MIST FINAL (4-9)

¡Supera tus tareas y exámenes ahora con Quizwiz!

hackers

Experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge

Information Ethics

Govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself

Cybersecurity

Involves prevention, detection, and response to cyber attacks that can have wide-ranging effects on the individual, organizations, community, and at the national level

dumpster diving

Looking through people's trash, another way hackers obtain information.

Information Security

a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization

competitive click-fraud

a computer crime where a competitor or disgruntled employee increases a company's search advertising costs by repeatedly clicking on the advertiser's link

Bug Bounty Program

a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs

Ransomware

a form of malicious software that infects your computer and asks for money

pretexting

a form of social engineering in which one individual lies to obtain confidential data about another individual

Fair Information Practices

a general term for a set of standards governing the collection and use of personal data and addressing issues of privacy and accuracy

zombie farm

a group of computers on which a hacker has planted zombie programs

phishing expedition

a masquerading attack that combines spam with spoofing

Privilege Escalation

a network intrusion attack that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications

social media manager

a person within the organization who is trusted to monitor, contribute, filter, and guide the social media presence of a company, individual, product, or brand

spear phishing

a phishing expedition in which the emails are carefully designed to target a particular person or organization

vishing (voice phishing)

a phone scam that attempts to defraud people by asking them to call a bogus telephone number to confirm their account information

Acceptable Use Policy (AUP)

a policy that a user must agree to follow to be provided access to corporate email, information systems, and the internet

Typosquatting

a problem that occurs when someone registers purposely misspelled variations of well-known domain names

zombie

a program that secretly takes over another computer for the purpose of launching attacks on other computers

voiceprint

a set of measurable characteristics of a human voice that uniquely identifies an individual

spyware

a special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission

Phishing

a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent e-mails that look as though they came from legitimate sources

Digital Rights Management

a technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution

Scareware

a type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software

counter measures

actions, processes, devices, or systems that can prevent, or mitigate the effects of, threats to a computer, server, or network

bring your own device (BYOD) policy

allows employees to use their personal mobile devices and computers to access enterprise data and applications

Right to be forgotten

allows individuals to request to have all content that violates their privacy removed

threat

an act or object that poses a danger to assets

patent

an exclusive right to make, use, and sell an invention and is granted by a government to the inventor

Teergrubing

anti-spamming approach by which the receiving computer launches a return attack against the spammer, sending email messages back to the computer that originated the suspected spam

vertical privilege escalation

attackers grant themselves a higher access level such as administrator, allowing the attacker to perform illegal actions such as running unauthorized code or deleting data

horizontal privilege escalation

attackers grant themselves the same access levels they already have but assume the identity of another user

digital trust

the measure of consumer, partner, and employee confidence in an organization's ability to protect and secure data and the privacy of individuals

rule 41

the part of the United States Federal Rules of Criminal Procedure that covers the search and seizure of physical and digital evidence

click fraud

the practice of artificially inflating traffic statistics for online advertisements

Astroturfing

the practice of artificially stimulating online conversation and positive reviews about a product, service, or brand

ethics

the principles and standards that guide our behavior toward other people

data scraping

the process of extracting large amounts of data from a website and saving it to a spreadsheet or computer

social media monitoring

the process of monitoring and responding to what is being said about a company, individual, product, or brand

authorization

the process of providing a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space

Cryptography

the science that studies encryption, which is the hiding of messages so that only the sender and receiver can read them

website name stealing

the theft of a website's name that occurs when someone, posing as a site's administrator, changes the ownership of the domain name assigned to the website to another website owner

single-factor authentication

the traditional security process, which requires a user name and password

pirated software

the unauthorized use, duplication, distribution, or sale of copyrighted software

sock puppet marketing

the use of a false identity to artificially stimulate demand for a product, brand, or service

workplace MIS monitoring

tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed

spam

unsolicited email

pharming attack

uses a zombie farm, often by an organized crime association, to launch a massive phishing attack

drive-by hacking

A computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network.

