Accounting Information Systems (Chapter 8)
Study online at quizlet.com/_2o2yh2
1.
Access Control List
(ACL)
A set of IF-THEN rules used to
determine what to do with arriving
packets
12.
Because it will not be
long before an exploit
is created
Why is it important to take time
steps to remediate a vulnerability
once it has been identified?
2.
Access Control Matrix
Authorization controls are often
implemented by creating an
__________________.
13.
3.
Access Control Matrix
a table used to implement
authorization controls
Because it will only
allow an attacker to
acquire limited rights
on the machine
Why is it important that the
employee use a limited regular
user account when browsing the
web or reading e-mail?
14.
Because preventive
controls can never
provide 100%
protection
Why is it necessary to supplement
preventive controls with methods
for detecting incidents and
procedures for taking corrective
remedial action?
15.
Because some
potential responses to
security incidents have
significant economic
consequences
Why should the CIRT include not
only technical specialists but also
senior operations management?
16.
Because the incoming
connection is not
filtered by the main
firewall
Why do modems create a huge
hole in perimeter security?
-Anti-malware controls
-Network access
controls
-Devices and software
hardening
-Encryption
What are the 4 components of the
"IT solutions" preventive control?
-Assess threats and
select risk response
-Develop and
communicate policy
-Acquire and
implement solutions
-Monitor performance
What are the 4 steps of the
security life cycle?
6.
Authentication
Verifying the identity of the person
or device attempting to access the
system
17.
Because there are
fewer problems to fix
as well as lower costs
Why does good change control
often result in better operating
performance?
7.
Authorization
The process of restricting access
of authenticated users to specific
portions of the system and limiting
what actions they are permitted to
perform
18.
Because they must
decide the sanctions
they are willing to
impose for
noncompliance
Why must senior management
participate in developing policies?
8.
Availability
The system and its information are
available to meet operational and
contractual obligations
19.
Better
Good change control often results
in ____________ operating performance.
20.
Biometric Identifier
9.
Because employees
may become
disgruntled and seek
revenge or may be
facing financial
difficulties
Why do organizations need to
implement a set of controls
designed to protect their
information assets from
unauthorized use and access by
employees?
A physical or behavioral
characteristic that is used as an
authentication credential
21.
Border Router
A device that connects an
organization's information system
to the Internet
Because examining a
pattern of traffic is
often the only way to
identify undesirable
activity
What are IPSs important?
22.
Buffer
Most programs set aside a fixed
amount of memory, known as a
___________, to hold user input.
23.
Because if no one fails
or gets circumvented,
another may function
as planned
Why does the use of overlapping,
complementary, and redundant
controls increase overall
effectiveness?
-Buffer overflows
-SQL injection
-Cross-site scripting
What are 3 common attacks
against the software running on
websites?
4.
5.
10.
11.
24.
25.
• Can create problems
because of unanticipated
side effects
• Likely to be multiple
patches released each
year thus an organization
faces the risk of applying
hundreds of patches to
thousands of machines
every year
What are 2 problems with
patches?
Change Control or
Change Management
The formal process used to
ensure that modifications to
hardware, software, or
processes do not reduce
systems reliability
26.
Cloud Computing
Using a browser to remotely
access software, data storage,
hardware, and applications
27.
-Compare traffic patterns
to a database of
signatures of known
attacks
-Develop a profile of
"normal" traffic and using
statistical analysis to
identify packets that do
not fit that profile
What are two primary traffic
patterns used by IPS to identify
undesirable traffic patterns?
Compatibility Test
Matching the user's
authentication credentials
against the access control
matrix to determine whether
that employee should be
allowed to access that resource
and perform the requested
action
28.
29.
Computer Incident
Response Team (CIRT)
A team that is responsible for
dealing with major security
incidents
30.
-Computer incident
response teams (CIRT)
-Chief information
security officer (CISO)
-Patch management
What are the most important
corrective controls? (3)
-Conduct reconnaissance
-Attempt social
engineering
-Scan and map the target
-Research
-Execute the attack
-Cover tracks
What are 6 basic steps
criminals use to attack an
organization's information
systems?
31.
32.
Confidentiality
Sensitive organizational
information is protected from
unauthorized disclosure
33.
Create the position of
CISO
It is especially important that
organizations assign
responsibility for information
security to someone at an
appropriate senior level of
management .
What is one way to complete
the above objective?
34.
-Creation of a "securityconscious" culture
-Training
What are 2 components of the
"people" preventive control?
