ISA final exam

¡Supera tus tareas y exámenes ahora con Quizwiz!

Smart card

A credit-card-size plastic card that stores digital information and can be used for electronic payments in place of cash.

Phishing

A form of spoofing involving setting up fake websites or sending email messages that look like those of legitimate businesses to ask users for confidential personal data.

Botnet

A group of computers that have been infected with bot malware without users' knowledge, enabling a hacker to use the amassed resources of the computers to launch distributed denial-of-service attacks, phishing campaigns, or spam.

Patent

A patent grants the owner an exclusive monopoly on the ideas behind an invention for a certain period of time, typically 20 years

Hacker

A person who gains unauthorized access to a computer network for profit, criminal mischief, or personal pleasure.

Trojan horse

A software program that appears legitimate but contains hidden functionality that may cause damage.

Sniffer

A type of eavesdropping program that monitors information traveling over a network.

Slippery slope rule

An action may bring about a small change now that is acceptable, but if it is repeated, it would bring unacceptable changes in the long run

Liability

An amount owed by a business

Trade secret

Any intellectual work product—a formula, device, pattern, or compilation of data—used for a business purpose can be classified as a trade secret, provided that it is not based on information in the public domain.

Ethical no-free-lunch rule

Assume that virtually all tangible and intangible objects are owned by someone else unless there is a specific declaration otherwise. If something someone else has created is useful to you, it has value, and you should assume the creator wants compensation for this work.

SQL injection attack

Attack against a website that takes advantage of vulnerabilities in poorly coded SQL applications to introduce malicious program code into a company's systems and networks.

Unified threat management (UTM)

Comprehensive security management tool that combines multiple security tools, including firewalls, virtual private networks, intrusion detection systems, and web content filtering and anti-spam software

Risk assessment

Determining the potential frequency of the occurrence of a problem and the potential damage if the problem were to occur. Used to determine the cost/benefit of a control.

Golden Rule

Do unto others as you would have them do unto you

Transport Layer Security (TLS)

Enables client and server computers to manage encryption and decryption activities as they communicate with each other during a secure web session; successor to the Secure Sockets Layer (SSL) protocol.

Public key encryption

Encryption using two keys: one shared (or public) and one private.

Immanuel Kant's categorical imperative

If an action is not right for everyone to take, it is not right for anyone

General Data Protection Regulation (GDPR)

It applies to all firms and organizations that collect, store, or process personal information of EU citizens, and these protections apply worldwide regardless of where the processing takes place (European Commission, 2018).

HIPAA

Law outlining medical security and privacy rules and procedures for simplifying the administration of healthcare billing and automating the transfer of healthcare data among healthcare providers, payers, and plans

Sarbanes-Oxley Act

Law that imposes responsibility on companies and their management to protect investors by safeguarding the accuracy and integrity of financial information that is used internally and released externally.

Malware

Malicious software programs are referred to as malware and include a variety of threats such as computer viruses, worms, and Trojan horses

Drive-by download

Malware that comes with a downloaded file that a user unintentionally opens.

Ransomware

Malware that extorts money from users by taking control of their computers, blocking access to files, or displaying annoying pop-up messages.

Opt-out

Model of informed consent permitting the collection of personal information until the consumer specifically requests that the data not be collected.

Opt-in

Model of informed consent prohibiting an organization from collecting any personal information unless the individual specifically takes action to approve information collection and use.

Fair Information Practices (FIP)

Most US and European privacy law is based on a set of principles. FIP is a set of principles governing the collection and use of information about individuals.

Nonobvious relationship awareness (NORA)

NORA can take information about people from many disparate sources, such as "watch" lists, incident and arrest systems, consumer transaction systems, telephone records, and human resources systems, and correlate relationships to find obscure connections that might help identify criminals or terrorists.

General controls

Overall control environment governing the design, security, and use of computer programs and the security of data files in general throughout the organization's information technology infrastructure.

Pharming

Phishing technique that redirects users to a bogus web page even when the users type the correct web page address into their browser.

Security token

Physical device, similar to an identification card, designed to prove the identity of a single user.

Business continuity planning

Planning that focuses on how the company can restore business operations after a disaster strikes.

Security

Policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.

Repetitive stress injury (RSI)

RSI occurs when muscle groups are forced through repetitive actions that are often made with high-impact loads (such as playing tennis) or tens of thousands of repetitions under low-impact loads (such as working at a computer keyboard)

Gramm-Leach-Bliley Act

Requires financial institutions to ensure the security and confidentiality of customer data.

