Professional Documents
Culture Documents
AIS Chapter2
AIS Chapter2
8.The perception of a hacker has evolved from being a male, age 13-18, with limited
parental
supervision who spends all his free time at the computer to the current profile
of being male or
female, aged 12-60, with varying technical skill who could be internal or
external to an
organization.
9.An expert hacker is one who develops software scripts and codes to exploit
unknown
vulnerabilities. An expert hacker is a master of several programming languages,
networking
protocols, and operating systems. An unskilled hacker is one who uses scripts and
code
developed by skilled hackers. They rarely create or write their own hacks, and are
unskilled in
programming languages, networking protocols, and operating systems. Protecting
against
expert hackers is difficult because they use newly developed attack code not yet
detectable by
anti-virus programs. Protecting against unskilled hackers is easier because they
use hacking
codes that are publicly available and can be thwarted by simply staying up-to-date
on the latest
software patches and being aware of the latest tools being published by expert
hackers.
10.The various types of malware include: viruses, worms, Trojan horses, logic
bombs, and back
doors. Worms differ from viruses in that they do not require a program environment
to replicate
itself. Trojan horses can disguise both viruses and/or worms as a non-threatening
piece of
software to get it into a computer network.
12.The most common form of violation of intellectual property involves the unlawful
use or
duplication of software-based intellectual property, or software piracy. Some ways
that an
organization can protect against it are digital watermarks, embedded code,
copyright codes, and
requiring an online registration to be able to use all of the software features.
There are two organizations that investigate software piracy , the Software and
Information
Industry Association (SIIA) and the Business Software Alliance (BSA).
13.Force majeure refers to forces of nature, or acts of God, that people do not
have control over.
Some examples of force majeure include fires, floods, earthquakes, lightning
strikes, landslides,
tornados, windstorms, hurricanes, tsunamis, electrostatic discharge, and dust
contamination.
The greatest concern for an organization in Las Vegas might be dust contamination,
in Oklahoma
City tornados, in Miami hurricanes, and in Los Angeles earthquakes.
15.The intellectual property owned by an organization does have value. The weight
of the value
depends on the type and popularity of the intellectual property. Attackers can
threaten that
value because they can gain access to that data and make the property public so
that the
organization does not have exclusive use of the intellectual property anymore.
16.The types of password attacks are password cracks, brute force and dictionary
attacks. To
protect against password attacks, security administrators can implement controls
that limit the
number of password entry attempts allowed, require the use of numbers and special
characters
in passwords, and restrict the use of passwords that are found in a dictionary.
18.In order for a sniffer attack to succeed, an attacker must gain access to a
network in order to
install the sniffer. An attacker could use social engineering to trick an employee
of an
organization into giving him access to the network.
20.A buffer overflow is an application error that occurs when more data is sent to
a program buffer
than it can handle. These types of errors can be used against a web server by
attaching
malicious code at the end of the extra data allowing the attacker to take over the
server and run
any code that the attacker wants.