Chapter 8 tyk

''' '''

1. Biometric security differs from password security because it can’t be cracked. It uses body parts such as, fingerprints, hands, eye scans or voice scans to unlock.

2. The ethical issues that arise through the use of biometrics is that it is not cheap to buy and can cost tens of thousands of dollars for just the software.

3. The type of information protected by biometric security is highly sensitive information.

4. Some drawbacks of using swipe cards or smart cards are that they can easily be damaged by magnetic fields and if they are stolen they offer very little protection to your stuff.

5. Skimming is when you steal the details from a swipe card.

6. A security token works by having a constantly changing authentication code.

7. Two-factor authentication works by if you lose your security token, which contains the authentication code. You still need to know the username and password for that account.

8. Computer equipment can be protected from power fluctuations by having a surge protector.

9. A fault-tolerant system is a safeguard against system failure. They keep on working when a piece of hardware fails.

10. And organization would have a mirrored machine or server because they copy all saved files so that there are duplicates incase one gets damaged.

11. RAID arrays protect data by spreading fragments of data over several hard drives. So if one fails the remaining drives piece together the missing information.

12. Three common backup devices are, USB’s, CD’s and online backup.

13. Different types of backup media are magnetic media, optical media and solid-state drives.

14. An organization might use a data warehouse because all their data is stored in an off site location where it is safer than in the building.

15. Some drawbacks of using optical devices for backups are that they can get scratched and damaged easily and then you are unable to get the information off them.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">16. Some common methods of surveillance used to protect data are packet sniffers, desktop monitoring programs, log files, closed-circuit television, telephones and audit trails.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">17. Log files can be used to increase the security of data by keeping a track of what is happening on the computers at any given time.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">18. The purpose of an audit trail is to record anything that happens on a computer at a given time.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">19. Computer equipment can be physically protected by locking it up, keeping it in safes, or in specialized secure rooms.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">20. Public key encryption works by being given from your computer to any computer that wants to communicate with it. A message encrypted with your private key can only be decrypted with your public key.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">21. A network policy inside an organization plays the role of allowing employees to access data stored in different location.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">22. Three examples of a good password include: random combinations, at least six characters, and include numbers and letters. These could be 2BEORNOT2B.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">23. Network policies can help users to choose a good password by making people change their passwords at least once a month so that they are harder to guess if they keep on changing.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">24. A firewall would be used to protect data by restricting access to a network from external sources.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">25. Antivirus software works by protecting computers by detecting viruses when a computer turns on.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">26. A procedure can assist with securing data by assisting file management.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">27. An organization would have a file-management policy because they define how an information system should be used.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">28. Forms of technology covered by a communication policy is mobile phones, laptops, fax machines, etc.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">29. A PDF document is a portable document format that is an open standard for document exchange. It is easily shared, printed and doesn’t need to be in the program that created it.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">30. Good file naming conventions include a date stamp, variation and a name. If it does not contain these it is a bad file naming convention.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">31. File naming conventions enhance data security because they ensure that the right operations happen to the correct files.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">32. Sequential file naming is for example. “Newsletter 2011-11 03Oct.doc”. It is a monthly newsletter that is being prepared for November 2011. The revision was saved on the 3rd of October.

<p style="text-align:center">Variation file naming convention is for example “newsletter 2011-11 v3.doc” It is a monthly newsletter. The file is version 3 of the newsletter being prepared for November.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">33. A full backup is when you copy all the files to a backup to a backup device.

<p style="text-align:center">A differential backup is used as well as a full backup but it only copies that files that have been altered since the last full backup.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">34. The information that is entered into a backup log identifies the workstation or system, software used to perform the backup, the number, the type, the storage location of the media, the date, a list of files and folders where its backed up and the type of backup.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">35. The information contained in a restoration log is the workstation or system restored, the date of restoration, a list of files or folders restored, the backup media used and the reason for restoration.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">36. An organization would need a backup strategy incase something happens to their information they have to have a way in which they can get all their data back. Otherwise they could lose a large amount of data and money.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">37. It is important to think through the location of backup files because they have to be backed up in safe location where nothing can happen to the data in case of an emergency or disaster.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">38. The impact that a legacy system would have on a backup strategy is that they run on old databases or old servers/mainframes so it could slow everything down or make it incompatible.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">39. Archiving is moving unused files to an offline storage area and then deleting them after a period of time.