Responsibility

Responsibility means that you accept the potential costs, duties, and obligations for the decisions you make

Password

Secret word or string of characters for authenticating users so that they can access a resource such as a computer system.

HTTPS

Secure version of the HTTP protocol that uses TLS for encryption and authentication.

Anti-malware software

Software designed to detect, and often eliminate, malware from an information system.

Bugs

Software program code defects.

Patches

Software that repairs flaws in programs without disturbing the proper operation of the software.

Application controls

Specific controls unique to each application that ensure that only authorized data are completely and accurately processed by that application.

Security policy

Statements ranking information risks, identifying acceptable security goals, and identifying the mechanisms for achieving these goals.

Utilitarian principle

Take the action that achieves the higher or greater value

Risk aversion principle

Take the action that produces the least harm or the least potential cost

Spyware

Technology that aids in gathering information about a person or organization without their knowledge.

Carpal tunnel syndrome (CTS)

The most common kind of computer-related RSI is carpal tunnel syndrome (CTS), in which pressure on the median nerve through the wrist's bony structure, called a carpal tunnel, produces pain. The pressure is caused by the constant repetition of keystrokes. Symptoms of CTS include numbness, shooting pain, inability to grasp objects, and tingling

Computer forensics

The scientific collection, examination, authentication, preservation, and analysis of electronically stored information (ESI) in such a way that the information can be used as evidence in a court of law.

Identity theft

Theft of key pieces of personal information, such as credit card or social security numbers, to obtain merchandise and services in the name of the victim or to obtain false credentials.

Multi-factor authentication (MFA)

Tools that increase security by validating users via a multistep process.

Online transaction processing

Transaction processing mode in which transactions entered online are immediately processed by the computer.

Spoofing

Tricking or deceiving computer systems or other computer users by hiding one's identity or faking the identity of another user on the Internet

Social engineering

Tricking people into revealing their passwords by pretending to be legitimate users or members of a company in need of information.

Two-factor authentication (2FA)

Validating user identity with two means of identification, one of which is typically a physical token and the other of which is typically data.

Information rights

What information rights do individuals and organizations possess with respect to themselves? What can these rights protect?

Accountability

Who can and will be held accountable and liable for the harm done to individual and collective information and property rights?

Ethics

a concern of humans who have freedom of choice. Ethics is about individual choice: When faced with alternative courses of action, what is the correct moral choice? What are the main features of ethical choice?

Safe harbor

a private self-regulating policy and enforcement mechanism that meets the objectives of government regulators and legislation but does not involve government regulation or enforcement.

Computer virus

a rogue software program that attaches itself to other software programs or data files to be executed, usually without user knowledge or permission. Most computer viruses deliver a payload

Cyberwarfare

a state-sponsored activity designed to cripple and defeat another state or nation by penetrating its computers or networks to cause damage and disruption.

Web beacons

also called a web bug (or simply tracking file), is a tiny image that keeps a record of users' online clickstreams. They report these data back to whoever owns the tracking file, which can be invisibly embedded in an email message or web page to monitor the behavior of the user visiting the website or receiving the email.

Informed consent

an ethical principle that research participants be told enough to enable them to choose whether they wish to participate

Cryptocurrencies

are digital assets that use blockchain technology and cryptography to create a medium of exchange (currency).

Cookies

are one method used to monitor and track online users. When a user visits a website, the website's web server places a small text file (a "cookie") on the user's computer or mobile device. Cookies identify the visitor's web browser software, as well as other information, and track visits to the website

Controls

are the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its records, and operational adherence to management standards.

Evil twins

are wireless networks that pretend to offer trustworthy Wi-Fi connections to the Internet, such as those in airport lounges, hotels, or coffee shops. The bogus network looks identical to a legitimate public network.

Computer crime

can be generally defined as the commission of illegal acts by using a computer or against a computer system

Adware

can secretly install itself on an Internet user's computer by piggybacking on larger applications. Once installed, adware calls out to websites to send ads and other unsolicited material to the user

Fault-tolerant computer systems

contain redundant hardware, software, and power supply components that create an environment that provides continuous, uninterrupted service

Digital certificates

data files used to establish the identity of users and digital assets to protect online transactions.

Digital resiliency

deals with maintaining and increasing the resilience of an organization and its business processes in an all-pervasive digital environment, not just the resilience of the IT function.

