MIS Chapter 4 (PART 2) Review
Privilege
A collection of related computer system operations that can be performed by users of the system
Nonrepudiation
A contractual stipulation to ensure that e-business participants do not deny their online actions
Hot site
A fully configured computer facility, with all services, communications links, and physical plant operations
Password
A private combination of characters that only the user should know
Virtual private network (VPN)
A private network that uses a public network to connect (usually the Internet) to connect users
Blacklisting
A process in which a company allows all software to run unless it is on a blacklist
Whitelisting
A process in which a company identifies the software that it will allow to run and does not try to recognize malware
Passphrase
A series of characters that is longer than a password but can be memorized easily
Anti-malware systems
Also called antivirus software, these are software packages that attempt to identify and eliminate viruses, worms, and other malicious software; a reactive solution to a problem
Something the user is
Also known as biometrics, these access controls examine a user's innate physical characteristics (4 words)
Information privacy policy
An Information security policy that contains general principles regarding information policy
Ethical computer use policy
An Information security policy that contains general principles to guide computer user behavior; ensures all know the rules and consent to the guidelines
Email privacy policy
An Information security policy that explains the extent to which e-mail messages may be read by others
Employee monitoring policy
An Information security policy that explicitly states how,when, and where the company can monitor employees
Social media policy
An Information security policy that outlines the corporate guidelines or principles governing employee online communications
Acceptable use policy (AUP)
An Information security policy that requires a user to agree to follow it to be provided access to corporate e-mail, IS, and the Internet
Information technology monitoring
An Information security policy tracking people's activities by such measures as number of keystrokes, error rate, and number of transactions processed
Internal audit
An audit performed by corporate internal auditors
Digital certificate
An electronic document attached to a file certifying if the file is from the organization that it claims to be from and has not been modified from its original format
with the computer
Auditing __________ means using a combination of client data, auditor software and client and auditor hardware
around the computer
Auditing ____________ means verifying processing by checking for known outputs or specific inputs (3 words)
through the computer
Auditing ______________ means inputs, outputs, and processing are checked (3 words)
Internet use policy
Contains general principles to guide the proper use of the Internet
Tunneling
Encrypts each data packet that is sent and places each encrypted packet inside another packet
software
In a basic home firewall, the fire wall is implemented as _______. (1 word)
Information systems auditing
Independent or unbiased observers tasked to ensure that information systems work properly
Least Privilege
Is an ideal principle tat users be granted the privilege for some activity only if there is a justifiable need to grant this authorization
Authentication
Major objective of this is proof of identity
Secure Socket Layer (SSL)
Now called transport layer security (TLS), is an encryption standard used for secure transactions such as credit card purchases and online banking
Authorization
Permission issued to individuals and groups to do certain activities with information resources, based on verified identity
Encryption
Process of converting an original into a form that can not be read by anyone except the intended receiver
Warm site
Provides many of the same services and options of the hot site, but it typically does not include the actual applications the company runs
Cold sites
Provides only rudimentary services and facilities
External audit
Reviews internal audits as well as the inputs, processing, and outputs of information systems
Firewalls
Systems that enforce the access control policy between two networks
Employee monitoring systems
Systems that monitor employee's computers, e-mail activities, and Internet surfing
Audit
The examination of information systems their inputs, outputs, and processing
Something the user knows
These access controls include passwords and passphrases (4 words)
Something the user has
These access controls include regular ID cards, smart cards, and tokens (4 words)
Something the user does
These access controls include voice and signature recognition (4 words)
Certificate authorities
Trusted intermediaries between two organizations who issue digital certificates
Public-key encryption
Uses two different keys 1.) Public Key: anyone can access---> encrypts message 2.) Private Key: keeps it secret -----> decrypts message
Organizational firewalls
______ have 3 components (2 words) 1.) External firewall 2.) Demilitarized zone 3.) Internal firewall
