All Matches
Solution Library
Expert Answer
Textbooks
Search Textbook questions, tutors and Books
Oops, something went wrong!
Change your search query and then try again
Toggle navigation
FREE Trial
S
Books
FREE
Tutors
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Ask a Question
Search
Search
Sign In
Register
study help
computer sciences
systems analysis and design
Questions and Answers of
Systems Analysis And Design
What happens if we pit Imp against Dwarf?
Write a "carpet bombing" program in CodeBlue that zeros out all of memory (with the possible exception of the program locations).
How would the following program fare against Imp? Loop COPY #0, -1 JUMP -1 Remember that instruction execution alternates between the two opposing programs.
Consider the following NAMS instruction: cmp vleft, vright For signed integers, there are three status flags that are relevant. If vleft = vright, then ZF is set. If vleft > vright, ZF is unset (set
Consider the following C program: /* a simple C program to average 3 integers */ main ( ) { int avg; int i1 = 20; int i2 = 13; int i3 = 82; avg = (i1 + i2 + i3)/3; } Write an NASM version of this
Consider the following C code fragment: if (EAX == 0) EBX = 1; else EBX = 2; Write an equivalent NASM code fragment.
(a) Why is it important for firms to understand the threat environment? (b) Name the three common security goals. (c) Briefly explain each. (d) What is an incident? (e) What are the synonyms for
(a) What is a DoS attack? (b) Describe a DDoS attack. (c) Describe a SYN flooding attack in some detail. (d) Why do many botnets have multiple owners over time?
(a) What are the two primary characteristics of skilled hackers? (b) Why are script kiddies dangerous? (Give two reasons.) (c) Why are malware and exploit toolkits expanding the danger of script
(a) What is the dominant type of attacker today? (b) Is cybercrime negligible today compared to non-computer crime? (c) Why are international gangs difficult to prosecute? (d) Why do international
(a) What is fraud? Be specific. (b) What is click fraud? (c) How do criminals engage in online extortion?
(a) What is carding? (b) Describe bank account theft and online stock account theft. (c) Distinguish between credit card theft and identity theft. (d) Why is identity theft more serious than credit
(a) Distinguish between public intelligence gathering and trade secret espionage. (b) What must a company do to its trade secrets if it wishes to be able to prosecute people or companies who steal
(a) Distinguish between cyberwar and cyberterror. (b) How can countries use cyberwar attacks? (c) How can terrorists use IT?
(a) Who were the victims in the Sony breach? (b) How did the attackers steal the information from Sony? Explain. (c) What likely motivated the attackers? (d) What is SQL injection? (e) Were Sony's
(a) Give four reasons why employees are especially dangerous. (b) What type of employee is the most dangerous? (c) What is sabotage? (d) Give the book's definition of hacking. (e) What is
(a) What is malware? (b) Distinguish between viruses and worms. (c) How do most viruses spread between computers today? (d) Describe how directly propagating worms move between computers. (e) Why
(a) How can nonmobile malware be delivered to computers? (b) What is a Trojan horse? (c) What is a RAT? (d) What is a downloader? (e) What is spyware? (f) Why can cookies be dangerous? (g)
(a) What is mobile code? (b) What is social engineering? (c) What is spam? (d) What is phishing? (e) Distinguish between normal phishing and spear phishing. (f) Why are hoaxes bad?
(a) Distinguish between IP address scanning and port scanning. (b) What is an exploit? (c) What does "owning" a computer mean? (d) What is IP address spoofing? (e) Why is IP address spoofing
(a) How can social engineering be used to get access to a sensitive file? (b) What is piggybacking? (c) What is shoulder surfing? (d) What is pretexting?
(a) If you accidentally find someone's password and use it to get into a system, is this hacking? Explain. (b) Someone sends you a "game." When you run it, it logs you into an IRS server. Is this
Addamark Technologies found that its webservers had been accessed without authorization by an employee of competitor Arcsight. Arcsight's vice president for marketing dismissed the hacking, saying,
Give three examples of social engineering not listed in the text.
Why would using a script created by a hacker not give you the experience of expert hacking?
What do you think are the pros and cons of paying off extortionists?
A competitor goes to your public website and discovers that they can get into a directory that you did not know could be reached. There they find a list of customer and use the list to their
How much time does your employer give you to read about current events related to your job?
How does reading current news articles help IT security professionals in their daily jobs?
How could the banks mentioned in this case have mitigated or prevented the thefts?
