CIS 7

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Risk Acceptance

Accept the potential risk, continue operating with no controls, and absorb any damages that occur.

organizational firewall

An ________ has the following components: (1) external firewall facing the Internet (2) a demilitarized zone (DMZ) located between the two firewalls; the DMZ contains company servers that typically handle Web page requests and e-mail. (3) an internal firewall that faces the company network

Piracy

Copying a software program without making payment to the owner.

Patent

Document that grants the holder exclusive rights on an invention or process for 20 years.

Audit

Examination of information systems, their inputs, outputs and processing.

Information systems auditing

Independent or unbiased observers task to ensure that information systems work properly.

Trade secret

Intellectual work, such as a business plan, that is a company secret and is not based on public information.

Risk limitation

Limit the risk by implementing controls that minimize the impact of threat.

Authentication

Major objective is proof of identity.

Authorization

Permission issued to individuals and groups to do certain activities with information resources, based on verified identity.

Physical controls

Physical protection of computer facilities and resources.

Intellectual property

Property created by individuals or corporations which is protected under trade secret, patent, and copyright laws.

Access controls

Restriction of unauthorized user access to computer resources; use biometrics and passwords controls for user identification.

Copyright.

Statutory grant that provides creators of intellectual property with ownership of the property for life of the creator plus 70 years.

exposure

The ______ of an information resources is the harm, loss or damage that can result if a threat compromises that resource.

Risk

The probability that a threat will impact an information resource.

Something the User Knows

These access controls include passwords and passphrases. A password is a private combination of characters that only the user should know. A passphrase is a series of characters that is longer than a password but can be memorized easily.

Something the User Has

These access controls include regular ID cards, smart cards, and tokens.

Something the User Does

These access controls include voice and signature recognition.

Human resources and MIS

These employees hold ALL the information

Risk transference

Transfer the risk by using other means to compensate for the loss, such as purchasing insurance.

Tunneling

encrypts each data packet that is sent and places each encrypted packet inside another packet.

Trojan horse

is a computer program that hides in another computer program and reveals its designated behavior only when it is activated.

Least privilege

is a principle that users be granted the privilege for some activity only if there is a justifiable need to grant this authorization.

Logic bomb

is a segment of computer code that is embedded inside an organization's existing computer programs and is designed to activate and perform a destructive action at a certain time or date.

Worm

is a segment of computer code that performs malicious actions and will spread by itself without requiring another computer program.

Virus

is a segment of computer code that performs malicious actions by attaching to another computer program.

Spamware

is alien software that is designed to use your computer as a launchpad for spammers.

Spam

is unsolicited e-mail.

Risk mitigation

is when the organization takes concrete actions against risk. It has two functions: (1) implement controls to prevent identified threats from occurring, and (2) developing a means of recovery should the threat become a reality.

Secure socket layer (SSL)

now called transport layer security (TLS), is an encryption standard used for secure transactions such as credit card purchases and online banking.

Information security

refers to all of the processes and policies designed to protect an organization's information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Certificate authorities

which are trusted intermediaries between two organizations, issue digital certificates.

Privilege

A ______ is a collection of related computer system operations that can be performed by users of the system.

digital certificate

A _______ is an electronic document attached to a file certifying that the file is from the organization that it claims to be from and has not been modified from its original format.

threat

A _______ to an information resource is any danger to which a system may be exposed.

virtual private network

A _________ is a private network that uses a public network (usually the Internet) to connect users.

vulnerability

A system's ________ is the possibility that the system will suffer harm by a threat.

Something the User Is

Also known as biometrics, these access controls examine a user's innate physical characteristics.

untrusted network

An ___________, in general, is any network external to your organization. The Internet, by definition, is an _______.

Types of Auditors and Audits

Internal. Performed by corporate internal auditors. External. Reviews internal audit as well as the inputs, processing and outputs of information systems.

Risk analysis

To assess the value of each asset being protected, estimate the probability it might be compromised, and compare the probable costs of it being compromised with the cost of protecting it.

Risk management

To identify, control and minimize the impact of threats.

Communications (network) controls

To protect the movement of data across networks and include border security controls, authentication and authorization.

Cookies

are small amounts of information that Web sites store on your computer.

Spyware

collects personal information about users without their consent. Two types of spyware are keystroke loggers (keyloggers) and screen scrapers.

Competitive intelligence

consists of legal information-gathering techniques

Industrial espionage

crosses the legal boundary.

Auditing through the computer

means inputs, outputs and processing are checked.

Auditing with the computer

means using a combination of client data, auditor software, and client and auditor hardware.

Auditing around the computer

means verifying processing by checking for known outputs or specific inputs.

Employee monitoring systems

monitor employees' computers, e-mail activities, and Internet surfing activities.

Screen scrapers

record a continuous "movie" of what you do on a screen. The spyware video provides a nice overview of spyware and how to avoid it.

Keystroke loggers

record your keystrokes and your Web browsing history.


Ensembles d'études connexes

Maternal Childhood Chapter 12 Review

View Set

All APUSH Previous Multiple Choice Test/Quiz Answers

View Set

Differential Diagnosis Practical Study Questions

View Set

Excel Solutions Chapter 3 Exam- Health and Accident

View Set

HESI A2 Math Test 1 (50 Questions, 50 Minutes)

View Set