1. In 2005, Bob Sullivan quoted research figures that showed
that 63 million US citizens were banking online in 2004.
2. An MITB attack is essentially a man-in-the-middle (MITM)
attack, but unlike typical MITM attacks, which usually occur
at the protocol layer, MITB attacks are introduced between the
user and browser.
3. MITB attacks are cheap to carry out; therefore, they are usually
performed by teenagers in their spare time.
4. A preventive measure for online banking interfaces is the bank
sending a confirmation message (e.g., an SMS, email, call) to
the customer describing the transaction.
5. An information risk profile only documents the priority of
information risk that an organization finds acceptable.
6. Enterprise risk management (ERM) is an evolving and
important concept within many organizations and includes
information risk management as one of its functions.
7. An organization’s information risk profile should include
guiding principles, including providing accurate identification
and evaluation of threats, vulnerabilities and their associated
8. Transparency is not at all critical to the success and adoption
of an information risk profile.
9. ISACA’s Risk IT framework defines IT risk as “The business
risk associated with the use, ownership, involvement, influence
and adoption of IT within an enterprise.”
10. A well-developed business impact assessment (BIA) should
reflect how business information is impacted and how time
affects such impact.
11. Information risk management (IRM) came to the attention of
business managers through factors including the convergence
of increasing dependency on information technology in
12. When IBM introduced System 360 in 1967, it became the
largest software project at the time, totaling an estimated 50
million lines of code.
13. Hackers have managed to weaponize the encryption layer,
using it to launch application-level and SSL attacks that can
escape detection and remain hidden until it is too late.
14. According to a report released by a DDoS mitigation service
provider security firm, a 188 percent increase in the total
number of DDoS attacks was seen in the third quarter of
15. DDoS attacks are evolving in a number of ways, including an
increase in frequency and impact.
16. To address issues appropriately in real time, a solid and tested
incident response plan and procedures need to be in place.
Based on Volume 4, 2013—Language of Cybersecurity
Value— 1 Hour of CISA/CISM/CGEIT/CRISC Continuing Professional Education (CPE) Credit
TRUE OR FALSE
Prepared by Kamal Khan, CISA,
CISSP, CITP, MBCS
Take the quiz online: