UF ISM3004 Exam 4 QUESTIONS AND VERIFIED
ACCURATE ANSWERS
Why secure data and information systems? - Answers - - Keep data secure bc
customers depend on their info being private
- Keep info systems private bc they process the data
What are digital identities and why protect them? - Answers - - Login credentials
- Keep secure so private info doesn't fall into wrong hands
According to the PWC report, what is the annual growth rate for security incidents? -
Answers - 66%
What is a "zero day exploit"? - Answers - On the day the exploit is discovered, hackers
have already been using it before any antivirus companies can offer solutions
With reference to the Saudi Aramco Breach, how did the hackers get in? and what
damage was suffered? - Answers - - Hackers got in by a scam email sent to an
employee
- The damage: loss of revenue, temporarily halted sale of hard drives bc they bought up
50,000 of them
What does it mean for something to be "vulnerable"? - Answers - It must be susceptible
to harm or attack
What are the broad categories of IT vulnerability? - Answers - - Data: raw facts and
figures
- Intellectual Property: ideas, knowledge and internal developments
- Business Processes
- Reputation: if customer trust is lost, it's hard to get back
- Corporate Survival: all the things above equal to this
Percentage of laptops lost over their service life? - Answers - 7%
Stolen Veteran's Affairs laptop incident - what was the impact? - Answers - - Exposure
of 26.5 million people's names, SSNs, and birth dates
- Lawsuit settlement of $20 million
- Identity theft
___% of smartphones lost each year. - Answers - 5
About ___% of lost phones had sensitive data... and most of those were NOT protected
at all! - Answers - 60
, As a rule of thumb, each data record lost costs a company about $_______ - Answers -
$214
___% of companies surveyed suffered loss of sensitive/confidential information in the
instance of a flash drive breach - Answers - 70
What is Shoulder Surfing, and how do attackers use it? - Answers - - Shoulder Surfing
is when someone looks over your shoulder as you enter your password(s)
- Attackers use it to gain access to private info, bank accounts, etc.
A company's dumpster can be a "________ of Information" to cybercriminals. - Answers
- Gold Mine
What kinds of information might be in a dumpster? - Answers - Source codes, emails
with info, sticky notes w/ passwords, phone lists, etc.
What kinds of things actually contain the desired information when dumpster diving? -
Answers - CDs, DVDs, sticky notes, etc.
How would the cybercriminals use the info found when dumpster diving? - Answers - To
form emails that are specific to an employee, or to perform social engineering.
What risk must be considered when disposing of obsolete equipment? - Answers -
Make sure the hard drives are wiped or someone could access company info
What is a software "bug"? - Answers - Programming flaw or oversight.
Is it reasonable to expect that large software systems would be truly and totally bug-
free? Why? - Answers - No bc they're simply so large and there's more room for error.
What can an attacker do with a bug? - Answers - Bugs can be exploited to run
undesired program code, unauthorized data access or gain full control
What are the three user password vulnerabilities? Why is each a problem? - Answers -
1) sticky notes: passwords written on sticky notes can be easily found
2) passwords are too easy for hackers to guess
3) lack of complexity and variation
What are the root causes of problems with user passwords? - Answers - People don't
like things that aren't easy to remember and we don't like change
Organizations spend most of their IT security dollars protecting _____________? -
Answers - "the campus"
Mobile devices are largely unprotected because they spend much time
_________________? - Answers - outside the castle walls
ACCURATE ANSWERS
Why secure data and information systems? - Answers - - Keep data secure bc
customers depend on their info being private
- Keep info systems private bc they process the data
What are digital identities and why protect them? - Answers - - Login credentials
- Keep secure so private info doesn't fall into wrong hands
According to the PWC report, what is the annual growth rate for security incidents? -
Answers - 66%
What is a "zero day exploit"? - Answers - On the day the exploit is discovered, hackers
have already been using it before any antivirus companies can offer solutions
With reference to the Saudi Aramco Breach, how did the hackers get in? and what
damage was suffered? - Answers - - Hackers got in by a scam email sent to an
employee
- The damage: loss of revenue, temporarily halted sale of hard drives bc they bought up
50,000 of them
What does it mean for something to be "vulnerable"? - Answers - It must be susceptible
to harm or attack
What are the broad categories of IT vulnerability? - Answers - - Data: raw facts and
figures
- Intellectual Property: ideas, knowledge and internal developments
- Business Processes
- Reputation: if customer trust is lost, it's hard to get back
- Corporate Survival: all the things above equal to this
Percentage of laptops lost over their service life? - Answers - 7%
Stolen Veteran's Affairs laptop incident - what was the impact? - Answers - - Exposure
of 26.5 million people's names, SSNs, and birth dates
- Lawsuit settlement of $20 million
- Identity theft
___% of smartphones lost each year. - Answers - 5
About ___% of lost phones had sensitive data... and most of those were NOT protected
at all! - Answers - 60
, As a rule of thumb, each data record lost costs a company about $_______ - Answers -
$214
___% of companies surveyed suffered loss of sensitive/confidential information in the
instance of a flash drive breach - Answers - 70
What is Shoulder Surfing, and how do attackers use it? - Answers - - Shoulder Surfing
is when someone looks over your shoulder as you enter your password(s)
- Attackers use it to gain access to private info, bank accounts, etc.
A company's dumpster can be a "________ of Information" to cybercriminals. - Answers
- Gold Mine
What kinds of information might be in a dumpster? - Answers - Source codes, emails
with info, sticky notes w/ passwords, phone lists, etc.
What kinds of things actually contain the desired information when dumpster diving? -
Answers - CDs, DVDs, sticky notes, etc.
How would the cybercriminals use the info found when dumpster diving? - Answers - To
form emails that are specific to an employee, or to perform social engineering.
What risk must be considered when disposing of obsolete equipment? - Answers -
Make sure the hard drives are wiped or someone could access company info
What is a software "bug"? - Answers - Programming flaw or oversight.
Is it reasonable to expect that large software systems would be truly and totally bug-
free? Why? - Answers - No bc they're simply so large and there's more room for error.
What can an attacker do with a bug? - Answers - Bugs can be exploited to run
undesired program code, unauthorized data access or gain full control
What are the three user password vulnerabilities? Why is each a problem? - Answers -
1) sticky notes: passwords written on sticky notes can be easily found
2) passwords are too easy for hackers to guess
3) lack of complexity and variation
What are the root causes of problems with user passwords? - Answers - People don't
like things that aren't easy to remember and we don't like change
Organizations spend most of their IT security dollars protecting _____________? -
Answers - "the campus"
Mobile devices are largely unprotected because they spend much time
_________________? - Answers - outside the castle walls