35.
Cross-Site Scripting
_________________ attacks occur
when web application software
does not carefully filter user
input before returning any of
that data to the browser.
36.
C (time-based model of
security)
Time it takes to respond to the
attack and take corrective
action
37.
Deep Packet Inspection
A process that examines the
data in the body of a TCP
packet to control traffic, rather
than looking only at the
information in the IP and TCP
headers
38.
Defense-in-Depth
Employing multiple layers of
controls to avoid a single
point-of-failure
39.
Demilitarized Zone (DMZ)
A separate network located
outside the organization's
internal information system
that permits controlled access
from the Internet
40.
D (time-based model of
security)
Time it takes to detect that an
attack is in progress
41.
Employees can perform
only the specific tasks that
the system has assigned to
them
How do business process
management systems enforce
segregation of duties?
42.
Endpoints
Can be made more secure by
modifying their configurations
43.
Ensuring that vulnerability
and risk assessments are
performed regularly and
that security audits are
carried out periodically
What should the CISO have
responsibility for?
44.
Exploit
A program designed to
take advantage of a
known vulnerability
45.
The failure to "scrub" user input to
remove potentially malicious
code
What is the common
theme in buffer
overflow, SQL injection,
and cross-site scripting?
False (much more complex)
True/False: The trend
towards permitting
employees to use their
own personal devices
at work makes endpoint
configuration much
easier to manage
effectively.
46.
47.
48.
49.
50.
51.
Firewall
Hardening
A special-purpose
hardware device or
software running a
general-purpose
computer that controls
both inbound and
outbound
communication between
the system behind the
firewall and other
networks
The process of
modifying the default
configuration of
endpoints to eliminate
unnecessary settings
and services
An IDS only produces a warning
alert when it detects a suspicious
pattern of network traffic where
it is then up to a human to decide
what course of action to take,
while an IPS not only issues an
alert but also automatically takes
steps to stop a suspected attack
What is the main
difference between an
IDS and an IPS?
In identifying where additional
protections are most needed to
increase the time and effort
required to compromise the
system
Where is the value in
penetration testing?
Internet Protocol (IP)
The __________________ header
contains fields that
specify the IP address
of the sending a
receiving devices.
52.
An intruder can quickly
destroy, compromise, or
steal the organization's
economic information
resources
Why must detecting a security
breach and initiating corrective
remedial actions be timely?
53.
Intrusion Detection
System (IDS)
A system that creates logs of all
network traffic that was
permitted to pass the firewall
and then analyzes those logs for
signs of attempted or successful
intrusions
54.
Intrusion Prevention
Software (IPS)
Software or hardware that
monitors patterns in the traffic
flow to identify and
automatically block attacks
55.
It is hard to derive
accurate, reliable
measures of the
parameters P, D, and C
What is one problem with the
Time-Based Model of Security?
56.
Log Analysis
The process of examining logs
to identify evidence of possible
attacks
57.
-Log analysis
-Intrusion detection
system
-Penetration testing
-Continuous monitoring
What are 4 types of detective
controls?
58.
Multifactor
Authentication
The use of two or more types of
authentication credentials in
conjunction to achieve a greater
level of security
59.
Multimodal
Authentication
The use of multiple
authentication credentials of the
same type to achieve a greater
level of security
60.
Not only increases
security but also
strengthens internal
control by providing a
means for enforcing
segregation of duties
What is the benefit of internal
firewalls?
61.
o Logs can quickly grow
in size
o Many devices produce
logs with proprietary
formats
Why is it difficult to regularly
analyze logs to detect problems
in a timely manner? (2)
62.
One with
administrative
rights and
another that has
only limited
rights
What two accounts should employees
who need administrative powers on a
particular computer should be assigned?
63.
o Something
they know
(passwords or
PINs)
o Something
they have (smart
cards or ID
badges)
o Some physical
or behavioral
characteristic
(fingerprint )
What are 3 types of credentials that can
be used to verify a person's identity?
64.
Overflow the
Buffer
If the program does not carefully check
the size of the data being input, an
attacker may enter many times the
amount of data that was anticipated and
________________.
65.
P>D+C
According to the Time-Based Model of
Security, when are the organization's
security procedure effective?
66.
Packet Filtering
A process that uses various fields in a
packet's IP and TCP headers to decide
what to do with the packet
67.
Patch
Code released by software developers
that fixes a particular vulnerability
68.
Patch
Management
The process of regularly applying
patches and updates to software
69.
