MIS 464 End-Term Exam –
Comprehensive Study Guide
Julius Caesar's Encryption Technique - Developed by Julius Caesar to secure his
communications.
History of Cybersecurity - Started by Donn B. Parker, leading to checklists in the 70s
and IS management books in the 80s.
Definition of Cybersecurity - Confidentiality: Restricting access to sensitive
information. Integrity: Guarding against improper information modification.
Availability: Ensuring timely and reliable access to data and resources.
Salami Attack - Financial attack taking small, undetectable amounts of money.
Denial of Service (DoS) Attack - Floods targeted host until network or site crashes,
denying access to legitimate users.
Virus - Infects other programs by modifying them to include a version of itself.
Malware - Malicious software.
Law Enforcement and Spam - Law enforcement focuses on spam resulting in
financial losses or breaches to national security or privacy.
Social Link Farming - Creating online profiles with artificial followers, potentially for
accessing information or systems through employees.
Cybercrime Trends - Increasing in frequency.
Wardriving - Identifies vulnerable Wi-Fi networks or exploits free internet access.
Ransomware - Extortion: Threatens to release sensitive information if ransom not
paid. Encryption: Blocks access to critical information until ransom paid. Double
Extortion: Threatens to auction victim's data in criminal markets.
Online Romance Fraud - Not a significant money-making market.
Hack for Hire - Outsourcing risky activities to avoid detection or legal penalties.
Data Brokers - Sell aggregated information for private details. Can buy data from the
US military.
HTTPS - Encrypts connection, but does not prevent malware, spying, or site
identification.
Algorithm Publication - Widely accepted for transparency and testing.
, Cryptosystem Vulnerabilities - Brute force attacks ineffective; focus on coding errors
or back doors.
Open Source Code - Favored by many for transparency and collaboration.
Vendor Code Publication - Risks are high when vendor does not publish their code.
Cybersecurity Governance Failures - Lack of resources, systematic planning, and
understanding of the company's business.
Company-wide Engagement - Ensure all departments, like marketing and PR,
prioritize cybersecurity.
Essential Practices for Board of Directors - Place infosec on the board's agenda,
identify infosec leader, ensure support, and assign infosec to a key committee.
NIST SP 800-53 - Recommends security controls for federal information systems,
categorizes security controls, and provides benefits beyond public agency adoption.
Security Planning - Objective: Improve information system resources, provides
overview of security requirements, delineates responsibilities and expected behavior
of system users.
Entity Relationship Modeling - Data modeling technique introduced by Peter Chan,
used to visualize and design database structure.
Agile Development - Aims to increase speed and allow flexible changes in software
development process. Stated reason: Minimize steps and bureaucracy. Real reason:
Make software cheaper and faster due to global competition.
Security Requirements Analysis Methods - Serve as communication tools among
users, management, and requirements engineers, easier to use for communication
purposes.
Integration of Security into Development - CISO must ensure security integration into
software or system development from outset.
Communication Challenges - Key reason for failure is communication problems
between non-cybersecurity personnel.
Good Cybersecurity Policy - Necessary foundation of organization's information
security.
Cybersecurity Policies - Communicative document, normative document, corporate
level outlines organization's cybersecurity actions, employee level guides employees
on information security, technical level policies are access control model policies.
Bell-LaPadula Model - Formal security model ensuring confidentiality, developed by
David Bell and Leonard LaPadula.
Comprehensive Study Guide
Julius Caesar's Encryption Technique - Developed by Julius Caesar to secure his
communications.
History of Cybersecurity - Started by Donn B. Parker, leading to checklists in the 70s
and IS management books in the 80s.
Definition of Cybersecurity - Confidentiality: Restricting access to sensitive
information. Integrity: Guarding against improper information modification.
Availability: Ensuring timely and reliable access to data and resources.
Salami Attack - Financial attack taking small, undetectable amounts of money.
Denial of Service (DoS) Attack - Floods targeted host until network or site crashes,
denying access to legitimate users.
Virus - Infects other programs by modifying them to include a version of itself.
Malware - Malicious software.
Law Enforcement and Spam - Law enforcement focuses on spam resulting in
financial losses or breaches to national security or privacy.
Social Link Farming - Creating online profiles with artificial followers, potentially for
accessing information or systems through employees.
Cybercrime Trends - Increasing in frequency.
Wardriving - Identifies vulnerable Wi-Fi networks or exploits free internet access.
Ransomware - Extortion: Threatens to release sensitive information if ransom not
paid. Encryption: Blocks access to critical information until ransom paid. Double
Extortion: Threatens to auction victim's data in criminal markets.
Online Romance Fraud - Not a significant money-making market.
Hack for Hire - Outsourcing risky activities to avoid detection or legal penalties.
Data Brokers - Sell aggregated information for private details. Can buy data from the
US military.
HTTPS - Encrypts connection, but does not prevent malware, spying, or site
identification.
Algorithm Publication - Widely accepted for transparency and testing.
, Cryptosystem Vulnerabilities - Brute force attacks ineffective; focus on coding errors
or back doors.
Open Source Code - Favored by many for transparency and collaboration.
Vendor Code Publication - Risks are high when vendor does not publish their code.
Cybersecurity Governance Failures - Lack of resources, systematic planning, and
understanding of the company's business.
Company-wide Engagement - Ensure all departments, like marketing and PR,
prioritize cybersecurity.
Essential Practices for Board of Directors - Place infosec on the board's agenda,
identify infosec leader, ensure support, and assign infosec to a key committee.
NIST SP 800-53 - Recommends security controls for federal information systems,
categorizes security controls, and provides benefits beyond public agency adoption.
Security Planning - Objective: Improve information system resources, provides
overview of security requirements, delineates responsibilities and expected behavior
of system users.
Entity Relationship Modeling - Data modeling technique introduced by Peter Chan,
used to visualize and design database structure.
Agile Development - Aims to increase speed and allow flexible changes in software
development process. Stated reason: Minimize steps and bureaucracy. Real reason:
Make software cheaper and faster due to global competition.
Security Requirements Analysis Methods - Serve as communication tools among
users, management, and requirements engineers, easier to use for communication
purposes.
Integration of Security into Development - CISO must ensure security integration into
software or system development from outset.
Communication Challenges - Key reason for failure is communication problems
between non-cybersecurity personnel.
Good Cybersecurity Policy - Necessary foundation of organization's information
security.
Cybersecurity Policies - Communicative document, normative document, corporate
level outlines organization's cybersecurity actions, employee level guides employees
on information security, technical level policies are access control model policies.
Bell-LaPadula Model - Formal security model ensuring confidentiality, developed by
David Bell and Leonard LaPadula.
