CIS chapter 4
patent
(n.) exclusive rights over an invention; copyright; (v.) to arrange or obtain such rights; (adj.) plain, open to view; copyrighted
Drive-by hacking
A computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network.
Nonrepudiation
A contractual stipulation to ensure that ebusiness participants do not deny their online actions
smart card
A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing
Authentication
A method for confirming users' identities
time bomb
Computer virus that does not cause its damage until a certain date
Decrypt
Decodes information and is the opposite of encrypted.
Hackers
Experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge
employee monitoring policy
Explicitly state how, when, and where the company monitors its employees
intrusion detection software
Features full-time monitoring tools that search for patterns in network traffic to identify intruders
information ethics
Govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself
Firewalls
Hardware and/or software that guards a private network by analyzing the information leaving and entering the network
dumpster diving
Involves digging through trash receptacles to find computer manuals, printouts, or password lists that have been thrown away
social media policy
Outlines the corporate guidelines or principles governing employee online communications
downtime
Refers to a period of time when a system is unavailable
Acceptable Use Policy
Requires a user to agree to follow it to be provided access to corporate email, information systems, and the Internet
Pharming
Reroutes requests for legitimate websites to false websites
anti-spam policy
Simply states that email users will not send unsolicited emails (or spam)
Adware
Software, while purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements without the consent of the computer user.
Information Security
a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization
competitive click-fraud
a computer crime where a competitor or disgruntled employee increases a company's search advertising costs by repeatedly clicking on the advertiser's link
Bug Bounty Program
a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs
digital certificate
a data file that identifies individuals or organizations online and is comparable to a digital signature
Ransomware
a form of malicious software that infects your computer and asks for money
pretexting
a form of social engineering in which one individual lies to obtain confidential data about another individual
Fair Information Practices (FIP)
a general term for a set of standards governing the collection and use of personal data and addressing issues of privacy and accuracy
zombie farm
a group of computers on which a hacker has planted zombie programs
Cracker
a hacker with criminal intent
phishing expedition
a masquerading attack that combines spam with spoofing
information governance
a method or system of government for information management or control
Privilege Escalation
a network intrusion attack that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications
social media manager
a person within the organization who is trusted to monitor, contribute, filter, and guide the social media presence of a company, individual, product, or brand
spear phishing
a phishing expedition in which the emails are carefully designed to target a particular person or organization
vishing (voice phishing)
a phone scam that attempts to defraud people by asking them to call a bogus telephone number to confirm their account information
Typosquatting
a problem that occurs when someone registers purposely misspelled variations of well-known domain names
zombie
a program that secretly takes over another computer for the purpose of launching attacks on other computers
voiceprint
a set of measurable characteristics of a human voice that uniquely identifies an individual
Spyware
a special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission
Phishing
a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent e-mails that look like they came from legitimate sources
Digital rights management
a technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution
Certificate Authority
a trusted third party, such as VeriSign, that validates user identities by means of digital certificates
Bring Your Own Device (BYOD)
allows employees to use their personal mobile devices and computers to access enterprise data and applications
threat
an act or object that poses a danger to assets
Teergrubing
an anti-spamming approach by which the receiving computer launches a return attack against the spammer, sending email messages back to the computer that originated the suspected spam
information property
an ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged
Cyberwar
an organized attempt by a country's military to disrupt or destroy information and communication systems for another country
Personally Identifiable Information (PII)
any data that can be used to identify, locate, or contact an individual
vertical privilege escalation
attackers grant themselves a higher access level such as administrator, allowing the attacker to perform illegal actions such as running unauthorized code or deleting data
horizontal privilege escalation
attackers grant themselves the same access levels they already have but assume the identity of another user
black hat hackers
break into other people's computer systems and may just look around or may steal and destroy information
information privacy policy
contains general principles regarding information privacy
ethical computer use policy
contains general principles to guide computer user behavior
Internet use policy
contains general principles to guide the proper use of the internet
opt out
customer specifically chooses to deny permission of receiving emails
Advanced Encryption Standard (AES)
designed to keep government information secure
information security plan
details how an organization will implement the information security policies
email privacy policy
details the extent to which email messages may be read by others
HIPAA Security Rule
ensures national standards for securing patent data that is stored or transferred electronically
Information Management
examines the organizational resource of information and regulates its definitions, uses, value, and distribution ensuring it has the types of data/information required to function and grow effectively
Script kiddies or script bunnies
find hacking code on the internet and click-and-point their way into systems to cause damage or spread viruses
idnetity theft
forging someones identity for the purpose of fraud
Network behavior analysis
gathers an organizations computer network traffic patterns to identify unusual or suspicions operations
Internet Censorship
government attempts to control internet traffic, thus preventing some material from being viewed by a country's citizens
Social Engineering
hackers use their social skills to trick people into revealing access credentials or other valuable information
Hactivists
have philosophical and political reasons for breaking into systems and will often deface the website as a protest
information security policies
identify the rules required to maintain information security, such as requiring users to log off before leaving for lunch or meetings, never sharing passwords with anyone, and changing passwords every 30 days
Cyber Vigilantes
include individuals that seek notoriety or want to make a social or political point such as wikiLeaks.
