Computer Security Chapter 2 Review

In: Computers and Technology

Submitted By theunborn
Words 1872
Pages 8
Nguyen Dinh

Computer Security

Assignment 2

1. Both general management and IT management are responsible for implementing information security to protect the ability of the organization to function.

Decision-makers in organizations have to set policy and operate their organization in a manner that complies with the complex, shifting political legislation on the use of technology. Management is responsible for informed policy choices and the enforcement of decisions that affect applications and the IT infrastructures that support them. Management can also implement an effective information security program to protect the integrity and value of the organization’s data.

2. Data is mostly important in the organization because without it, an organization will lose its record of transactions and/or its ability to deliver value to its customers. Since any business, educational institution, or government agency that is functional within the modern social context of connected and responsive service depends on information systems to support these services, protecting data in motion and data at rest are both critical.

Other assets that require protection include the ability of the organization to function, the safe operation of applications, and technology assets.

3. Both general management and IT management are responsible for implementing

information security that protects the organization’s ability to function. Although many business and government managers shy away from addressing information security because they perceive it to be a technically complex task, in fact, implementing information security has more to do with management than with technology. Just as managing payroll has more to do with management than with mathematical wage computations, managing information security has more to do with policy and its…...

Similar Documents

Chapter 2 Review Questions Solutions

...Chapter 2 Review Questions Solutions 1. Describe and compare the six sources of software. The six sources of software identified in the textbook are: (1) information technology services firms, (2) packaged software providers, (3) vendors of enterprise solution software, (4) application service providers and managed service providers, (5) open-source software, and (6) in-house development. IT services firms help companies develop custom information systems for internal use; they develop, host, and run applications for customers; or they provide other services. An IT services firm may be chosen if the system can’t be developed internally or requires customer support. Packaged software providers are companies that produce software exclusively, like Microsoft or Intuit, and are preferable if the task needing the system is generic. Vendors of enterprise solution software create a system that is composed of a series of integrated modules. Each module supports a business function, such as accounting, or human resources. ERP systems may be appropriate if a complete system is required that can cross functional boundaries. A more intense option for larger, more customizable solutions are Managed service providers who can provide more services than application service providers. ASPs and MSPs may be appropriate when instant access to an application is desired, and in the case of ASPs, when the task is generic. Open-source software is a type of software that is developed......

Words: 897 - Pages: 4

Review Questions Chapter 1 and 2

...Chapter 1 Review Questions (1.1 - 1.7) 1.1 Define the following terms: data, database, DBMS, database system, database catalog, program-data independence, user view, DBA, end user, canned transaction, deductive database system, persistent object, meta-data, and transaction-processing application. a) Data: Known facts that can be recorded and that have implicit meaning. b) Database: Collection of related data. c) DBMS: Is a collection of programs that enables users to maintain a database. d) Database system: Is a compilation of the database and complete definition of the database structure and constrains. e) Database catalog: contains information such as the structure of each file, the type and storage format of each data item, and various constraints on the data f) Program-data independence: Is the structure of data files g) User view: A view may be a subset of the database or it may contain virtual data that is derived from the database files but is not explicitly stored h) DBA: The Database Administrator or “DBA” is responsible for authorizing access to the database, coordinating and monitoring its use, and acquiring software and hardware resources as needed. i) End user: These are the people whose jobs require access to the database for querying, updating and generation reports. j) Canned transaction: These are standard types of querying and updates. k) Deductive database system: capabilities for defining deduction rules for inferencing new information......

Words: 3534 - Pages: 15

Chapter 2 Review Question

...chapter 2 1. Why is information security a management problem? What can management do that Technology cannot? Management is an information problem due to the fact that policymaking and training of securing systems from users fall into the responsibility of their role. These responsibilities can include limiting access as well as disabling certain functions that are not related to the organizations’ function. Management can set policies that may arise due to improper uses or manipulations of systems and asses the threats that are unknown due to the introduction of new hardware and software. 2. Why is data the most important asset an organization possesses? What other assets in the organization require protection? The integrity of the data is most important because it relates to the overall company operations. Securing the data from people not authorized to see or change it ensures that the correct information about the company is being generated without interference or manipulations of data. Other important assets that requires protection are the computer terminals, networking infrastructure, which need to be protected from misuse from internal and external threats whether intentional or not. 3. Which management groups are responsible for implementing information security to protect the organization’s ability to function? The responsibility relies on several management groups such as CIO, who is responsible for the overall protection of system, but the......

