MIS Chapter 10

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Preventions

Biometric, Non-biometric, other hardware-based measures, other hardware measures, strategic responses.

Non-Biometric

Call back modems, Firewalls, and intrusion detection system

Biometric

Finger prints, signature analysis, facial recognition, hang geometry, palm prints, signature analysis

Other software-based measures

Passwords, Access control, data encryption, virtual private network (VPN), e-commerce security measures

Human error occurs when

accidental problems cause by both employees and non-employees

computer fraud

any type of fraud that requires computer technology to perpetrate

Corner bolts

are an inexpensive way to secure a computer to a desktop or counter and often have locks as an additional protection against theft.

Trojan Programs

are viruses that masquerade as useful programs or files

Hacking

breaking into computers, servicers, or networks to steal data.

Malware

broad category of software that includes viruses, spyware, and adware, trojan.

Blended Threats

bundles of malicious programs that combine the functionality of different types of malware such as Trojans, worms, and backdoors

Retinal Scanning

As part of the authentication process, some systems use biometric data by scanning the blood vessels on the back of the eye and is considered the most reliable of all biometric data scanning.

Vein Analysis

Biometric authentication using vein pattern in a human finger

Phisher

Pretends to be a legitimate company and sends an email requesting confidential data, such as account numbers, social security number, account passwords, etc.

Phishing

is used for obtaining unauthorized data that uses pretexting via email.

Cryptojacking

victims' computers or installing hidden malware that mines cryptocurrency for attackers.

Computer Emergency Response Team (CERT)

A group of people integrated at the enterprise with clear lines of reporting and responsibilities for standby support in case of an information systems emergency. This group will act as an efficient corrective control, and should also act as a single point of contact for all incidents and issues related to information systems.

Pharming

A phishing attack that automatically redirects the user to a fake site.

shoulder surfing

Gaining compromising information through observation (as in looking over someone's shoulder).

Three categories of threats

Human error, Computer Crime, Natural Disaster.

Other hardware-based measures

ID badges, corner bolts, electronic trackers, id badges, proximity-release door openers, room shielding, steen encasements.

dumpster diving

Involves digging through trash receptacles to find computer manuals, printouts, or password lists that have been thrown away

Human Erros

Procedural mistakes, incorrect procedure, ineffective accounting controls, system error, development and installation errors, and accidents.

Iris Analyst

a comprehensive, data-driven exploration of common threats techniques, and their financial impact.

DOS Attacks- Denial of Service

a cyberattack on devices, information systems, or other network resources that prevents legitimate users from accessing expected services and resources

Scareware

a cyberattack tactic that scares people into visiting spoofed or infected websites or downloading malicious software (malware)

Logic Bombs

a piece of often-malicious code that is intentionally inserted into software.

Rootkits

a type of malware program that enables cyber criminals to gain access to and infiltrate data from machines without being detected

Virtual Private Network (VPN)

an encrypted connection over the Internet from a device to a network

Backdoors

are shortcuts into programs created by system designers to facilitate system maintenance but used and abused by hackers. .

Keystroke Logger

capture keystrokes to obtain usernames, etc.

Firewalls

computing devices that prevents unauthorized network access.

E-Commerce Security

degree to which individuals feel that their private information is safe in the hands of companies collecting such information

natural disaster

disclose during recovery, incorrect data recovery, service improperly restored, service interruption, and property loss

Terrorist Activities

disruptive attacks by recognised terrorist organizations against computer systems with the intent of generating alarm, panic, or the physical disruption of the information system.

Computer Crime occurs when

employees and former employees who intentionally destroy data or other system components

Call back modem

enables a modem to disconnect an incoming call and call back the calling party upon request.

Natural Disasters occurs when

fires, floods, hurricanes, earthquakes, tsunamis, etc.

Sniffing

for intercepting computer communications.

Viruses

is a computer program that replicates itself.

Intrusion Detection System (IDS)

is a computer program that senses when another computer is attempting to scan or access a computer or network.

Threat

is a person or organization that seeks to obtain or alter data or other IS assets illegally, without the owner's permission and often without the owner's knowledge.

Worms

is a viruses that self-propagates using internet or other computer networks

Cable Sheilding

minimize Electromagnetic interference (EMI) and radio frequency interference (RFI) from external electronic devices such as computers, power lines, cellular networks, air conditioners, and fluorescent lighting. EMI is unwanted signals from a neighboring transmission circuit.

Usurpation

occurs when computer criminals invade a computer system and replace legitimate programs with their own, unauthorized ones that shut down legitimate applications and substitute their own processes to spy, steal, manipulate data, or achieve other purposes.

Pretexting

occurs when someone deceives by pretending to be someone else.

Business Continuity Planning

outlines procedures for keeping an organization operational in the event of a natural disaster or network attack

Authentication

password authenticates that user

Encryption

process of transforming clear text into coded unintelligible text for secure storage or communication

Spyware

programs installed on the user's computer without the user's knowledge or permission

Baiting

promises an item, commodity, or reward to attract victims, infect their systems with malware, and steal their sensitive information.

Adware

software that automatically displays or downloads advertising material (often unwanted) when a user is online.

Spoofing

someone pretending to be someone else

Quid Pro Quo

something given in exchange or return for something else

theft

the act of stealing information stored on corporate databases, computers, servers, or electronic devices to obtain sensitive information or compromise privacy

social engineering

the tactic of manipulating, influencing, or deceiving a victim in order to gain control over a computer system, or to steal personal and financial information

identification

username identifies the user

Tailgating

where an attacker follows an unaware user to gain access to an area without authorization


Ensembles d'études connexes

Anti-Infectives NCLEX style Q's from Lehne CH 83-88

View Set

Intro to Entrepreneurship Chapter 3

View Set

AP Computer Science Principles - Programming Review

View Set

RN 102 #2 Exam Sensory, Cardio, Musculoskeletal & Neurological + Cranial Nerves

View Set