MIS311 FINAL EXAM Chapter 4
________ are experts in technology who use their knowledge to break into computers and computer networks, either for profit or motivated by the challenge.
Hackers
_________ have philosophical and political reasons for breaking into systems and will often deface the website as a protest.
Hactivists
___________ are legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident.
Insiders
____________ is intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents.
Intellectual Property
__________ is government attempts to control Internet traffic, thus preventing some material from being viewed by a country's citizens.
Internet censorship
___________ contains general principles to guide the proper use of the Internet.
Internet use policy
_________ is the right to be left alone when you want to be, to have control over your personal possessions, and not to be observed without your consent.
Privacy
READ ALL POLICIES ON THE BOOK
READ ALL POLICIES ON THE BOOK
Examples of Financial Performance(Cost of downtime)
Revenue Recognition Cash Flow Payment Guarantees Credit Rating Stock Price
_________ is the part of the U.S. Federal Rules of Criminal Procedure that covers the search and seizure of physical and digital evidence.
Rule 41
____________ find hacking code on the Internet and click-and-point their way into systems to cause damage or spread viruses.
Script kiddies or Script bunnies
_________ is a program or device that can monitor data traveling over a network. Sniffers can show all the data being transmitted over a network, including passwords and sensitive information. Sniffers tend to be a favorite weapon in the hacker's arsenal.
Sniffer
________________ is hackers use their social skills to trick people into revealing access credentials or other valuable information.
Social engineering
___________ is a person within the organization who is trusted to monitor, contribute, filter, and guide the social media presence of a company, individual, product, or brand.
Social media manager
__________ is the process of monitoring and responding to what is being said about a company, individual, product, or brand.
Social media monitoring
__________ is outlines the corporate guidelines or principles governing employee online communications.
Social media policy
__________ is a phishing expedition in which the emails are carefully designed to target a particular person or organization.
Spear phishing
_____________ consists of forging the return address on an email so that the message appears to come from someone other than the actual sender. This is not a virus but rather a way by which virus authors conceal their identities as they send out viruses.
Spoofing
_________ is a special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission.
Spyware
__________ is anti-spamming approach by which the receiving computer launches a return attack against the spammer, sending email messages back to the computer that originated the suspected spam.
Teergrubing
Examples of Other Expenses(Cost of downtime)
Temporary Employees Equipment Rentals Overtime Costs Extra Shipping Charges Travel Expenses Legal Obligations
______________ is a general term for a set of standards governing the collection and use of personal data and addressing issues of privacy and accuracy.
fair information practices (FIPs)
Three methods of Authentication
1. Something the user knows(user ID, Password) 2. Something the user has(Smart card, token) 3. Something that is part of the user(Fingerprint, Voice Signature)
6 epolicies
1. ethical computer use policy 2. information privacy policy 3. acceptable use policy 4. email privacy policy 5. social media policy 6. workplace monitoring policy
____________ is a policy that a user must agree to follow to be provided access to corporate email, information systems, and the Internet.
Acceptable use policy (AUP)
__________ is a software that, while purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements without the consent of the computer user.
Adware
__________ floods a website with so many requests for service that it slows down or crashes.
Denial-of-service attack (DoS)
__________ is a method for confirming users' identities.
Authentication
___________ is the process of providing a user with permission, including access levels and abilities such as file access, hours of access, and amount of allocated storage space.
Authorization
_________ breaks into other people's computer systems and may just look around or may steal and destroy information.
Black-hat hacker
____________ is a policy allowing employees to use their personal mobile devices and computers to access enterprise data and applications.
Bring your own device (BYOD)
___________ is a law that protects minors from accessing inappropriate material on the Internet.
Child Online Protection Act (COPA)
_____________: Passed to protect minors from accessing inappropriate material on the Internet. Figure 4.5 displays the ethical guidelines for information management.
Child Online Protection Act (COPA)
__________ is the practice of artificially inflating traffic statistics for online advertisements.
Click-fraud
___________ is a computer crime in which a competitor or disgruntled employee increases a company's search advertising costs by repeatedly clicking the advertiser's link.
Competitive click-fraud
______ is the assurance that messages and information remain available only to those authorized to view them.
Confidentiality
_______ is the legal protection afforded an expression of an idea, such as a song, book, or video game.
Copyright
__________ is software that is manufactured to look like the real thing and sold as such.
Counterfeit Software
________ is a hacker with criminal intent.
Cracker
Examples of Damaged Reputation(Cost of downtime)
Customers Supplies Financial Markets Banks Business Partners
__________ is threats, negative remarks, or defamatory comments transmitted via the Internet or posted on a website.
Cyberbullying
__________ seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction.
Cyberterrorists
___________ is the electronic defacement of an existing website.
Cybervandalism
_________ is the process of extracting large amounts of data from a website and saving it to a spreadsheet or computer.
Data scrapping
___________ is a technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution.
Digital Rights Management
___________ is a measure of consumer, partner, and employee confidence in an organization's ability to protect and secure data and the privacy of individuals.