Words: 1762 - Pages: 8

Chapter 2 Review Questions

...information security that protects the organization's ability to function. Management is responsible for implementing information security to protect the ability of the organization to function. They must set policy and operate the organization in a manner that complies with the laws that govern the use of technology. Technology alone cannot solve information security issues. Management must make policy choices and enforce those policies to protect the value of the organizations data. 2. Data is important to an organization because without it an organization will lose its record of transactions and/or its ability to furnish valuable deliverables to its customers. Other assets that require protection include the ability of the organization to function, the safe operation of applications, and technology assets. 3. Both general management and IT management are responsible for implementing information security. 4. The implementation of networking technology has created more risk for businesses that use information technology because business networks are now connected to the internet and other networks external to the organization. This has made it easier for people to gain unauthorized access to the organization’s networks. 5. Information extortion occurs when an attacker steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. For example, if a hacker gains unauthorized access to a celebrity’s......

Words: 1114 - Pages: 5

Principles of Information Security Chapter 2 Review Questions

...1. Management is responsible for implementing information security to protect the ability of the organization to function. They must set policy and operate the organization in a manner that complies with the laws that govern the use of technology. Technology alone cannot solve information security issues. Management must make policy choices and enforce those policies to protect the value of the organization’s data. 2. Data is important to an organization because without it an organization will lose its record of transactions and/or its ability to furnish valuable deliverables to its customers. Other assets that require protection include the ability of the organization to function, the safe operation of applications, and technology assets. 3. Both general management and IT management are responsible for implementing information security. 4. The implementation of networking technology has created more risk for businesses that use information technology because business networks are now connected to the internet and other networks external to the organization. This has made it easier for people to gain unauthorized access to the organization’s networks. 5. Information extortion is when an attacker steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. One example could be someone that gains access to PII such as SSN’s through a company’s database and ransoms the information for money. If not paid, he......

Words: 1112 - Pages: 5

Chapter 2 Review

...Assignment 2 1.C 2.B 3.B, D 4.C, D 5.A 6.D 7.C 8.C 9.A,C,D 10. C, D 11.A 12.C,D 13.B 14.C 15.A,D 16.D 17.D 18.D 19.A 20.B Computer networking- the process of the stuff working together Computer network- the stuff that works together Application- software that performs some useful function for a user Email- one of the oldest applications that uses networking, acts like sending letters through the postal service Voice call- emphasizing the fact that the traffic that flows between the endpoints is voice Video frame- a grid of pixel locations of a chosen width by height that contains the lights/colors to be shown in a video at a single point in time Web server- refers to both the software and the hardware on which it executes Web browser- software that allows a user to get and display a copy of a web page from a web server Web address- identifies the specific web page that the user wants to display Web page- Identified by the name after the/ in the URL Protocol- set of rules HTTP- defines the rules by which a web browser can ask for a web page from a web server. and the rules a web serves uses to send the web page back to the web browser Enterprise network- a network owned and operated by a company, with that company being somewhat larger then typical, generally with more than 1000 employees Link-any cable between two devices Node- any device Internet/the Internet- the global network formed by interconnecting most of the networks on......

Words: 304 - Pages: 2

Nt1210 Computer Basics Chapter Review

...Chapter Review Activities 1. C: Represents one binary digit 2. D: Kilobyte 3. C: 64 bits per quadruple word 4. A: Used for short-term memory C: Used to process data 5. A: The CPU tells the RAM which address holds the data that the CPU wants to read. 6. C: Character set 7. D: The binary equivalent of decimal 123456789 8. A: An actuator arm 9. B: Provides a convenient way to name a set of data for easier operations like copying and moving C: Name give users an easy way to reference the data D: Gives the CPU an easy way to identify the data it wants to read from RAM 10. C: By reading the files and auto generating directory structure for the files, for use on your classmate’s local computer 11. C: Changing the disk’s surface so that later the light will reflect differently for 0 or 1 12. B: Used for long-term memory D: Connects to the CPU over a bus using a cable 13. A: Actuator arm C: Platters 14. A: RAM D:USB flash drive 15. D: The binary equivalent of decimal 123456789 16. D: By closing an electrical circuit connected to the key when the key is pressed 17. B: Two dimensions: movement as two numbers: one in the direction of the X axis of an X,Y graph and the other on the y axis. 18. C: Input of commands that control the computer 19. A: 1280 is the number of items top to bottom in a grid on the screen. D: 1024 is the number of items top to bottom in a grid on the screen. 20. A:......

