Chapter 4 mis

Ace your homework & exams now with Quizwiz!

Technologies available to help prevent and build resistance to attacks that could bring a system down include

1.Content filtering 2.Encryption 3.Firewalls

most secure type of authentication involves

1.Something the user knows 2.Something the user possesses 3.Something that is part of the user

Smart card

A device that is about the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing

Authentication

A method for confirming users' identities

Key logger software

A program that, when installed on a computer, records every keystroke and mouse click

Cookie

A small file deposited on a hard drive by a Web site containing information about customers and their Web activities. Cookies allow Web sites to record the comings and goings of customers, usually without their knowledge or consent

Information privacy policy

Contains general principles regarding information privacy

Ethical computer use policy

Contains general principles to guide a computer user's behavior

Email privacy policy

Details the extent to which email messages may be read by others

E-policies ()principles for employees) typically include

Ethical computer use policy •Information privacy policy •Acceptable use policy (AUP) •Email privacy policy •Social media policy •Workplace monitoring policy

Building blocks protecting organizational information

Ethics, security

Hackers

Experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge •White-hat hacker •Black-hat hacker •Hactivist •Cracker •Cyberterrorist

Employee monitoring policy

Explicitly states how, when, and where a company monitors its employees

Intrusion detection software

Features full-time monitoring tools that search for patterns in network traffic to identify intruders

Firewall

Hardware and/or software that guards a private network by analyzing the information entering and leaving a network

Intellectual property

Intangible creative work that is embodied in physical form

Business issues related to information ethics

Intellectual property •Copyright •Pirated software •Counterfeit software

Workplace monitoring

Organizations can be held financially responsible for their employees' actions •The dilemma surrounding employee monitoring in the workplace is that an organization is placing itself at risk if it fails to monitor its employees

Social media policy

Outlines the corporate guidelines or principles governing employee online communications

three primary information technology security areas

People: Authentication and authorization 2.Data: Prevention and resistance 3.Attacks: Detection and response

Content filtering

Prevents emails containing sensitive information from being transmitted and stops spam and viruses from spreading

Clickstream

Records information about a customer during a Web session such as what Web pages were visited, duration of visit, what ads were viewed, and any purchases made

Acceptable use policy (AUP)

Requires a user to agree to follow it in order to be provided access to corporate email, information systems, and the Internet

Anti-spam policy

Simply states that email users will not send unsolicited emails (spam)

Adware

Software generated ads that install themselves on a computer when a person downloads some other program (usually "free") from the Internet

Spyware

Software hidden in free downloadable software; tracks online movements

Counterfeit software

Software that is manufactured to look like the real thing and sold as such

Virus

Software usually written with malicious intent to cause annoyance or damage •Worm •Denial-of-service attack (DoS) •Distributed denial-of-service attack (DDoS) •Trojan-horse virus •Backdoor program •Polymorphic virus

Biometrics

The identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting -can be costly -best and most effective way to manage authentication

Copyright

The legal protection afforded an expression of an idea, such as a book, a song, video game, and some types of proprietary documents

Ethics

The principles and standards that guide behavior; right vs. wrong; molded by your culture (family, peer group, teachers)

Authorization

The process of giving someone permission to do or have something

Pirated software

The unauthorized use, duplication, distribution, or sale of copyrighted software

Spam

Unsolicited email

Personal integrity

You have to live with yourself

Cracker

a hacker with criminal intent

Worm

a type of virus that spreads itself, not only from file to file, but also from computer to computer. The primary difference between a virus and a worm is that a virus must attach to something, such as an executable file, in order to spread. Worms do not need to attach to anything to spread and can tunnel themselves into computers.

Public key encryption (PKE)

an encryption system that uses two keys: a public key for everyone and a private key for the recipient

Distributed denial-of-service attack (DDoS)—

attacks from multiple computers flood a Web site with so many requests for service that it slows down or crashes. A common type is the Ping of Death,

Black-hat hackers (bad guys)

break into other people's computer systems and may just look around or may steal and/or destroy information

Polymorphic viruses and worms

change their form as they propagate 25

Information security plan-

details how an organization will implement the information security policies

The first line of defense an organization should follow to help combat insider issues

develop information security policies and an information security plan

cause a major drain on an organization

downtime

Denial-of-service attack (DoS)

floods a Web site with so many requests for service that it slows down or crashes the site

Hactivists

have philosophical and political reasons for breaking into systems and will often deface a Web site as a protest

Trojan-horse virus

hides inside other software, usually as an attachment or a downloadable file

Information security policies-

identify the rules required to maintain information security (logoff, change PW)

Most common way to identify individual users;

involves an assigned user ID and a user-selected password most ineffectiveform of authentication

Encryption

scrambles information into an alternative form that requires a key to decrypt the information

Cyberterrorists

seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction

Backdoor programs

viruses that find a way into the network for future attacks

White-hat hackers (good guys hired as security consultants)

work at the request of the system owners to find system vulnerabilities and plug the holes

Common monitoring technologies

•Key logger software •Cookies •Adware/Spyware •Clickstream


Related study sets

Forms of Ownership, Transfer, and Recording of Title Exam

View Set

Chapter 43 - Care of Patients with Problems of the Central Nervous System: The Spinal Cord

View Set

PHYS 101 Ivy Tech Rakesh K Shah All Homework Questions

View Set