Digital trust
Examples of Revenue(Cost of downtime)
Direct less Compensatory Payments Lost Future Revenue Billing Losses Investment Losses Lost Productivity
____________ targets multiple computers and floods a website with so many requests for service that it slows down or crashes. A common type is the Ping of Death, in which thousands of computers try to access a website at the same time, overloading it and shutting it down.
Distributed denial-of-service attack (DDoS)
________ refers to a period of time when a system is unavailable.
Downtime
_________ is a computer attack by which an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network.
Drive-by hacking
__________ is looking through people's trash; another way hackers obtain information.
Dumpster diving
____________ refers to the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or information inquiry.
Ediscovery (or electronic discovery)
_____________ is a process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system. For example, an attacker might log on to a network by using a guest account and then exploit a weakness in the software that lets the attacker change the guest privileges to administrative privileges.
Elevation of privilege
_____________ is details the extent to which email messages may be read by others.
Email privacy policy
___________ states explicitly how, when, and where the company monitors its employees.
Employee monitoring policy
__________ is policies and procedures that address information management, along with the ethical use of computers and the Internet in the business environment.
Epolicies
__________ contains general principles to guide computer user behavior. For example, it might explicitly state that users should refrain from playing computer games during working hours.
Ethical computer use policy
________ is the principles and standards that guide our behavior toward other people.
Ethics
4 main cost of downtime
Financial Performance Revenue Damaged Reputation Other Expenses
___________ is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).
General Data Protection Regulation (GDPR)
____________ is forging someone's identity for the purpose of fraud.
Identity theft
___________ is the act of conforming, acquiescing, or yielding information
Information Compliance
_____ govern the ethical and moral issues arising from the development and use of information technologies as well as the creation, collection, duplication, distribution, and processing of information itself or without the aid of computer technologies.
Information Ethics
____________ is a method or system of government for information management or control
Information Governance
____________ examines the organizational resource of information and regulates its definitions, uses, value, and distribution ensuring it has the types of data/information required to function and grow effectively
Information Management
__________ is an ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged
Information Property
____________ is the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity
Information Secrecy
FIgure 4.5 5 Ethical Guidelines for Information Management
Information Secrecy Information Management Information Governance Information Property Information Compliance
________ contains general principles regarding information privacy.
Information privacy policy
__________ is a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization.
Information security
_____________ sends a massive amount of email to a specific person or system that can cause that user's server to stop functioning.
Mail bomb
____________ is a contractual stipulation to ensure that ebusiness participants do not deny (repudiate) their online actions.
Nonrepudiation
__________ is receiving emails by choosing to allow permissions to incoming emails.
Opt in
______________ is customer specifically chooses to deny permission to incoming emails.
Opt out
___________ consists of altering the contents of packets as they travel over the Internet or altering data on computer disks after penetrating a network. For example, an attacker might place a tap on a network line to intercept packets as they leave the computer. The attacker could eavesdrop or alter the information as it leaves the network.
Packet tampering
______ is an exclusive right to make, use, and sell an invention and is granted by a government to the .inventor.
Patent
_________ reroutes requests for legitimate websites to false websites.
Pharming
_________ uses a zombie farm, often by an organized crime association, to launch a massive phishing attack.
Pharming attack
_________ is a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate sources.
Phishing
_________ is a masquerading attack that combines spam with spoofing.
Phishing expedition
__________ is tangible protection such as alarms, guards, fireproof doors, fences, and vaults.
Physical security
_______ is the unauthorized use, duplication, distribution, or sale of copyrighted software.
Pirated Sodtware
______________ allows individuals to request to have all content that violates their privacy removed.
The right to be forgotten
_________ is an act or object that poses a danger to assets.
Threat
_________ is small electronic devices that change user passwords automatically.
Tokens
__________ hides inside other software, usually as an attachment or a downloadable file.
Trojan-horse virus
_________ is a groups of hundreds of people whose job is to infiltrate message boards and comments sections in order to advance Russian national aims or seed discord and disharmony.
Troll farms
____________ is a problem that occurs when someone registers purposely misspelled variations of well-known domain names.
Typosquatting
BYOD offer 4 basic options including:
Unlimited access for personal dev1ces Access only to nonsensitive systems and data. Access but with IT control over personal devices, apps, and stored data. Access but preventing local storage of data on personal devices.
____________ is a software written with malicious intent to cause annoyance or damage.
Virus
___________ is a phone scam that attempts to defraud people by asking them to call a bogus telephone number to confirm their account information.
Vishing (voice phishing)
____________ is the theft of a website's name that occurs when someone, posing as a site's administrator, changes the ownership of the domain name assigned to the website to another website owner.
Website name stealing
___________ work at the request of the system owners to find system vulnerabilities and plug the holes.
White-hat hackers
__________ tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed.
Workplace MIS monitoring
_________ is a malware computer program that spreads itself not only from file to file but also from computer to computer.
Worm
___________ is a program that secretly takes over another computer for the purpose of launching attacks on other computers.
Zombie
________ is a group of computers on which a hacker has planted zombie programs.
Zombie farm
An important goal of the amendment to Rule 41 is to ___________ from hiding the location of a computing device with anonymization technology in order to make detection and prosecution more difficult.
prevent criminals
__________ is unsolicited email.
spam
Data scrapping is also known as _____________
web scrapping