Words: 647 - Pages: 3

Et1210 Chapter 2 Review

...Chapter 2 Review Charles Brice Intro to Networking Monday 6-10pm * Questions & Answers 1. Which of the following terms is the closest synonym to the term computer networking? d. Stuff 2. Ann uses her email address, me@here.com, to send an email to Bob, whose email address is you@there.com. The message contains a few paragraphs of text. Which of the following will be important to the process of making sure that Bob receives this email? b. Bob’s incoming email server 3. According to this chapter, which of the following concepts happens in a modern-day, end-to- end voice call between two business telephones sitting in the same office building in the United States? (Choose two answers.) c. The call uses both analog and digital electrical signals. d. The call represents short sounds as a unique set of bits. 4. According to this chapter, which of the following concepts happens in a modern-day, end-to-end voice call between two home telephones in the United States? (Choose two answers.) c. The call uses both analog and digital electrical signals. d. The call represents short sounds as a unique set of bits. 5. A student makes a video recording of a professor teaching a class. The student posts the video to a website. The answers list information that the student used or chose on the computer on which he was processing the video. Which of the following answers is the least likely to impact......

Words: 1021 - Pages: 5

Chapter 2 Review Questions Principles of Information Security

...1. Information security is more of a management issue because it is up to management to decide what end users should have access to and what they should not. Also technology can only do what it is told to do but if management sets up training to teach end users about the threats of say opening an unknown email then the company is safer. 2. Without data an organization loses its record of transactions and/or its ability to deliver value to its customers. Page 42 Principles of Information Security 3. Both general and It management 4. It has created more and the reason why is it is much easier to spread viruses, worms, etc. now that the can get from system to system without having to attach to a physical disc. 5. Information extortion occurs when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. Page 60 Principles of Information Security. An example would be if someone would steal the latest album from a well-known artist before its release date and demanded to be paid or it would be released onto the internet. 6. Employees are one of the biggest threats for several reasons the can accidently allow someone access to the system by installing a back door or it is possible for them to become angry with the company and just hand out IP to rival companies. It is also possible that they could accidently delete valuable data from the system that has no backup. 7. Make sure......

Words: 908 - Pages: 4

Computer Security Chapter 2 Review

...Nguyen Dinh Computer Security Assignment 2 1. Both general management and IT management are responsible for implementing information security to protect the ability of the organization to function. Decision-makers in organizations have to set policy and operate their organization in a manner that complies with the complex, shifting political legislation on the use of technology. Management is responsible for informed policy choices and the enforcement of decisions that affect applications and the IT infrastructures that support them. Management can also implement an effective information security program to protect the integrity and value of the organization’s data. 2. Data is mostly important in the organization because without it, an organization will lose its record of transactions and/or its ability to deliver value to its customers. Since any business, educational institution, or government agency that is functional within the modern social context of connected and responsive service depends on information systems to support these services, protecting data in motion and data at rest are both critical. Other assets that require protection include the ability of the organization to function, the safe operation of applications, and technology assets. 3. Both general management and IT management are responsible for implementing information security that protects the organization’s ability to function. Although many......

Words: 1872 - Pages: 8

Chapter 2 Review Question

...9/14/2015 Applications in Info Security Chapter 4 Review Questions: 1)It might depend on the risk, although all risks should be addressed. The conditions that an organization might have is if they don't have a risk management plan or if they don't have the money to identify and mitigate the risk 2) 3)Alignment is important because it can align organizational goals with ICT works. The benefits to an organization as a whole is that it can align security processes with business goals. 4)Evaluation is important because it can determine if your team is achieving the objectives and this is usually done through gathering data and then analyzing it. Organizations benefit by collecting quantitative data because it can be used to evaluate the options and implications of a decision. 5)A contract is an agreement between a customer and a supplier, while the RFP is technically a bid solicitation. 6)Typically a subcontractor role is to perform specific tasks given by a general contractor. They can be controlled by the supplier to follow the right procedures that are given in the contract. 7)The problem resolution is important because it involves two parties in agreeing that all problems are identified, analyzed, managed, and controlled to resolution. 8)There are two types of reviews: Formal Reviews Informal Reviews In a formal review, the ICT is presented to a team or to an individual before the actual review. In the other hand the informal review allows the......

