Chapter 4 Terms

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Information security

A broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization.

Drive-by hacking

A computer attack by which an attacker accesses a wireless network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network.

Competitive click-fraud

A computer crime in which a competitor or disgruntled employee increases a company's search advertising costs by repeatedly clicking the advertisers link.

Zombie farm

A group of computers on which a hacker has planted zombie programs.

Crakers

A hacker with criminal intent.

Child online protection act (COPA)

A law that protects minors from accessing inappropriate material on the internet.

Phishing expedition

A masquerade attack that combines spam and spoofing.

Authentication

A method for confirming users identities.

Social media manager

A person within the organization who's is trusted to monitor, contribute, filter, and guide the social media presence of a company, individual, product, or brand.

Acceptable use policy (AUP)

A policy that a user must agree to follow to be provided access to corporate email, information systems, and the internet.

Typosquatting

A problem that occurs when someone registers purposely misspelled variations or well-known domain names.

Zombie

A program that secretly takes over another computer for the purpose of launching attack's on other computers.

Voiceprint

A set of measurable characteristics of a human voice that uniquely identifies an individual

Spyware

A special class of adware that collects data about the user and transmits it over the internet without the users knowledge or permission.

Phishing

A technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that looks as though they came from legitimate sources.

Digital rights management

A technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution.

Scareware

A type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software.

patent

An exclusive rig to make, use and sell an invention; granted by a government to the inventor.

Threat

And act or object that poses danger to assets.

Teergrubing

Anti-spamming approach by which the receiving computer launches a return attack against the spammer, sending email messages back to the computer thstcoriginated the suspected spam.

Personally Identifiable Information (PII)

Any data that could potentially identify a specific individual

Black hat hackers

Breaks into other people's computer systems and may just look around or may steal and destroy information.

Information privacy policy

Contains general principles regarding information privacy.

Ethical computer use policy

Contains general principles to guide computer user behavior.

Opt out

Customers specifically choose to deny permission to incoming emails.

decrypt

Decodes information and is the opposite of encrypted.

Information security plan

Details how an organization will implement the information security policies.

Email privacy policy

Details the extent to which email messages may be read by others.

HIPPA Security Rule

Ensures national standards for securing patient data that is stored or transferred electronically.

Hackers

Experts in technology who use their knowledge to break into computer networks, either for profit or motivated by the challenge.

Intrusion Detection System (IDS)

Features full-time monitoring tools that search for patterns in network traffic to identity intruders

Script kiddies or script bunnies

Find hacking code on the internet and click-and-point their way into systems to cause damage or spread viruses.

Identity theft

Forging someone's identity for the purpose of fraud.

Network behavior analysis

Gathers an organization's computer network traffic patterns to identify unusual or suspicious operations

Information ethics

Govern the ethical and moral issues arising from the development and use of information technologies as well as the creation, collection, duplication, distribution, and processing of information itself (with or without the aid of computer technologies).

Internet censorship

Government attempts to control internet traffic, thus preventing some material from being viewed by a country's citizens.

Social engineering

Hackers use their social skills to trick people into revealing access credentials or other valuable information.

Hacktivists

Have philosophical reasons for breaking into systems and will often deface the website as a protest.

Information security policies

Identify the rules required to maintain information security, such as requiring users to log off before leaving for lunch or meetings, never sharing passwords with anyone, and changing passwords very 30 days.

Cyber-espionage

Includes governments that are after some form or information about other governments

Cyber-vigilantes

Includes individuals that seek notoriety or want to make a social or political point such as WikiLeaks.

Sensitive PII

Information transmitted with encryption and, when disclosed, results in a breach of the individual's privacy and can potentially cause the individual harm.

Nonsensitive PII

Information transmitted without encryption and includes information collected from public records, phone books, corporate directories, websites, etc.

Advanced Encryption Standard (AES)

Introduced by the National Institute of Standards and Technology (NIST), AES is an encryption standard designed to keep government information secure.

Insiders

Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident.

Dumpster diving

Looking through people's trash; another way hackers obtain information.

Destructive agents

Malicious agents designed by spammers and other internet attacker's to form emai addresses off websites or deposit spyware on machines.

Worm

Malware computer program that spreads itself not only from file to file but also from computer to computer.

Social media policy

Outlines the corporate guidelines or principles governing employee online communications.

Epolicies

Policies and procedures that address information management along with the ethical use of computers and the internet in the business environment.

Ring your own device (BYOD)

Policy allowing employees to use their personal mobile devices and computers to access enterprise data and applications.

Opt in

Receiving emails by choosing to allow permissions to incoming emails.

Downtime

Refers to a period of time when a system is unavailable.

Ediscovery (or electronic discovery)

Refers to the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or information inquiry.

Pharming

Reroutes requests for legitimate websites to false websites.

Mail bomb

Sends a massive amount of email to a specific person or system that can cause that users server to stop functioning.

Anti-spam policy

Simply states that email users will not send unsolicited emails (or spam).