Acceptable use policy (AUP)

defines acceptable uses of the firm's information resources and computing equipment, including desktop and laptop computers, mobile devices, telephones, and the Internet.

Disaster recovery planning

devises plans for the restoration of disrupted computing and communications services.

Digital divide

differing access to computing devices and the Internet, based on socioeconomic, geographic, or demographic characteristics

Information systems audit

examines the firm's overall security environment as well as the controls governing individual information systems

Intrusion detection systems (IDS)

feature full-time monitoring tools placed at the most vulnerable points or hot spots of corporate networks to detect and deter intruders continuously. The system generates an alarm if it finds a suspicious or anomalous event.

Denial-of-service attack (DoS attack)

hackers flood a network server or web server with many thousands of false communications or requests for services in order to crash the network

Distributed denial-of-service attack (DDoS attack)

hackers flood a network server or web server with many thousands of false communications or requests for services in order to crash the network. The network receives so many queries that it cannot keep up with them and is thus unavailable to service legitimate requests.

Intrusion prevention systems (IPS)

has all the functionalities of an IDS, with the additional ability to take steps to prevent and block suspicious activities.

Due process

is a related feature of law-governed societies and is a process in which laws are known and understood, and ability exists to appeal to higher authorities to ensure that the laws are applied correctly.

Privacy

is the claim of individuals to be left alone, free from surveillance or interference from other individuals or organizations, including the state.

Encryption

is the process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the intended receiver.

Data breach

occurs whenever an organization loses control over corporate information to outsiders.

Firewalls

prevent unauthorized users from accessing private networks. A firewall is a combination of hardware and software that controls the flow of incoming and outgoing network traffic.

Copyright

protects creators of intellectual property from having their work copied by others for any purpose for a certain period of time, depending on several factors. As a general rule, copyright protection lasts for the life of the author, plus an additional 70 years after the author's death

Digital Millennium Copyright Act (DMCA)

provides some copyright protection. The DMCA implemented a World Intellectual Property Organization Treaty that makes it illegal to circumvent technology-based protections of copyrighted materials

Keyloggers

record every keystroke made on a computer to steal serial numbers for software, to launch Internet attacks, to gain access to email accounts, to obtain passwords to protected computer systems, or to pick up personal information such as credit card or bank account numbers.

Computer vision syndrome (CVS)

refers to any eyestrain condition related to display screen use with desktop computers, laptops, e-readers, smartphones, and handheld video game players. CVS affects about 90 percent of people who spend three hours or more per day using a display screen.

Downtime

refers to periods of time in which a system is not operational.

Intellectual property

refers to products of the mind created by individuals or corporations. Information technology has made it difficult to protect intellectual property because digital information can be so easily copied or distributed

Authentication

refers to the ability to know that people are who they claim to be. Authentication is often established by using passwords known only to authorized users.

Identity and access management (IAM)

software automates the process of keeping track of all these users and their system privileges, assigning each user a unique digital identity for accessing each system.

Computer abuse

the commission of acts involving a computer that may not be illegal but are considered unethical. The popularity of the Internet, email, and mobile devices has turned one form of computer abuse—spamming—into a serious problem for both individuals and businesses

Cybervandalism

the intentional disruption, defacement, or even destruction of a website or corporate information system

Trademarks

the marks, symbols, and images used to distinguish products in the marketplace. Trademark laws protect consumers by ensuring that they receive what they paid for.

Public key infrastructure (PKI)

the use of public key encryption working with a CA, is now widely used in e-commerce.

Profiling

use of computers to combine data from multiple sources and create digital dossiers of detailed information on individuals is called profiling.

Biometric authentication

uses systems that read and interpret individual human traits, such as facial features, fingerprints, irises, and voices, to grant or deny access. Biometric authentication is based on the measurement of a physical or behavioral trait that makes each individual unique

Spam

was junk email that an organization or individual sent to a mass audience who had expressed no interest in the product or service being marketed. Today, spam typically tries to entice users to select malicious links or may market fraudulent deals and services, outright scams, pornography, illegal or counterfeit drugs, or other objectionable products.

Managed security service providers (MSSPs)

which monitor network activity and perform vulnerability testing and intrusion detection.


Conjuntos de estudio relacionados

Anatomy and Physiology Exam 1 (1, 4)

View Set

Biology Chapter 12 - Identifying the Substance of Genes

View Set