How would smart cards be safer than magnetic swipe cards? Why?
Why would this type of distributed bank theft be faster and incur larger losses than a traditional strong-arm bank robbery?
Are cybercrime efforts becoming more targeted? Why?
Why are organizations hesitant to report losses related to cybercrime?
Why are malicious insiders a focus of security experts?
Can IT Security be too secure? How?
(a) What do data breach notification laws require? (b) Why has this caused companies to think more about security?
(a) When can the Federal Trade Commission act against companies? (b) What financial burdens can the FTC place on companies that fail to take reasonable precautions to protect private information?
Besides HIPAA, what external compliance rules must hospitals consider when planning their security?
(a) Who is subject to FISMA? (b) Distinguish between certification and accreditation in FISMA. (c) Why has FISMA been criticized?
(a) What are the advantages of placing security within IT? (b) What are the disadvantages of placing security within IT? (c) What do most IT security analysts recommend about placing or not placing
(a) Why is top management support important? (b) What three things must top management do to demonstrate support?
(a) Why is the human resources department important to IT security? (b) Distinguish between the three main types of corporate auditing units. (c) What is the advantage of placing IT security
(a) What is an MSSP? (b) What are the two main benefits of using an MSSP? (c) Why are MSSPs likely to do a better job than IT security department employees? (d) What security functions typically
(a) For what reasons is security management hard? (b) What is comprehensive security, and why is it needed? (c) What are weakest-link failures?
(a) Why is information assurance a poor name for IT security? (b) Why is reasonable risk the goal of IT security? (c) What are some negative consequences of IT security?
(a) Why do we annualize costs and benefits in risk analysis computations? (b) How do you compute the ALE?
[Revised Question] An asset has a value of $1,000,000. In an attack, it is expected to lose 60 percent of its value. An attack is expected to be successful once every ten years. Countermeasure X will
(a) Why is it a problem if benefits and costs both occur over several years? (b) Why should the total cost of an incident (TCI) be used in place of exposure factors and asset values? (c) Why is it
(a) What are the four ways of responding to risk? (b) Which involves doing nothing? (c) Which involves insurance? (d) Why is insurance not a way to not deal with security protections? (e) What is
(a) What is a firm's technical security architecture? (b) Why is a technical security architecture needed? (c) When is the best time to create one? (d) Why do firms not simply replace their legacy
(a) Why is defense in depth important? (b) Distinguish between defense in depth and weakest-link problems. (c) Why are central security management consoles dangerous? (d) Why are they desirable?
(a) Why is border management important?
(a) What are policies? (b) Distinguish between policies and implementation. (c) Why should policies not specify implementation in detail?
(a) Distinguish between the corporate security policy and major security policies. (b) Distinguish between major security policies and the acceptable use policies. (c) What are the purposes of
(a) Why are processes necessary in security management? (b) What is driving firms to use formal governance frameworks to guide their security processes?
Why is it important to have corporate teams write policies?
(a) Distinguish between standards and guidelines. (b) For guidelines, what is mandatory? (c) When are guidelines appropriate?
(a) Distinguish between procedures and processes. (b) When would each be used? (c) What is the segregation of duties, and what is its purpose? (d) When someone requests to take an action that is
(a) Why is ethics unpredictable? (b) Why do companies create codes of ethics? (c) Why is good ethics important in a firm? (d) To whom do codes of ethics apply? (e) Do senior officers often get an
(a) Why shouldn't exceptions be absolutely forbidden? (b) Why is implementation guidance for exception handling necessary? (c) What are the first three rules for exceptions? (d) Why would
(a) What is oversight? (b) How is oversight related to policy? (c) What is promulgation? (d) What is stinging employees? (e) What are its costs and benefits? (f) Is electronic employee
(a) What is the purpose of auditing? (b) Distinguish between log files and documentation. (c) Why is the avoidance of compliance a serious red flag? (d) Distinguish between internal and external
(a) Why should companies install anonymous protected hotlines? (b) Why are anonymity and protection against reprisals importance when hotlines are used? (c) Why should general employee misbehavior
(a) What is a vulnerability test? (b) Why should you never engage in a vulnerability test without a signed contract? (c) What should be in the contract? (d) What should you look for in an external
(a) List the three stages in the plan-protect-respond cycle. (b) Is there a sequential flow between the stages? (c) What stage consumes the most time? (d) How does this book define protection?
