Securing Information Systems Quiz

Information systems are considered vulnerable primarily because they store sensitive data, such as personal information, financial records, and proprietary business information. This data is attractive to cybercriminals, who may exploit vulnerabilities to gain unauthorized access. If such systems are compromised, the consequences can include identity theft, financial loss, and damage to an organization's reputation. Therefore, the presence of sensitive data increases the risk of attacks and necessitates robust security measures to protect the information from breaches.

War driving is a technique used by attackers to locate unsecured or poorly secured Wi-Fi networks by driving around with a device that scans for wireless signals. This method involves using software to map out the locations of these networks, allowing attackers to identify vulnerabilities, such as weak passwords or outdated security protocols. By gathering this information, they can exploit the networks for unauthorized access or other malicious activities.

A worm is a type of malware that can replicate itself and spread independently across networks without needing to attach itself to a host file, unlike viruses that require user action to propagate. Worms exploit vulnerabilities in network protocols or software to infect other systems, allowing them to spread rapidly and often causing significant damage or disruption. This autonomous behavior distinguishes worms from other types of malware, such as Trojans and ransomware, which typically rely on user interaction or specific conditions to spread.

A firewall acts as a security barrier between a trusted internal network and untrusted external networks. One of its key functions is to check credentials, which involves verifying the identity of users and devices attempting to access the network. This process helps to ensure that only authorized individuals can enter the network, preventing unauthorized access and potential threats. By validating credentials, firewalls contribute to the overall security posture of the network, protecting sensitive information from cyber threats.

Two-factor authentication (2FA) enhances security by requiring users to provide two distinct forms of identification before accessing an account. This typically involves something the user knows (like a password) and something the user has (such as a mobile device or security token). By implementing this dual verification process, 2FA significantly reduces the risk of unauthorized access, as even if a password is compromised, the attacker would still need the second factor to gain entry. This layered approach strengthens overall security and helps protect sensitive information.

A zero-day vulnerability refers to a security flaw in software that is unknown to the developers or the software maker at the time it is discovered. This lack of awareness means that there are no patches or fixes available to address the vulnerability, making it particularly dangerous. Cybercriminals can exploit these vulnerabilities to gain unauthorized access or cause damage before the software maker can respond. The term "zero-day" signifies that the developers have had zero days to address the issue since its discovery.

Firewall is not a type of malware; rather, it is a security tool designed to protect networks by monitoring and controlling incoming and outgoing traffic based on predetermined security rules. In contrast, worms, Trojan horses, and ransomware are all malicious software designed to harm, exploit, or compromise systems and data. Firewalls serve as a defense mechanism against such malware, making them fundamentally different in purpose and function.

Ransomware primarily aims to encrypt a victim's files, rendering them inaccessible. The attackers then demand a ransom payment in exchange for the decryption key, effectively holding the victim's data hostage. This financial motivation drives the ransomware model, as criminals seek to profit from the urgency and desperation of individuals or organizations needing access to their important files. While data theft and spreading across networks can occur, the core objective remains the extortion of money through file locking.

Social engineering involves manipulating individuals into divulging confidential information by exploiting psychological factors rather than technical hacking methods. This can include tactics like impersonation, phishing, or pretexting, where the attacker creates a false sense of trust or urgency. Unlike traditional hacking, which relies on exploiting software vulnerabilities, social engineering focuses on human behavior, making it a potent threat to information security.

Expected annual loss (EAL) quantifies the average loss expected over a year due to risks. It is calculated by multiplying the probability of an event occurring by the potential loss associated with that event. This formula captures both the likelihood of risk and its financial impact, providing a clear measure for risk assessment and management. By using multiplication, the EAL reflects the combined effect of these two factors, allowing organizations to prepare adequately for potential losses.

Biometrics is considered a physical control because it involves the use of unique physical characteristics, such as fingerprints or facial recognition, to grant access to secure areas or systems. Unlike firewalls, which are software-based security measures, or access policies that define rules, biometrics directly relies on tangible human traits, making it a physical method of authentication. This enhances security by ensuring that only authorized individuals can access sensitive locations or information, thereby providing a layer of protection against unauthorized access.

Phishing and pharming are both cyber threats but operate differently. Phishing typically involves deceptive emails that trick users into providing sensitive information by directing them to fraudulent websites. In contrast, pharming manipulates the user's browser to redirect them to malicious sites without their knowledge, often exploiting vulnerabilities in the system. This distinction highlights phishing's reliance on social engineering tactics, while pharming focuses on technical manipulation to compromise user security.