Chapter 4 mis
Technologies available to help prevent and build resistance to attacks that could bring a system down include
1.Content filtering 2.Encryption 3.Firewalls
most secure type of authentication involves
1.Something the user knows 2.Something the user possesses 3.Something that is part of the user
Smart card
A device that is about the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing
Authentication
A method for confirming users' identities
Key logger software
A program that, when installed on a computer, records every keystroke and mouse click
Cookie
A small file deposited on a hard drive by a Web site containing information about customers and their Web activities. Cookies allow Web sites to record the comings and goings of customers, usually without their knowledge or consent
Information privacy policy
Contains general principles regarding information privacy
Ethical computer use policy
Contains general principles to guide a computer user's behavior
Email privacy policy
Details the extent to which email messages may be read by others
E-policies ()principles for employees) typically include
Ethical computer use policy •Information privacy policy •Acceptable use policy (AUP) •Email privacy policy •Social media policy •Workplace monitoring policy
Building blocks protecting organizational information
Ethics, security
Hackers
Experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge •White-hat hacker •Black-hat hacker •Hactivist •Cracker •Cyberterrorist
Employee monitoring policy
Explicitly states how, when, and where a company monitors its employees
Intrusion detection software
Features full-time monitoring tools that search for patterns in network traffic to identify intruders
Firewall
Hardware and/or software that guards a private network by analyzing the information entering and leaving a network
Intellectual property
Intangible creative work that is embodied in physical form
Business issues related to information ethics
Intellectual property •Copyright •Pirated software •Counterfeit software
Workplace monitoring
Organizations can be held financially responsible for their employees' actions •The dilemma surrounding employee monitoring in the workplace is that an organization is placing itself at risk if it fails to monitor its employees
Social media policy
Outlines the corporate guidelines or principles governing employee online communications
three primary information technology security areas
People: Authentication and authorization 2.Data: Prevention and resistance 3.Attacks: Detection and response
Content filtering
Prevents emails containing sensitive information from being transmitted and stops spam and viruses from spreading
Clickstream
Records information about a customer during a Web session such as what Web pages were visited, duration of visit, what ads were viewed, and any purchases made
Acceptable use policy (AUP)
Requires a user to agree to follow it in order to be provided access to corporate email, information systems, and the Internet
Anti-spam policy
Simply states that email users will not send unsolicited emails (spam)
Adware
Software generated ads that install themselves on a computer when a person downloads some other program (usually "free") from the Internet
Spyware
Software hidden in free downloadable software; tracks online movements
Counterfeit software
Software that is manufactured to look like the real thing and sold as such
Virus
Software usually written with malicious intent to cause annoyance or damage •Worm •Denial-of-service attack (DoS) •Distributed denial-of-service attack (DDoS) •Trojan-horse virus •Backdoor program •Polymorphic virus
Biometrics
The identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting -can be costly -best and most effective way to manage authentication
Copyright
The legal protection afforded an expression of an idea, such as a book, a song, video game, and some types of proprietary documents
Ethics
The principles and standards that guide behavior; right vs. wrong; molded by your culture (family, peer group, teachers)
Authorization
The process of giving someone permission to do or have something
Pirated software
The unauthorized use, duplication, distribution, or sale of copyrighted software
Spam
Unsolicited email
Personal integrity
You have to live with yourself
Cracker
a hacker with criminal intent
Worm
a type of virus that spreads itself, not only from file to file, but also from computer to computer. The primary difference between a virus and a worm is that a virus must attach to something, such as an executable file, in order to spread. Worms do not need to attach to anything to spread and can tunnel themselves into computers.
Public key encryption (PKE)
an encryption system that uses two keys: a public key for everyone and a private key for the recipient
Distributed denial-of-service attack (DDoS)—
attacks from multiple computers flood a Web site with so many requests for service that it slows down or crashes. A common type is the Ping of Death,
Black-hat hackers (bad guys)
break into other people's computer systems and may just look around or may steal and/or destroy information
Polymorphic viruses and worms
change their form as they propagate 25
Information security plan-
details how an organization will implement the information security policies
The first line of defense an organization should follow to help combat insider issues
develop information security policies and an information security plan
cause a major drain on an organization
downtime
Denial-of-service attack (DoS)
floods a Web site with so many requests for service that it slows down or crashes the site
Hactivists
have philosophical and political reasons for breaking into systems and will often deface a Web site as a protest
Trojan-horse virus
hides inside other software, usually as an attachment or a downloadable file
Information security policies-
identify the rules required to maintain information security (logoff, change PW)
Most common way to identify individual users;
involves an assigned user ID and a user-selected password most ineffectiveform of authentication
Encryption
scrambles information into an alternative form that requires a key to decrypt the information
Cyberterrorists
seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction
Backdoor programs
viruses that find a way into the network for future attacks
White-hat hackers (good guys hired as security consultants)
work at the request of the system owners to find system vulnerabilities and plug the holes
Common monitoring technologies
•Key logger software •Cookies •Adware/Spyware •Clickstream