Cyber Espionage
includes governments that are after some sort of information about other governments
Sensitive PII
information transmitted with encryption and, when disclosed, results in a breach of an individuals privacy and can potentially cause the individual harm.
nonsensitive PII
information transmitted without encryption and includes information collected from multiple records, phone books, corporate directories, websites,. etc.
intellectual property
intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents
Insiders
legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident
destructive agents
malicious agents designed by spammers and other internet attackers to farm email addresses off websites or deposit spyware on machines
Scareware
malicious computer programs designed to trick a user into buying and downloading unnecessary and potentially dangerous software, such as fake antivirus protection.
content filtering
occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission of unauthorized information
Child Online Protection Act (COPA)
passed to protect minors from accessing inappropriate material on the internet
Epolicies
policies and procedures that address information management along with the ethical use of computers and the internet in the business environment
opt in
receiving emails by choosing to allow permissions to incoming emails
Ediscovery
refers to the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or information inquiry
multifactor authentication
requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification)
two-factor authentication
requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token)
antivirus software
scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware
Encryption
scrambles information into an alternative form that requires a key or password to decrypt
cyberterrorist
seek to cause harm to people or to destroy critical systems or information and use the internet as a weapon of mass destruction
Mail bomb
sends a massive amount of email to a specific person or system that can cause that user's server to stop functioning
Tokens
small electronic devices that change user passwords automatically
Malware
software that is intended to damage or disable computers and computer systems.
counterfit software
software that is made to look like the real thing and sold as such
virus
software written with malicious intent to cause annoyance or damage
worm
spreads itself not only from file to file but also from computer to computer
Physical Security
tangible protection such as alarms, guards, fireproof doors, fences, and vaults
information compliance
the act of conforming, acquiescing, or yielding information
Confientiality
the assurance that messages and information remain available to only those who are allowed to view them
Information secrecy
the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity
Cybervandalism
the electronic defacing of an existing website
Biometrics
the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting
Copyright
the legal protection afforded an expression of an idea, such as a song, book, or video game
Rule 41
the part of united states federal rules of criminal procedure that covers the search and seizure of physical and digital evidence
Astroturfing
the practice of artificially stimulating online conversation and positive reviews about a product, service, or brand
Ethics
the principles of right and wrong that guide our behavior toward other people
click fraud
the process of artificially inflating traffic stats for online advertisements
social media monitoring
the process of monitoring and responding to what is being said about a company, individual, product, or brand
Authorization
the process of providing a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space
privacy
the right of people not to reveal information about themselves
Cryptography
the science that studies encryption, which is the hiding of messages so that only the sender and receiver can read them
website name stealing
the theft of a website's name that occurs when someone, posing as a site's administrator, changes the ownership of the domain name assigned to the website to another website owner
single-factor authentication
the traditional security process, which requires a user name and password
pirated software
the unauthorized use, duplication, distribution, or sale of copyrighted software
sock puppet marketing
the use of a false identity to artificially stimulate a demand for a product, brand or service
Cyberterrorism
the use of computer and networking technologies against persons or property to intimidate or coerce governments, individuals, or any segment of society to attain political, religious, or ideological goals
Cyberbullying
the use of electronic communication to bully a person, typically by sending messages of an intimidating or threatening nature.
workplace MIS monitoring
tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed
spam
unsolicited email
pharming attack
uses a zombie farm, often by an organized crime association, to launch a massive phishing attack
Public Key Encryption
uses two keys: a public key that everyone can have and a private key for only the recipient
white hat hackers
work at the request of the system owners to find system vulnerabilities and plug the holes