Tokens

Small electronic devices that change user passwords automatically

Malware

Software that is intended to damage or disable computers and computer systems.

Counterfeit software

Software that is manufactured to look like the real thing and sold as such

Virus

Software written with malicious intent to cause annoyance or damage.

Adware

Software, while purporting to serve some useful function and often fulfilling that function, also allows internet advertisers to display advertisements it bout the consent I'd the computer user.

Employee monitoring policy

States explicitly how, when, and where the company monitors its employees.

Physical security

Tangible protection such as alarms, guards, fireproof doors, fences, and vaults.

Confidentiality

The assurance that messages and information remain available only to those authorized to view them.

Information secrecy

The category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity.

Cybervandalism

The electronic defacement of an existing website.

Biometrics

The identification of a user based on a physical characteristic, such as fingerprints, iris, face, voice, or handwriting.

Rule 41

The part of the United States Federal Rules of Criminal Procedure that covers the search and seizure of physical and digital evidence.

Click-fraud

The practice of artificially inflating traffic statistics for online advertisements.

Astroturfing

The practice of artificially stimulating on,one conversations and positive reviews about a product, service or brand.

Ethics

The principles and standards that guide our behavior toward other people.

Social media monitoring

The process of monitoring and responding to what is being said about a company, individual, product, or brand.

Authorization

The process of providing a user with permission, including access levels and abilities such as files access, hours of access, and amount of allocated storage space.

Privacy

The right to be left alone when you want to be, to have control over your personal possessions, and not to be observed without your consent.

Website name stealing

The theft of a Websites name that occurs when someone, posing as a sites administrator, changes the ownership of the domain name assigned to the website to another website owner.

Pirate software

The unauthorized use, duplication, distribution, or sale of copyrighted software.

Cyberterrorist

The use of computer and networking technologies against persons or property to intimidate or coerce governments, individuals, or any segment of society to attain political, religious, or ideological goals.

Sock puppet marketing

The use of false identity to artificially stimulate demand for a product, brand, or service.

Cyberbullying

Threats, negative remarks, or defamatory comments transmitted via the internet or posted on a website.

Workplace MIS monitoring

Tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed.

Spam

Unsolicited email

Pharming attack

Uses a zombie farm,often by an organized crime association, to launch a massive phishing attack.

White-hat hackers

Work at the request of the system owners to find system vulnerabilities and plug the holes.

digital certificate

a data file that identifies individuals or organizations online and is comparable to a digital signature

Privilege Escalation

a network intrusion attack that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications

Certificate Authority

a trusted third party, such as VeriSign, that validates user identities by means of digital certificates

Cyberwar

an organized attempt by a country's military to disrupt or destroy information and communication systems for another country

vertical privilege escalation

attackers grant themselves a higher access level such as administrator, allowing the attacker to perform illegal actions such as running unauthorized code or deleting data

horizontal privilege escalation

attackers grant themselves the same access levels they already have but assume the identity of another user

time bomb

computer viruses that wait for a specific date before executing their instructions

Firewall

hardware and/or software that guard a private network by analyzing incoming and outgoing information for the correct markings

intellectual property

intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents

content filtering

occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission of unauthorized information

Multi factor authentication

requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification)

two-factor authentication

requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token)

antivirus software

scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware

Encryption

scrambles information into an alternative form that requires a key or password to decrypt

Copyright

the legal protection afforded an expression of an idea, such as a song, book, or video game

Cryptography

the science that studies encryption, which is the hiding of messages so that only the sender and receiver can read them

Single-factor authentication

the traditional security process, which requires a user name and password

Cyberterrorism

the use of computer and networking technologies against persons or property to intimidate or coerce governments, individuals, or any segment of society to attain political, religious, or ideological goals

public key encryption (PKE)

uses two keys: a public key that everyone can have and a private key for only the recipient

Nonrepudiation

A contractual stipulation to ensure that ebusiness participants do not deny (repudiate) their online actions.

Bug bounty program

A crowdsourcing initiative that rewards individuals for discovering and reporting software bugs.

Smart card

A device about the size of a credit card containing embedded technologies that can store information and small amounts of software to perform some limited processing.

Ransomware

A form of malicious software that infects your computer and asks for money.

Pretexting

A form of social engineering in which one individual lies to obtain confidential data about another individual.

Fair information practices (FIP)

A general term for a set of standards governing the collection and use of personal data and addressing issues of privacy and accuracy.

Spear phishing

A phishing expedition in which the emails are carefully designed to target a particular person or organization.

Vishing (or voice phishing)

A phone scam that attempts to defraud people by asking them to call a bogus telephone number to confirm their account information.

Internet use policy

Contains general principles to guide the proper use of the internet.


Ensembles d'études connexes

CPIM Part 2: Detailed Scheduling & Planning

View Set

Chapters 22, 23, and 24 Multiple Choice (from Quizzes), Matching, and Presidents

View Set