Tutorial questions:

1. Many organizations have code of conducts or code of ethics to ensure the operation
of business run smoothly and fair treatments are provide to all the staff working in the
organization. Generally, organizations design their computer system security code of
ethics based on Computer Security Ethics Institute. List all the ten commandments of
the Computer Security Ethics Institute.
 Thou shalt not use a computer to harm other people.
 Thou shalt not interfere with other people's computer work.
 Thou shalt not snoop around in other people's computer files.
 Thou shalt not use a computer to steal.
 Thou shalt not use a computer to bear false witness.
 Thou shalt not copy or use proprietary software for which you have not paid (without
permission).
 Thou shalt not use other people's computer resources without authorization or proper
compensation.
 Thou shalt not appropriate other people's intellectual output.
 Thou shalt think about the social consequences of the program you are writing or the
system you are designing.
 Thou shalt always use a computer in ways that ensure consideration and respect for
your fellow humans.

2. There are organizations that establish codes of conduct or ethics to protect the
information confidentiality, privacy and intellectual property which, based on some of
following non-profit organizations. Provide the function of each organization, which
listed below:
 System Administration, Networking, and Security Institute (SANS)

The SANS Institute was established in 1989 as a cooperative research and

education organization. Its programs now reach more than 165,000 security
professionals around the world. A range of individuals from auditors and network
administrators, to chief information security officers is sharing the lessons they learn
and are jointly finding solutions to the challenges they face. At the heart of SANS are
the many security practitioners in varied global organizations from corporations to
universities working together to help the entire information security community.
 Information Systems Audit and Control Association (ISACA)

ISACA is an international professional association focused on IT governance. On its

IRS filings, it is known as the Information Systems Audit and Control Association,
although ISACA now goes by its acronym only.

 Computer Security Institute (CSI)

The Computer Security Institute (CSI) was a professional membership

organization serving practitioners of information, network, and computer-enabled

1
 physical security, from the level of system administrator to the chief information
security officer.

 Information Systems Security Association (ISSA)

Information Systems Security Association is a not-for-profit, international professional

organization of information security professionals and practitioners. It was founded in
1984, after work on its establishment started in 1982

 Computer Security Division (CSD)

The Cyber Security Division is a division of the Science and Technology Directorate of
the United States Department of Homeland Security.

3. Information security management refers to the requirements or obligations to

effectively initiate, plan, execute, monitor and control information security objectives
and protects organizations from all kinds of potential threats. What are the practical
approaches that align to variety of globally recognized international standards and
framework for assisting organization to effectively and efficiently manage information
security in today’s increasing complexities’ and ever-changing?

Computer Network Security (MCQ)

1. A piece of self-replicating code embedded within another program is called a

a. hack.
b. rogue.
c. Trojan horse.
d. virus.
e. worm.

2. A self-contained program that spreads through a computer network by exploiting

security holes is called a

a. hack.
b. rogue.
c. Trojan horse.
d. virus.
e. worm.

3. A program with a benign capability that conceals another, sinister purpose is called a

a. hack.
b. rogue.
c. Trojan horse.
d. virus.
e. worm.

4. You may find a virus

a. on a hard disk.

2
b. on a thumb drive.
c. on a CD-ROM.
d. in an email attachment.
e. All of the above

5. The Conficker worm is notable because

a. it is Cuba’s first attempt at cyberwarfare.

b. it is the fastest spreading worm of all time.
c. it shut down the White House Web site for three days.
d. computer experts have found it particularly difficult to eradicate.
e. All of the above.

6. The Internet worm was released by

a. John Barlow.
b. Katie Hafner.
c. John Markoff.
d. Robert Morris, Jr.
e. Bruce Sterling.

7. A software program that responds to commands sent by a command-and-control

program located on an external computer is called a

a. bot.
b. spoof.
c. vampire.
d. virus.
e. worm.

8. Manipulating someone within an organization to gain access to confidential

information is called

a. diving.
b. hacking.
c. phreaking.
d. social engineering.
e. trashing.
Social engineering, in the context of information security, refers to psychological manipulation of
people into performing actions or divulging confidential information.

An intentional action designed to prevent legitimate users from making use of a

computer service is called

a. a bombing run.
b. a curtain closer.
c. a denial-of-service attack.
d. an electronic overdose.
e. phreaking.

10. Anonymous is

a. an activist group that promotes the interests of the Recording Industry Association of
America.

3
 b. a loosely organized group of hacktivists that claimed responsibility for a DDoS attack
on Church of Scientology Web sites.
c. the name given to the People’s Liberation Army group that was responsible for more
than 100 intrusions around the world.
d. the name of the group that launched the Stuxnet worm.
e. All of the above except c.

Fill in blanks:

1. denial-of-service (DoS) attack (8)

2. Florida (9)
3. Virus (1)
4. Attachment (2)
5. social engineering (6)
6. worm (3)
7. bot (4)
8. firewall (5)
9. Computer Fraud and Abuse Act (7)

1. A _____is a piece of self-replicating code embedded within another program called

the host.
2. A file accompanying an email message is called an______.
3. A _____is a self-contained program that spreads through a computer network by
exploiting security holes in the computers connected to the network.
4. According to some estimates, 90 percent of spam is distributed through
____networks.
5. A _____is a computer, positioned between a local network and the Internet, that
monitors the packets flowing in and out.
6. The manipulation of a person inside an organization to gain access to confidential
information is called_______.
7. The ________criminalizes a wide variety of hacker-related activities.
8. An intentional action designed to prevent legitimate users from making use of a
computer service is called a______.
9. Vote-counting irregularities in the State of ____in the 2000 U.S. Presidential election
led to more interest in computerized voting systems.