Chapter 4
Privilege escalation
A network intrusion attack that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications
What is a small file deposited on a hard drive by a website containing information about customers and their web activities?
Cookie
Workplace MIS monitoring tracks employees' activities. Organizations that are planning to engage in employee monitoring should have an employee monitoring policy. Which of the following is NOT one of the stipulations identified in the text that organizations should following when creating an employee monitoring policy?
Don't expressly communicate when and what will be monitored (as this will allow employees to work around the monitoring system).
Back-hat hackers
Hackers that break into other people's computers systems with the intention of snooping without theft, snooping with theft, or destroying information
White-hat hackers
Hackers that work at the request of the system owners to find system vulnerability and plug the holes
Firewall
Hardware and/or software that guards a private network by analyzing the information leaving and entering the network
Which trademarks apply to services?
Service Mark
Cost of downtime
financial performance, revenue, damaged reputation, other expenses
Single-factor authentication
the traditional security process, which requires a username and password
Content Filtering occurs when an organization:
uses software that filters content to prevent the transmission of unauthorized information.
Information governance
A method or system of government for information management and control
What are the 2 technologies used to prevent identity theft?
Authentication and Authorization
In terms of information security, the first line of defense is people. The second line of defense is technology. According to the textbook, this "second line" compromises three areas of information security. Which of the following IS one of these three primary information security areas?
Authentication and authorization
Which trademarks protect general phrases?
Unregistered Trademarks
When is the best time to schedule planned downtime?
Uptime is money
Pretexting
A form of social engineering in which one individual lies to obtain confidential data about another individual
Internet Censorship
A government attempts to control Internet traffic, thus preventing some material from being viewed by its citizens
Zombie
A program that secretly takes over another computer for the purpose of launching attacks on other computers
Spyware
A special class of adware that collects data about the user and transmits it over the internet without the user's knowledge or permission
Phishing
A technique to gain personal information for the purpose of identity theft, usually by means of fraudulent email
Which of the following policies states that users agree to follow it in order to be given access to corporate email, information systems, and the internet?
Acceptable use policy
Information property
An ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged
Any unexpected downtime in today's business environment has the potential to cause both short- and long-term costs with far-reaching consequences. Which of the following is NOT one of the costs of downtime identified in the textbook?
Artificially inflated ROI
Cybervandalism
Electronic defacing of an existing website
Informed Consent
Ensures all users are informed of the rules and, by agreeing to use the system on that basis, consent to abide by the rules
EPolicies are policies and procedures that address information management along with the ethical use of computers and the Internet in the business environment. Which of the following ePolicies is NOT identified in the textbook as one that organizations should implement to protect themselves?
Equal Access Policy
Hackers
Experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenges
Employee monitoring policy
Explicitly state how, when, and where the company monitors its employees
Information ethics
Governs the ethical and moral issues arising from the development and a use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself
What governs the ethical and moral issues arising from the development and use of information technologies as well as the creation, collection, duplication, distribution, and processing of information itself (with or without the aid of computer technologies)?
Information Ethics
_______ is an ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged.
Information Property
Intellectual Property
Intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents
Acting ethically and acting legally are not always the same thing. The goal of businesses is to carry out actions that are both legal and ethical. How would you classify a situation in which a company uses child labors (who suffer miserable working conditions) in foreign countries that allow such practices?
Legal, but Unethical
What are the 2 primary lines of defense for information security?
People and Technology
ePolicies
Policies and procedures that address information management along with the ethical use of computers and the internet in the business environment
What is the right not to be observed without your consent?
Privacy
Which trademarks do you apply for?
Registered Trademarks
Acceptable Use Policy (AUP)
Requires a user to agree to follow it to be provided access to corporate email, information systems, and the internet
Two-factor authentication
Requires the user to provide two means of authentication
Multi-factor authentication
Requires the user to provide two or more means of authentication
Pharming
Reroutes requests for legitimate websites to false websites
Encryption
Scrambles information into an alternative form that requires a key or password to decrypt
Adware
Software that, while purporting to serve some useful function (and often fulfilling that function) also allows internet advertisers to display advertisements without the consent of the user
Worm
Software written to spread itself only from file to file, but also from computer to computer
Virus
Software written with malicious intent to cause annoyance or damage
What are the 3 methods of authentication and authorization?
Something the user knows Something the user has Something that is part of the user
Click-fraud
The abuse of pay-per-click revenue models by repeatedly clicking on a link to increase charges or costs for the advertiser
What is click-fraud?
The abuse of pay-per-click, pay-per-call, and pay-per conversion revenue models by repeatedly clicking on a link to increase charges or costs for the advertiser.
Confidentiality
The assurance that messages and information are available only to those who are authorized to view them
Identity Theft
The forging of someone's identity for the purpose of fraud
Copyright
The legal protection afforded an expression of an idea, such as a song, video game, and some types of proprietary documents
Ethics
The principles and standards that guide our behavior toward other people
Information Security
The protection of information from accidental or intentional misuse by persons inside or outside an organization
Privacy
The right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent
Downtime
Time when a system is unavailable
Which of the following is NOT included in the textbooks discussion of information security threats within the area of authentication and authorization?
Viking attack
What is the primary difference between difference between worms and viruses?
Viruses must attach to something (e.g., an .exe file) in order to spread, whereas worms do not
Patent
an exclusive right to make, use, and sell an invention and is granted by a government to the inventor
Nonrepudiation is a specific contractual stipulation to ensure that eBusiness participants:
do not deny their online actions.
