Chapter 2 Review Question Essay

1765 Words Feb 16th, 2014 8 Pages
chapter 2

1. Why is information security a management problem? What can management do that Technology cannot?
Management is an information problem due to the fact that policymaking and training of securing systems from users fall into the responsibility of their role. These responsibilities can include limiting access as well as disabling certain functions that are not related to the organizations’ function. Management can set policies that may arise due to improper uses or manipulations of systems and asses the threats that are unknown due to the introduction of new hardware and software. 2. Why is data the most important asset an organization possesses? What other assets in the organization require protection?
The
…show more content…
5. What is information extortion? Describe how such an attack can cause losses, using an example not found in the text.
Information extortion happens when an insider or outsider gain information about an organization and demands some form of compensation in exchange for the information. An example could be something like a person creating a code to obtain information of how to enter a restricted part of the network and having the ability to mask their identity and hide within the system. Using that info, a person could sell the company an intrusion /detection or firewall software in exchange for the codes.

6. Why do employees constitute one of the greatest threats to information security?
The employees are considered the greatest threats due to the daily interaction of the company’s data. The employee can also forget to log off, send the data to people in email attachment to either inside or outside the company as well as someone actually passing along passwords to access to the system. 7. What measures can individuals take to protect against shoulder surfing?
A measure to take would be to install a screen filter to distort the view of the monitor as well as being aware of your surrounding when entering certain information such as passwords. 8. How