<p style="text-align:center">Backing up is moving them to a location but they will not be deleted as they still get used.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">40. Issues an organization should consider when disposing of files are that they must look through what they are deleting thoroughly before deleting it to make sure that they don’t delete vital information.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">41. Cloud computing works by businesses sharing access to shared resources such as applications and services through the Internet.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">42. Applications that can be accessed via a cloud are email, office automation applications, customer-relationship databases and project-management tools.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">43. An organization might access a cloud by going on a multiple servers where all the data is stored.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">44. The type of organization that would access a community cloud is organizations with similarities want to develop and share infrastructure.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">45. The advantages of a private cloud for a hospital or medical institution are that they can share information without it getting leaked out to the public.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">46. Data would be less secure if backed up in a cloud because you don’t know where that information is going through the cloud and being stored.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">47. The advantages of using a cloud environment to a small business is that they don’t have to pay for all the software for the computers and can have cheaper computers as they don’t have to save data on their hard drives.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">48. Ethical requirements are the principles of right and wrong and their consequences are a result of actions.

<p style="text-align:center">Legal requirements can result in penalties such as fines or a jail sentence.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">49. Ethical responsibilities that employers and employees are that they have to pay staff for their work, provide a suitable workspace, work in the interests of the organization, and provide good quality products and high level of service.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">50. The purpose of the code of conduct is a set of principles and expectations that the companies have to follow so everything is ethical.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">51. Employee monitoring is justified because you are ensuring that employees are doing company work, maintaining target levels of performance, and it saves time and money.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">52. I think that employee monitoring is ethical to a certain point. It is reasonable if you are using it to see if they are doing the correct work but not to just constantly have an eye on them.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">53. A company computer or network use policy is important because it outlines how the company’s computers are allowed or not allowed to be used.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">54. Ethical restrictions that can be applied to accessing the Internet at work are not going on websites that are restricted or going on websites that have nothing to do with the required set work.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">55. A disaster recovery plan is a series of steps that must be followed to restore everything back to normal in case of an emergency or disaster.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">56. The four key parts of a recovery plan are backup method, alternative sites, equipment replacement, roles and responsibilities of personnel and the cost.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">57. A backup plan covers the company’s procedures to follow for using backup files that are being restored to computers.

<p style="text-align:center">An emergency plan shows the steps to take in the even of a natural disaster.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">58. The steps that might be taken during a disaster recovery plan include:

<p style="margin-left:72.0pt; mso-add-space:auto;text-align:center;text-indent:-18.0pt;mso-list:l1 level1 lfo2">A. Store passwords in multiple locations. One in the same building and one in another locations.

<p style="margin-left:72.0pt; mso-add-space:auto;text-align:center;text-indent:-18.0pt;mso-list:l1 level1 lfo2">B. Document the whole recovery process

<p style="margin-left:72.0pt; mso-add-space:auto;text-align:center;text-indent:-18.0pt;mso-list:l1 level1 lfo2">C. Establish an automated system

<p style="margin-left:72.0pt; mso-add-space:auto;text-align:center;text-indent:-18.0pt;mso-list:l1 level1 lfo2">D. Practice the disaster recovery plan at least 4 times a year

<p style="margin-left:72.0pt; mso-add-space:auto;text-align:center;text-indent:-18.0pt;mso-list:l1 level1 lfo2">E. Make sure backups all work

<p style="margin-left:72.0pt; mso-add-space:auto;text-align:center;text-indent:-18.0pt;mso-list:l1 level1 lfo2">F. Build redundancy into your system

<p style="margin-left:72.0pt; mso-add-space:auto;text-align:center;text-indent:-18.0pt;mso-list:l1 level1 lfo2">G. Ensure that you have replacement equipment

<p style="margin-left:72.0pt; mso-add-space:auto;text-align:center;text-indent:-18.0pt;mso-list:l1 level1 lfo2">H. Replace tapes for backups

<p style="margin-left:72.0pt; mso-add-space:auto;text-align:center;text-indent:-18.0pt;mso-list:l1 level1 lfo2">I. Buy the best UPS you can within your price range

<p style="margin-left:72.0pt; mso-add-space:auto;text-align:center;text-indent:-18.0pt;mso-list:l1 level1 lfo2">J. Protect yourself from theft

<p style="margin-left:72.0pt; mso-add-space:auto;text-align:center;text-indent:-18.0pt;mso-list:l1 level1 lfo2">K. Get automatically closing fire doors

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">59. It is important to test your disaster recovery plan because if a disaster happens and it doesn’t work you will lose all your data and information and it could cost you a huge sum of money.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">60. You can evaluate the integrity of data that must be reliable and accurate by evaluating its accuracy, reliability and timeliness.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">61.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">62. The ease of retrieval is an important criterion because it will ensure that everything can be restored when required.

<p style="text-align:center; text-indent:-18.0pt;mso-list:l0 level1 lfo1">63. The currency of files as an effective file-management strategy could be assessed to determine the degree in which the most recent version of the file is available.