Ch 8
A digital certificate
a data file used to establish the identity of users and electronic assets for protection of online transactions
A token
a physical device similar to an identification card that is designed to prove the identity of a single user
When processing takes place in the cloud,
accountability and responsibility for protection of sensitive data still reside with the company owning that data
business continuity planning
action plans/tasks to quickly restore operations and describes alternatives for loss of critical processes
Trojan horse
appears legit but does unexpected things
Secure Sockets Layers (SSL)
are a method for encrypting network traffic that enables client and server computers to manage encryption and decryption activities as they communicate with each other during a secure Web session
Identity management
consists of business processes and software tools for identifying the valid users of a system and controlling their access to system resources
A security policy
consists of statements ranking information risks, identifying acceptable security goals, and identifying the mechanisms for achieving these goals
An acceptable use policy (AUP)
defines acceptable uses of the firm's information resources and computing equipment, including desktop and laptop computers, wireless devices, telephones, and the Internet, and it specifies consequences for noncompliance
Risk assessment
determines the potential frequency of the occurrence of a problem and the potential damage if the problem were to occur
disaster recovery planning
focus on technical responses to any distruption
An MIS audit
identifies all the controls that govern individual systems and assesses their effectiveness
SSID (Service Set Identifier)
identify access points, are broadcasted multiple times
The Sarbanes-Oxley Act
imposes responsibility on companies and their management to protect investors by safeguarding the accuracy and integrity of financial information that is used internally and released externally
An intrusion detection system
includes tools to monitor the most vulnerable points in a network to detect and deter unauthorized intruders
Worms
independent programs that copy themselves from one computer to others over a network
Phishing
involves setting up fake Web sites or sending e-mail messages that look like those of legitimate businesses to ask users for confidential personal data
Public key encryption
is a more secure form of encryption that uses two keys, one shared and one totally private. The keys are mathematically related so that data encrypted with one key can be decrypted using only the other key
The Secure Hypertext Transfer Protocol (S-HTTP)
is used for encrypting data flowing over the Internet and is limited to individual messages
Spoofing
may involve redirecting a web link to an address different from the intended one, with the site masquerading as the intended destination
Click fraud
occurs when an individual or computer program fraudulently clicks on an online ad without any intention of learning more about the advertiser or making a purchase
HIPAA
outlines medical security and privacy rules and procedures for simplifying the administration of health care billing and automating the transfer of health care data among health care providers, payers, and plans
Pharming
redirects users to a bogus Web page, even when the individual types the correct Web page address into the browser
The Gramm-Leach-Bliley Act
requires financial institutions to ensure the security and confidentiality of customer data. Data must be stored on a secure medium, and special security measures must be enforced to protect such data on storage media and during transmittal
Viruses
rogue software program that attaches itself to other programs or files in order to be executed
Spyware
small programs secretly install themselves on computers to monitor user activity
symmetric key encryption
the sender and receiver establish a secure Internet session by the sender's creating a single encryption key and sending it to the receiver so both the sender and receiver share the same key
Biometric authentication
uses systems that read and interpret individual human traits, such as fingerprints, irises, and voices, in order to grant or deny access
