mis chap 4

if there is an information security breach and the information was encrypted, the person stealing the information would be unable to read what

encryption, public key encryption(PKE), certificate authority, digital certicate

what does the ethical computer use policy ensure?

ensures all users are informed of the rules and, by agreeing to use the system on that basis. consent to abide by the rules

information management

examines the organizational resource of information and regulates its definitions, users, value, and distribution ensuring it has the types of data/information required to function and grow effectively

smart card

a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing

authentication

a method for confirming users' identities

information governance

a method or system of government for information management or control

elevation of priveldge

a process by which a user misleads a system in granting unauthorized rights, usually for the purpose of compromising ir destroying the system.

sniffer

a program or device that can monitor data traveling over a network. sniffers can show all the data bring transmitted over a network including passwords and sensitive information. sniffers tend to be a favorite weapon in the hacker's aresenal

adware

a software that, while purpoting to serve some useful function and often fulfilling that function, also allows internet advertisements to display advertisements without the consent if the computer user

spyware

a special class of adware that collects data about the user and transmits it over the internet without the user;s knowledge or permission

phishing

a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent email

polymorphic viruses and worms

change their form as the propagate

packet tampering

consists of altering the contents of packets as they travel over the internet or altering data on computer disks after penetrating a network.

information privacy policy

contains general principles regarding information privacy, the unethical use of information occurs "unintentionally"

ethical computer use policy

contains general principles to guide computer user behavior

internet use policy

contains general principles to guide the proper use of the internet

intrusion detection software

features full time-monitoring tools that search for patterns in network traffic to identify intruders

script kiddies or script bunnies

find hacking code on the internet and click and point their way into sysetms to caase damage or spread viruses

denial-of service attack (DoS)

floods a website with so many requests for service that slows down or crashes the site

what is the first line of defense?

follow to help combat insider issues to develop information security policies and an information security plan

how much can downtown cost an organization?

from $100 dollars to over $1 million

information ethics

govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution , and processing of information itself

social engineering

hackers use their social skills to trick people into revealing access credentials or other valuable information

firewall

hardware and/or software that guards a private network by analyzing the information leaving and entering the network

crackers

have criminal intent when hacking

trojan-horse virus

hides inside other software, usually as an attachment or a downloadable file

what does have ethics? what doesn't?

people and information

what is the biggest issue surrounding information security?

people, like insiders, social engineering, and dumpster diving

privacy

the right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent

pirated software

the unauthorized use, duplication, distribution, or sale of coprighted software

information technology monitoring

tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed

hacker

experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge

employee monitoring policy

explicitly state how, when, and where the company monitors its employees

nonrepudiation

a contractual stipulation to ensure that ebusiness participates do not deny their online actions

what do organizations strive to build?

a corporate culture based on ethical principles that employees can understand and implement

splogs

are fake blogs created solely to raise the search engine rank of affiliated websites. even blogs that are legitimate are plagued by spam, with spammers taking advantage of the comment feature of most blogs to comment with links to spam sites

hoaxes

attack computer systems by transmitting a virus hoax, with a real virus attached. by masking the attack in a seemingly legitimate message and send the attack on to their co-workers and friends, infecting many users along the way

distributed denial of service attack (DDoS)

attacks from multiple computers that flood a website with so many requests for a service that it slows down or crashes. a common type is the ping of death, in which thousands of computers try to access a website at the same time, overloading it and shutting it down

what are several types of hackers?

black-hate hacker, cracker, cyberterrorist, hactivist, script kiddies or script bunnies, white-hat hacker

black-hat hackers

break into other people's computer systems and may just look around or may steal and destroy information

email privacy policy

details the extent to which email messages may be read by others

malicious code

includes a various of threats such as viruses, worms, and trojan horses

what are some tools to prevent information misuse?

information management, information governance, information compliance, ediscovery

intellectual property

intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents

what causes business issues related to information ethics?

intellectual property, copyright, pirated software. counterfeit software

insiders

legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident

dumpster diving

looking through people's trash to obtain information

backdoor programs

open a way into the network for future attacks

what must be protected?

organizational information is intellectual capital

social media policy

outlines the corporate guidelines or principles governing employee online communications

epolicies

policies and procedures that address information management along with the ethical use of computers and the internet in the business environment

content filtering

prevents emails containing sensitive information from transmitting and stops spam and viruses from spreading

downtime

refers to a period of time when system is unavailable

acceptable use policy(AUP)

requires a user to agree to follow it to be provided access to corporate email, information systems, and the internet

pharming

reroutes requests for legitimate websites to false websites

encryption

scrambles information into alternative form that requires a key or password or decrypt

cyberterrorists

seek to cause harm to people critical systems or information and use the internet as a weapon of mass destruction

anti-spam policy

simply states that email users will not send unsolicited emails (or spam)

tokens

small electronic devices that change user passwords automatically

counterfeit software

software manufactured to look like the real thing and sold as such

virus

software written with malicious intent to cause annoyance or damage

what is the most ineffective form of authentication?

something the user knows such as a user id and password

ediscovery

the ability of a company to identify, search, gather, seize. or export digital information in responding to a litigation, audit, investigation, or information inquiry

information compliance

the act of confronting, acquiescing, or yielding information

confidentiality

the assurance that messages and information are available only to those who are authorized to view them

identity theft

the forging of someone's identity for the purpose of fraud

spoofing

the forging of the return address on an email so that the message appears to come from someone other than the actual sender. this is not a virus but rather a way of which virus authors conceal their identities as they send out virus

biometrics

the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting

ethics

the principles and standards that guide our behavior toward other people

authorization

the process of giving someone permission to do or have something

information security

the protection of information from accidental or intentional misuse by persons inside or outside an organization