Front | Back |
1)
What is intellectual property, copyright, fair use?
|
a)
Intellectual property: intangible creative work that is
embodied in physical form.
b)
Copyright: the legal protection afforded an expression
of an idea, such as a song, video game, and some types of proprietary
documents.
c)
Fair use doctrine: In certain situations, it is legal
to use copyrighted material.
|
1)
What is an acceptable use policy, an e-mail privacy
policy, internet use policy, anti-spam policy?
What sort of provisions are each likely to contain?
|
a)
An acceptable use policy is a policy that a user must
agree to follow in order to be provided access to a network or to the
Internet.
b)
An e-mail privacy policy details the extent to which
e-mail messages may be read by others.
c)
An Internet use policy contains general principles to
guide the proper use of the Internet.
d)
An anti-spam policy simply states that e-mail users
will not send unsolicited e-mails (or spam).
|
1)
What level of privacy is guaranteed to email users by
law?
|
-None. The
organization that owns the e-mail system can operate the system as openly or as
privately as it wishes.
|
1)
What sort of practical/ethical problems does the
presence of an email privacy policy help mitigate?
|
-It gives e-mail users fair warning that any information
sent/received is subject to being read by others.
|
1)
What are the business risks associated with workplace
monitoring (risks/costs associated with doing it and with not doing it)?
|
a)
Employee absenteeism is on the rise, almost doubling in
2004 to 21%. The lesson here might be
that more employees are missing work to take care of personal business. Perhaps losing a few minutes here or there—or
even a couple of hours—is cheaper than losing entire days
b)
Studies indicate that electronic monitoring results in
lower job satisfaction, in part because people begin to believe the quantity f
their work is more important than the quality.
c)
Electronic monitoring also induces what psychologists
call “psychological reactance”: the tendency to rebel against constraints. If you tell your employees they cannot shop,
they cannot use corporate networks for personal business, and they cannot make
personal phone calls, then their desire to do all these things will likely
increase.
|
1)
What is the goal of formulating an employee monitoring
policy?
|
-to increase productivity and efficiency at the workplace
|
1)
Is information security primarily a people problem or a
technology problem?
|
-Primarily it’s a people problem
|
1)
What is social engineering and how is it related to
security?
|
-Social engineering is using one’s social skills to trick
people into revealing access credentials or other information valuable to the
attacker. Dumpster diving, or looking
through people’s trash, is another way social engineering hackers obtain
information
|
1)
What is the difference between an information security
policy and an information security plan?
|
-Information security policies identify the rules required
to maintain information security.
-An information security plan details how an organization
will implement the information security policies.
|
1)
Why does effective security require buy-in from top
management and the Board of Directors?
|
-38% of respondents indicated security incidents originated
within the enterprise. Insiders are
legitimate users who purposely or accidentally misuse their access to the
environment and cause some kind of business-affecting incident. Most information security breaches result
from people misusing an organization’s information either advertently or
inadvertently.
|
1)
What, in the context of security, is authentication?
|
-Authentication is a method for confirming users’
identities. Once a system determines the
authentication of a user, it can then determine the access privileges (or
authorization) for that user.
|
1)
How does authentication differ from authorization?
|
-Authorization is the process of giving someone permission
to do or have something. In
multiple-user computer systems, user access or authorization determines such things
as file access, hours of access, and amount of allocated storage. Authentication and authorization techniques
are broken down into three categories, and the most secure type involves a
combination of all three:
a)
Something the user knows such as a user ID and
password.
b)
Something the user has such as a smart card or token.
c)
Something that is part of the user such as a
fingerprint or voice signature.
|
1)
What, in the context of security, is prevention and
resistance?
|
-Prevention and resistance technologies stop intruders from
accessing intellectual capital.
|
1)
What, in the context of security, is detection and
response?
|
-If prevention and resistance strategies fail and there is a
security breach, an organization can use detection and response technologies to
mitigate the damage. The most common
type of defense within detection and response technologies is antivirus
software.
|
1)
What is content filtering and how is it used for
security? How is this different from its
use in spam-filtering?
|
a)
Content filtering occurs when organizations use
software that filters content to prevent the transmission of unauthorized
information.
b)
Spam-filtering is solely the filtering of emails.
|