Penetration Test
An authorized attempt to break into the
organization's information system
70.
People
What is the most important preventive
control?
71.
-People
-Processes (user
access controls)
-IT solutions
-Physical security
-Change controls
and change
management
What are 5 types of preventive controls?
Place all wireless
access points in
the DMZ
What is an important part of securing
wireless access?
72.
73.
Privacy
Personal information about
customers, employees, suppliers,
or business partners is collected,
used, disclosed, and maintained
only in compliance with internal
policies and external regulatory
requirements and is protected
from unauthorized disclosure
74.
Processing Integrity
Data are processed accurately,
completely, in a timely manner,
an only with proper authorization
75.
P (time-based model of
security)
Time it takes an attacker to break
through the organization's
preventive controls
76.
The reason this happens
is that almost every local
area network uses the
Ethernet protocol, which
is designed to transmit
information in packets
with a maximum size of
about 1,440 bytes
Why is a file broken up into a
series of small pieces that are
reassembled upon delivery when
being sent?
77.
• Recognition that a
problem exists
• Containment of the
problem
• Recovery
• Follow-up
What 4 steps should the CIRT
follow to lead the organization's
incident response process?
78.
Remote Authentication
Dial-In User Services
(RADIUS)
A standard method for verifying
the identity of users attempting
to connect via dial-in access
79.
• Restrict access to
authorized users only
• Protect information
integrity
• Provide protection
against a variety of
attacks
What are 3 benefits of
information security procedures?
80.
Routers
Special purpose devices that are
designed to read the source and
destination address fields in IP
packet headers to decide where
to send the packet next
81.
Security
Access (both physical and
logical) to the system and its
data is controlled and restricted
to legitimate users
82.
-Security
-Confidentiality
-Privacy
-Processing Integrity
-Availability
What 5 principles does the Trust
Services Framework organize ITrelated controls into?
83.
Senior Management
Information security professionals
possess the expertise to identify
potential threats/estimate their
likelihood and impact, however,
__________________ must choose which
of the 4 risk responses is
appropriate to adopt so that the
resources invested in information
security reflect the organization's
risk appetite.
84.
Since logs are not
normally deleted or
updated, changes to a
log file indicate that the
system has likely been
compromised
Why is it important to analyze
changes to logs?
85.
Social Engineering
Using deception to obtain
unauthorized access to
information resources
86.
Spear Phishing
A social engineering attack that
involves sending emails
purportedly from someone that
the victim knows
87.
88.
SQL Injection
This treats all wireless
access as though it were
coming in from the
Internet and forces all
wireless traffic to go
through the main
firewall and any IPSs
that are using to protect
the perimeter of the
internal network
__________________ attacks occur
whenever web application
software that interfaces with a
database service does not filter
user input, thereby permitting an
attacker to embed SQL
commands within a data entry
request and have those
commands executed on the
database server.
What is the benefit of placing all
wireless access points in the
DMZ?
89.
Time-Based
Model of
Security
Implementing a combination of
preventive, detective, and corrective
controls that protect information assets
long enough to enable an organization
to recognize that an attack is occurring
and take steps to thwart it before any
information is lost or compromised
90.
To ensure that
only legitimate
users can access
the system
What is the objective of authentication?
91.
To integrate
physical or
remote access
control systems
In regards to physical security, what is a
promising way to achieve defense-indepth?
92.
To learn as much
as possible about
the target and to
identify potential
vulnerabilities
What is the objective of a criminals initial
reconnaissance?
93.
To limit actions to
specified
individuals in
accordance with
the organization's
security policy
What is the role of preventive controls in
defense-in-depth?
94.
Top management
must not only
communicate the
organization's
security policies,
but must also
lead by example
How can a security-conscious culture be
created within a company?
95.
Transmission
Control Protocol
(TCP)
The ______________________ header contains
fields that specify the sequential position
of that packet in relation to the entire file
and port numbers on sending/receiving
devices.
96.
True
True/False: Information security is the
foundation of systems reliability and is
necessary for achieving each of other
four principles.
97.
True
True/False: an IPS blocks not only known
attacks but also any new attacks that
violate the standards.
98.
Virtualization
Running multiple systems simultaneously
on one physical computer
99.
Vulnerabilities
Flaws in programs that can be exploited to either crash the system of take control of it
100.
Vulnerability
Scanners
Automated tools designed to identify whether a given system possesses any unused and unnecessary
programs
101.
War Dialing
Searching for an idle modem by programming a computer to dial thousands of phone lines