of attack involves misrepresenting oneself through fake email addresses or redirecting web links to steal sensitive information?

What type of malware appears benign but performs unexpected actions, allowing the introduction of viruses or malicious code?

What type of attack exploits vulnerabilities in web application software to introduce malicious code into a company’s systems?

Which type of attack floods network servers with false communications to crash the network?

What type of attack extorts money by taking control of computers and encrypting data?

What serves advertising and monitors user web-surfing activity, with keyloggers being a particularly nefarious type?

Which type of attack involves unauthorized access to computer systems, and criminal hackers, or crackers, engage in theft, system damage, and cybervandalism?

What involves using numerous computers to overwhelm the network with false communications?

Which type of malware steals banking login credentials and infected 3.6 million computers in 2009?

What type of attack can steal proprietary information from networks when used for criminal purposes?

What poses security challenges from devices, platforms, communications, and connected systems?

What is needed to protect IoT devices and platforms from information attacks and physical tampering, and to encrypt their communications?

What is the average cost of a data breach among 507 surveyed companies globally, according to the 2019 Cost of a Data Breach Report?

When did the U.S. Congress address computer crime threats?

What is the main focus of cyberwarfare?

Which entities are considered targets of cyberwarfare?

What did foreign hackers steal from the United States?

Which countries are reported to be developing offensive cyberattack capabilities?

What is the role of the U.S. Cyber Command?

What does cyberwarfare pose a serious threat to?

What is a significant cause of network security breaches according to the text?

How might employees inadvertently compromise systems?

What may failure to comply with legal and regulatory requirements for electronic records management lead to?

What is the primary focus of the Sarbanes-Oxley Act of 2002?

What is the main focus of disaster recovery planning?

What is the purpose of business continuity planning?

What is the goal of business impact analysis?

What do information systems audits primarily examine?

What is the main focus of audits in relation to Sarbanes-Oxley?

What is the purpose of using duplicate computer centers or cloud-based disaster recovery services?

What is the focus of PricewaterhouseCoopers LLP (PwC) UK's business continuity plans?

What is the primary purpose of an information systems audit?

What is the main goal of business impact analysis?

What is the primary purpose of disaster recovery planning?

What is the main focus of business continuity planning?

Summary

Cybersecurity and Cyberwarfare Threats

  • The 2019 Cost of a Data Breach Report found that the average cost of a data breach among 507 surveyed companies globally was $3.92 million.
  • The U.S. Congress addressed computer crime threats in 1986 with the Computer Fraud and Abuse Act, making unauthorized computer system access illegal.
  • European nations and most U.S. states have similar laws addressing computer crimes.
  • Cyberwarfare involves state-sponsored activities designed to cripple and defeat other nations by penetrating their computers or networks to cause damage and disruption.
  • Cyberwarfare targets include military, power grids, financial systems, and communication networks, and can be conducted by nonstate actors such as terrorists or criminal groups.
  • Foreign hackers have stolen source code, blueprints, and plans for critical infrastructure from the United States.
  • U.S. intelligence reports that over 30 countries are developing offensive cyberattack capabilities, including Russia, China, Iran, and North Korea.
  • The U.S. Cyber Command coordinates and directs operations and defense of Department of Defense information networks and prepares for military cyberspace operations.
  • Cyberwarfare poses a serious threat to the infrastructure of modern societies, including their major financial, health, government, and industrial institutions that rely on the Internet for daily operations.
  • Insiders pose serious security problems for businesses, with user lack of knowledge being the greatest cause of network security breaches.
  • Employees may inadvertently compromise systems by forgetting passwords or falling victim to social engineering tactics.
  • Companies face legal and regulatory requirements for electronic records management, such as the General Data Protection Regulation (GDPR) in the EU, and failure to comply may lead to costly litigation.

Information Security Regulations and Auditing

  • HIPAA (Health Insurance Portability and Accountability Act) of 1996 outlines security and privacy rules for healthcare data, including privacy, security, and electronic transaction standards.
  • The U.S. Financial Services Modernization Act (Gramm-Leach-Bliley Act) requires financial institutions to ensure the security and confidentiality of customer data, including storage and transmittal.
  • The Sarbanes-Oxley Act of 2002 is designed to protect investors in public companies by ensuring the accuracy and integrity of financial information.
  • In the UK, regulations such as the Records Management Code of Practice for Health and Social Care and the Companies Act 2006 impose specific requirements for managing records and corporate governance.
  • Sarbanes-Oxley focuses on internal controls to govern the creation and documentation of financial information, requiring consideration of information systems security and controls.
  • Disaster recovery planning focuses on the restoration of disrupted computing and communications services, while business continuity planning focuses on restoring business operations after a disaster.
  • Firms may use duplicate computer centers, cloud-based disaster recovery services, or firms providing spare computers for emergency backup.
  • Business continuity plans identify critical business processes and action plans for handling mission-critical functions if systems go down.
  • PricewaterhouseCoopers LLP (PwC) UK has developed business continuity plans to provide resilient and recoverable operations in the event of crises.
  • Business impact analysis is conducted to identify critical systems and determine the maximum amount of time the business can survive with its systems down.
  • Information systems audits examine the firm’s security environment and controls, trace the flow of transactions, and may simulate an attack or disaster to test the response.
  • Audits list and rank control weaknesses, estimating the probability of their occurrence and assessing financial and organizational impacts.

Description

Explore the world of cybersecurity and cyberwarfare threats, including state-sponsored activities, data breaches, insider security problems, and the impact on modern societies. Learn about information security regulations and auditing, including laws like HIPAA, the Gramm-Leach-Bliley Act, and the Sarbanes-Oxley Act, as well as disaster recovery planning and business impact analysis.

Make Your Own Quiz

Transform your notes into a shareable quiz, with AI.

Get started for free

More Quizzes Like This

Mastering Cybersecurity
7 questions
Mastering Cybersecurity
LucrativeMagenta avatar
LucrativeMagenta
Cybersecurity Introduction Review
5 questions
Cybersecurity Basics Quiz
16 questions
Cybersecurity Basics Quiz
ImportantGladiolus avatar
ImportantGladiolus