1. Why is information security a management problem? What can management do that technology cannot?
Management is responsible for implementing information security to protect the ability of the organization to function. They must set policy and operate the organization in a manner that complies with the laws that govern the use of technology. Technology alone cannot solve information security issues. Management must make policy choices and enforce those policies to protect the value of the organization’s data.
2. Why is data the most important asset an organization possesses? What other assets in the organization require protection?
Data is important to an organization because ...view middle of the document...
For example, if a hacker gains unauthorized access to a celebrity’s computer and discovers embarrassing photos or videos of the star, he could then blackmail the star into giving him money in exchange for keeping the photos quiet. This causes not only a monetary loss for the celebrity, but also a loss of privacy and security.
6. Why do employees constitute one of the greatest threats to information security?
Employees constitute one of the greatest threats to information security because employee mistakes can lead to the revelation of classified data, entry of erroneous data, accidental deletion or modification of data, the storage of data in unprotected areas, or they could fail to follow procedures to protect data.
7. What measures can individuals take to protect against shoulder surfing?
Individuals can protect themselves against shoulder surfing by not accessing personal or private information when another person is present and can see what is being entered.
8. How has the perception of the hacker changed over recent years? What is the profile of a hacker today?
The perception of a hacker has evolved from being a male, age 13-18, with limited parental supervision who spends all his free time at the computer to the current profile of being male or female, aged 12-60, with varying technical skill who could be internal or external to an organization.
9. What is the difference between a skilled hacker and an unskilled hacker (other than skill levels)? How does the protection against each differ?
An expert hacker is one who develops software scripts and codes to exploit unknown vulnerabilities. An expert hacker is a master of several programming languages, networking protocols, and operating systems. An unskilled hacker is one who uses scripts and code developed by skilled hackers. They rarely create or write their own hacks, and are unskilled in programming languages, networking protocols, and operating systems. Protecting against expert hackers is difficult because they use newly developed attack code not yet detectable by anti-virus programs. Protecting against unskilled hackers is easier because they use hacking codes that are publicly available and can be thwarted by simply staying up-to-date on the latest software patches and being aware of the latest tools being published by expert hackers.
10. What are the various types of malware? How do worms differ from viruses? Do Trojan horses carry viruses or worms?
The various types of malware include: viruses, worms, Trojan horses, logic bombs, and back doors. Worms differ from viruses in that they do not require a program environment to replicate itself. Trojan horses can disguise both viruses and/or worms as a non-threatening piece of software to get it into a computer network.
11. Why does polymorphism cause greater concern than traditional malware? How does it affect detection?
Polymorphism causes greater concern than traditional malware because the...