3. Which management groups are responsible for implementing information security to
protect the organization’s ability to function?
4. Has the implementation of networking technology created more or less risk for busi-
nesses that use information technology? Why?
5. What is information extortion? Describe how such an attack can cause losses, using an
example not found in the text.
6. Why are employees one of the greatest threats to information security?
7. How can you protect against shoulder surfing?
8. How has the perception of the hacker changed over recent years? What is the profile of
a hacker today?
9. What is the difference between a skilled hacker and an unskilled hacker, other than
skill levels? How does the protection against each differ?
10. What are the various types of malware? How do worms differ from viruses? Do Trojan
horses carry viruses or worms?
11. Why does polymorphism cause greater concern than traditional malware? How does it
affect detection?
12. What is the most common violation of intellectual property? How does an organization
protect against it? What agencies fight it?
13. What are the various forces of nature? Which type might be of greatest concern to an
organization in Las Vegas? Jakarta? Oklahoma City? Amsterdam? Miami? Tokyo?
14. How is technological obsolescence a threat to information security? How can an orga-
nization protect against it?
15. Does the intellectual property owned by an organization usually have value? If so, how
can attackers threaten that value?
16. What are the types of password attacks? What can a systems administrator do to pro-
tect against them?
17. What is the difference between a denial-of-service attack and a distributed denial-
of-service attack? Which is more dangerous? Why?
18. For a sniffer attack to succeed, what must the attacker do? How can an attacker gain
access to a network to use the sniffer system?
19. What methods does a social engineering hacker use to gain information about a user’s
login ID and password? How would this method differ if it targeted an administrator’s
assistant versus a data-entry clerk?
20. What is a buffer overflow, and how is it used against a Web server?
21. How can encryption help protect sensitive information from being accessed by unauthorized individuals? What are some common encryption techniques used in information security?
22. What is phishing, and how can individuals and organizations protect themselves against phishing attacks?
23. What are the potential risks and benefits of allowing employees to use personal devices for work purposes (BYOD)? How can organizations mitigate the security risks associated with BYOD?
24. How do firewalls work to protect a network from unauthorized access? What are some common types of firewalls used in information security?
25. What is a VPN (Virtual Private Network), and how does it enhance security for remote workers or users accessing a company's network from outside the office?
26. What role does incident response play in information security? How should organizations prepare for and respond to security incidents or breaches?
27. What is multi-factor authentication, and why is it considered a more secure method of verifying a user's identity compared to passwords alone?
28. How does security training and awareness programs contribute to an organization's overall security posture? What topics should be included in security training for employees?
29. In what ways can security policies and procedures help ensure a consistent and effective approach to information security within an organization?
30. How do regulatory compliance requirements impact an organization's approach to information security? What are some common regulations that organizations need to comply with in various industries?