Ch02
Chapter 2: Security of Technical Systems in Organizations: An Introduction
1. True or false?
a. Perpetrators of information systems typically stick to the easiest, simplest means to attack.
b. Principle of easiest penetration suggests that security is impossible because strengthening one weakness might make another more attractive to perpetrators.
c. Modification vulnerability occurs when data is changed.
d. Destruction vulnerability occurs when the hardware, software, or the data is destroyed.
e. Disclosure of data takes place when data is made available to all employees of a firm.
f. Copying of programs, data, or other confidential information can be the results of interception.
g. Interruption occurs when a computer system becomes unavailable for legitimate users.
h. A counterfeit record added to a database is an example of fabrication.
i. Hardware can get destroyed when natural disaster and terrorist arise.
j. More people are involved in hardware protection than in software protection.
k. Value of data is time sensitive.
l. Valuable data should be protected at all cost.
m. Access controls act as means to protect confidentiality of data.
n. Confidentiality loss occurs only after direct disclosure of data.
o. The need to know principle is to ensure confidentiality.
p. The need to know principle works better in business environment than in military environment.
q. The requirement of integrity suggests that all data is present and accounted for, irrespective of it being accurate or correct.
r. Availability attacks are usually the most difficult to detect.
s. Authentication assures that a message is from a real person.
t. Digital signatures can be used to prevent non repudiation.
u. Encrypted messages are unintelligible to unauthorized observers.
v. When design software controls, security controls are always the most important.
w. Simple physical controls, such as ensuring locks on doors, guards at entry doors no longer work in today’s information technology
1. True or false?
a. Perpetrators of information systems typically stick to the easiest, simplest means to attack.
b. Principle of easiest penetration suggests that security is impossible because strengthening one weakness might make another more attractive to perpetrators.
c. Modification vulnerability occurs when data is changed.
d. Destruction vulnerability occurs when the hardware, software, or the data is destroyed.
e. Disclosure of data takes place when data is made available to all employees of a firm.
f. Copying of programs, data, or other confidential information can be the results of interception.
g. Interruption occurs when a computer system becomes unavailable for legitimate users.
h. A counterfeit record added to a database is an example of fabrication.
i. Hardware can get destroyed when natural disaster and terrorist arise.
j. More people are involved in hardware protection than in software protection.
k. Value of data is time sensitive.
l. Valuable data should be protected at all cost.
m. Access controls act as means to protect confidentiality of data.
n. Confidentiality loss occurs only after direct disclosure of data.
o. The need to know principle is to ensure confidentiality.
p. The need to know principle works better in business environment than in military environment.
q. The requirement of integrity suggests that all data is present and accounted for, irrespective of it being accurate or correct.
r. Availability attacks are usually the most difficult to detect.
s. Authentication assures that a message is from a real person.
t. Digital signatures can be used to prevent non repudiation.
u. Encrypted messages are unintelligible to unauthorized observers.
v. When design software controls, security controls are always the most important.
w. Simple physical controls, such as ensuring locks on doors, guards at entry doors no longer work in today’s information technology