Information Security Session 2 Assessment

Trojan horses are a type of malicious software that deceive users by disguising their true purpose. They appear harmless or useful, but once activated, they reveal their true behavior, which is usually harmful or malicious. This is why they are called "Trojan horses," as they mimic the concept of the Greek myth where a wooden horse appeared harmless but contained hidden soldiers inside. Therefore, the statement that Trojan horses hide their true purpose and only reveal their designed behavior when activated is true.

A phreaker is indeed someone who hacks into the public telephone network to either make free calls or disrupt services. This term originated in the 1970s and was used to describe individuals who exploited vulnerabilities in the phone system to bypass charges or cause disruptions. Phreaking is considered a form of hacking and is illegal in many jurisdictions.

Change control is a process used by developers to manage and track changes made to a system. It ensures that any modifications or updates to the system align with the original intentions of the developers. By implementing change control, developers can maintain the integrity and quality of the working system delivered to users. Therefore, the statement that developers use change control to ensure that the working system represents their intent is true.

Both general management and information technology management are responsible for implementing information security because effective information security requires a combination of managerial and technical controls. General management is responsible for setting policies, procedures, and guidelines to ensure that information security is prioritized and integrated into the overall business strategy. Information technology management, on the other hand, is responsible for implementing and maintaining the technical controls necessary to protect the organization's information assets. Therefore, both management functions play a crucial role in ensuring the security of information within an organization.

A vulnerability refers to a weakness in a controlled system where either controls are not present or they have become ineffective. This means that there is a potential for exploitation or breach of security in the system. It is important to identify and address vulnerabilities in order to maintain the integrity and security of the controlled system.

The primary mission of an information security program is indeed to ensure that systems and their contents remain the same. Information security programs are designed to protect the integrity, confidentiality, and availability of information and systems. By implementing various security measures such as access controls, encryption, and monitoring, these programs aim to prevent unauthorized access, alteration, or destruction of data. Therefore, the statement is true.

A denial-of-service attack occurs when an attacker floods a target system with a large volume of connection or information requests, overwhelming the system's resources and preventing it from responding to legitimate requests for service. This can effectively disrupt the availability of the targeted system, denying access to legitimate users.

A deliberate act of theft refers to the intentional and unlawful taking of someone's property or information without their permission. Equipment failure, piracy or copyright infringement may involve unauthorized use or access, but they do not necessarily involve the deliberate act of theft. On the other hand, illegal confiscation of equipment or information specifically implies the intentional and unlawful seizure or taking of someone's property or information, making it the correct answer in this context.

When information gatherers employ techniques that cross the threshold of what is legal or ethical, they are conducting industrial espionage. This term refers to the practice of gathering confidential information or trade secrets from a competitor or rival company through illegal or unethical means. It involves activities such as hacking, bribery, or theft of proprietary information, with the intention of gaining a competitive advantage. This practice is illegal and unethical because it violates privacy laws and undermines fair competition in the business world.

This statement is false because information security is not solely dependent on technology. While technology plays a crucial role in implementing security measures, effective information security also requires proper management and organizational practices. This includes creating policies and procedures, conducting risk assessments, training employees, and enforcing security protocols. Without the involvement of management and the implementation of appropriate practices, technology alone cannot ensure information security.

A brownout is not just a temporary drop in power voltage, but rather a sustained decrease in voltage that can cause serious damage to electrical systems. This can lead to overheating of appliances, damage to sensitive electronic devices, and even electrical fires. Therefore, the statement that no serious damage can come to electrical systems during a brownout is false.