Words: 334 - Pages: 2

Chapter 2 Review Questions

...Chapter 2 Review Questions 1. Why is information security a management problem? What can management do that technology cannot? Managing information security has more to do with policy and enforcement rather than technology. Management must address information security in terms of business impact and the cost. 2. Why is data the most important asset an organization possesses? What other assets in the organization require protect? Data in an organization represents its transaction records and its ability to deliver to its customer. Without this the organization would not be able to carry out day to day work. 3. Which management groups are responsible for implementing information security to protect the organization’s ability to function? Both management and IT management are responsible for implementing security to protect an organizations ability to function. 4. Has the implementation of networking technology created more or less risk for businesses that use information technology? Why? Networking is usually considered to have created more risk for businesses that use information security. The reason is that potential attackers have reader access to the information system. 5. What is information extortion? Describe how such an attack can cause losses, using an example not found in the text Information extortion is the act of an attacker or trusted insider who steals information from a computer system and demand compensation for its return or for an......

Words: 1152 - Pages: 5

Pricinples of Information Security, Chapter 3 Review Questions

...Week 2, Chapter 3 Name: ------------------------------------------------- Review Questions p. 114 Assignment 3          1. What is the difference between law and ethics? Laws are formally adopted rules for acceptable behavior in modern society. Ethics are socially acceptable behaviors. The key difference between laws and ethics is that laws carry the authority of a governing body, and ethics do not. Ethics in turn are based on cultural mores: the fixed moral attitudes or customs of a particular group. Some ethical standards are universal. For example, murder, theft, assault, and arson are actions that deviate from ethical and legal codes throughout the world. 2. What is civil law, and what does it accomplish? Civil law comprises a wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organizational entities and people. 3. What are the primary examples of public law? criminal, administrative, and constitutional law 4. Which law amended the Computer Fraud and Abuse Act of 1986, and what did it change? the National Information Infrastructure Protection Act of 1996, which modified several sections of the amended the Computer Fraud and Abuse Act of 1986 and increased the penalties for selected crimes. The punishment for offenses prosecuted under this statute varies from fines to imprisonment up to 20 years, or both. The severity of the penalty depends on the value of the information obtained and...

Words: 1517 - Pages: 7

Intro to Computer Security Chap 2 Review Questions

...Linda Fernandez Chap 2 Review Questions 1. Why is information security a management problem? What can management do that technology cannot? Both management and IT management are responsible for the protection necessary to secure information. They are the ones who make the decisions regarding the appropriate security system and what level of security will work for the system. 2. Why is data the most important asset an organization possesses? What other assets in the organization require protection? Data is important because it keeps a record of all changes and activity. Without data, the company or organization may fail because they have no records, and therefore be of no good use. 3. Which management groups are responsible for implementing information security to protect the organizations’ ability to function? General Management and IT Management are responsible because it has to be set up for that specific system. If one part fails, then they are the ones to fix it and make it usable 4. Has the implementation of networking technology created more or less risk for businesses that use information technology? Why? Networking has caused more risk for businesses using information technology because it made it much easier for attackers to breach the security systems. They are even more of a target with the internet connection. 5. What is information extortion? Describe how such an attack can cause losses, using an example not found in the......

Words: 1293 - Pages: 6

Chapter 2 Review Questions

...Chapter 1 PLD Review questions Multiple choice 1. A program is a set of instructions that a computer follows to perform a task. 2. The physical devices that a computer is made of are referred to as Hardware. 3. The part of a computer that runs programs is called the CPU. 4. Today, CPUS are small chips known as Microprocessors. 5. The computer stores a program while the program is running, as well as the data that the program is working with, in Main memory. 6. This is a volatile type of memory that is used only for temporary storage while a program is running. A. RAM 7. A type of memory that can hold data for long periods of time—even when there is no power to the computer—is called Secondary storage. 8. A component that collects data from people or other devices and sends it to the computer is called an input device. 9. A video display is a(n)output device. 10. A byte is enough memory to store a letter of the alphabet or a small number. 11. A byte is made up of eight bits. 12. In a binary numbering system, all numeric values are written as sequences of 0s and 1s. 13. A bit that is turned off represents the following value: 0 14. A set of 128 numeric codes that represent the English letters, various punctuation marks, and other characters is ASCII. 15. An extensive encoding scheme that can represent the characters of many of the languages in the world is Unicode. 16. Negative......

Words: 727 - Pages: 3