Nonrepudiation

A contractual stipulation to ensure that ebusiness participants do not deny their online actions

smart card

A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing

Child Online Protection Act (COPA)

A law that protects minors from accessing inappropriate material on the Internet.

General Data Protection Regulation (GDPR)

A legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU)

Authentication

A method for confirming users' identities

opt in

A user can opt in to receive emails by choosing to allow permissions to incoming emails

time bomb

Computer virus that waits for a specific date before executing instructions

decrypt

Decodes information and is the opposite of encrypted.

social media policy

Outlines the corporate guidelines or principles governing employee online communications

downtime

Refers to a period of time when a system is unavailable

pharming

Reroutes requests for legitimate websites to false websites

anti-spam policy

Simply states that email users will not send unsolicited emails (or spam)

adware

Software, while purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements without the consent of the computer user.

identity theft

The forging of someone's identity for the purpose of fraud

privacy

The right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent

Cyberbullying

Threats, negative remarks, or defamatory comments transmitted via the Internet or posted on a website.

cybersecurity and infrastructure security agency (CISA)

builds the national capacity to defend against cyberattacks and works with the federal government to provide cybersecurity tools, incident response services, and assessment capabilities to safeguard the ".gov" networks that support the essential operations of partner departments and agencies

information privacy policy

contains general principles regarding information privacy

ethical computer use policy

contains general principles to guide computer user behavior

Internet use policy

contains general principles to guide the proper use of the internet

opt out

customer specifically chooses to deny permission of receiving emails

information security plan

details how an organization will implement the information security policies

email privacy policy

details the extent to which email messages may be read by others

Internet Censorship

government attempts to control internet traffic, thus preventing some material from being viewed by a country's citizens

Social Engineering

hackers use their social skills to trick people into revealing access credentials or other valuable information

information security policies

identify the rules required to maintain information security, such as requiring users to log off before leaving for lunch or meetings, never sharing passwords with anyone, and changing passwords every 30 days

intellectual property

intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents

Advanced Encryption Standard (AES)

introduction by NIST, AES is an encryption standard designed to keep government information secure

Insiders

legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident

destructive agents

malicious agents designed by spammers and other internet attackers to farm email addresses off websites or deposit spyware on machines

cyberattacks

malicious attempts to access or damage a computer system

Botnets

malware that causes a collection of connected devices to be controlled by a hacker

content filtering

occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission of unauthorized information

Epolicies

policies and procedures that address information management along with the ethical use of computers and the internet in the business environment

Ediscovery (electronic discovery)

refers to the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or information inquiry

multifactor authentication

requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification)

two-factor authentication

requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token)

Encryption

scrambles information into an alternative form that requires a key or password to decrypt

mail bomb

sends a massive amount of email to a specific person or system that can cause that user's server to stop functioning

tokens

small electronic devices that change user passwords automatically

malware

software that is intended to damage or disable computers and computer systems.

counterfeit software

software that is manufactured to look like the real thing and sold as such

virus

software written with malicious intent to cause annoyance or damage

worm

spreads itself not only from file to file but also from computer to computer

employee monitoring policy

states explicitly how, when, and where the company monitors its employees

Physical Security

tangible protection such as alarms, guards, fireproof doors, fences, and vaults

Confidentiality

the assurance that messages and information are available only to those who are authorized to view them

information secrecy

the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity

Cybervandalism

the electronic defacing of an existing website

biometrics

the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting

Copyright

the legal protection afforded an expression of an idea, such as a song, book, or video game


Conjuntos de estudio relacionados

Which of the following statements about viruses is false?

View Set

BIOS 2320-Microbiology and Infectious Diseases (MasteringMicro Ch. 3)

View Set

Chapter 8: Managing Human Resources

View Set

Chapter 4 - Agency Representation

View Set

Chapter 16: Investing in Preferred Stocks

View Set

DAT Entropy and Enthalpy, DAT Thermodynamics

View Set

Chapter 32: Closing the Transaction

View Set