(a) What is a governance framework? (b) Compare the focus of COSO with that of CobiT. (c) Compare the focus of CobiT with that of the ISO/IEC 27000 family of standards.
(a) What are the four objectives of COSO? (b) List COSO's eight components. (c) What is the control activity, and why is it important?
(a) Distinguish between the focuses of COSO and CobiT. (b) List the four CobiT domains. (c) How many high-level control objectives does CobiT have? (d) Which domain has the most control
(a) In the 27000 standards family, what is the function of ISO/IEC 27001? (b) In the 27000 standards family, what is the function of ISO/IEC 27002? (c) List the 11 broad areas in 27002. (d) Why is
(a) How can good security be an enabler? (b) What is the key to being an enabler? (c) Why is a negative view of users bad? (d) Why is viewing the security function as a police force or military
(a) In developing an IT security plan, what should a company do first? (b) What are the major categories of driving forces that a company must consider for the future? (c) What should the company do
(a) What are driving forces? (b) What do compliance laws do? (c) Why can compliance laws and regulations be expensive for IT security?
(a) In Sarbanes-Oxley, what is a material control deficiency? (b) Why was Sarbanes-Oxley important for IT security?
(a) What have privacy protection laws forced companies to do? (b) What did they find when they did so? (c) What institutions are subject to the Gramm-Leach-Bliley Act? (d) What institutions are
List the 12 PCI-DSS control objectives. You will have to look this up on the Internet.
The chapter discussed three ways to view the IT security function-as a police force, as a military organization, and as a loving mother. Name another view and describe why it is good.
A company has a resource XYZ. If there is a breach of security, the company may face a fine of $100,000 and pay another $20,000 to clean up the breach. The company believes that an attack is likely
Does your employer/spouse/roommate monitor your activities with a keylogger? Are you sure?
Why would someone want to install a keylogger on their own computer?
How would you know if you had a keylogger on your computer? How would you get rid of it?
Why was the navigational data on the Japanese Coast Guard vessel not securely deleted?
How could the lost navigational data compromise national security?
How could the Japanese Coast Guard write an effective data disposal policy?
Is a self-assessment of effective security policy a good predictor of actual security? Why or why not?
How might broad economic concerns make an organization's information systems less secure?
How might widespread adoption of new technology affect an organization's security efforts?
(a) Define cryptography. (b) What is confidentiality? (c) Distinguish between plaintext and ciphertext. (d) Which is transmitted across the network-the plaintext or the ciphertext? (e) What is a
(a) What are the two advantages of RC4? (b) Why is an RC4 key length of 40 bits commonly used? (c) Is this a strong key?
(a) How long is a DES key? (b) Is this a strong length? (c) Describe block encryption with DES.
(a) How does 3DES work? (b) What are the two common effective key lengths in 3DES? (c) Are these lengths strong enough for communication in corporations? (d) What is the disadvantage of 3DES?
(a) What is the big advantage of AES over 3DES? (b) What are the three key lengths offered by AES? (c) Which strong symmetric key encryption cipher can be used with small mobile devices? (d) Which
(a) It is claimed that new and proprietary encryption ciphers are good because cryptanalysts will not know them. Comment on this. (b) What is security through obscurity, and why is it bad?
(a) Distinguish between cryptography and cryptographic systems. (b) Distinguish between cryptographic systems and cryptographic system standards. (c) Why is the first handshaking stage the
(a) What three protections do cryptographic systems provide on a message-by-message basis? (b) What is an electronic signature? (c) What two protections do electronic signatures usually provide?
(a) In SSL/TLS, what is a cipher suite? (b) Why do companies wish to create policies that define security methods and options for a particular application that is used between corporate partners?
(a) In authentication, distinguish between the supplicant and the verifier. (b) What are credentials? (c) How many supplicants and verifiers are there in mutual authentication between two parties?
(a) In hashing, what is the hash? (b) Is encryption reversible? (c) Is hashing reversible? (d) Is hashing repeatable? (e) When a hashing algorithm is applied, does the hash have a fixed length or
(a) Is MS-CHAP used for initial authentication or message-by-message authentication? (b) How does the supplicant create the response message? (c) How does the verifier check the response message?
(a) When Alice sends a message to Bob, what key will she use to encrypt the message? (b) Why is "the public key" not a good answer to Question 21a? (c) What key will Bob use to decrypt the message?
Showing 2700 - 2800
of 3387
First
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34