Chp 10: DSM

Ace your homework & exams now with Quizwiz!

Inside threats

"trusted adversaries" who operate within an organization's boundaries and are a significant danger to both private and public sectors.

time bomb

A malicious program that deletes payroll data on a certain date

Recovery time objectives

-address the issue of how soon an organization should be able to resume operations. -specify the maximum time allowed to recover from a disaster.

Recovery point objectives

-specify how current backup data should be -assert that having completely redundant systems that mirror the data helps to minimize (or even avoid) data loss in the event of a catastrophic failure.

warez

Bootleg copies of software programs

denial of service (DOS) attack

Computer worms infiltrating a network with so much artificial traffic that legitimate traffic cannot get through

Anti-Cybersquatting Consumer Protection Act

Passed in 1999, the U.S. government made it a crime to register, traffic in, or use a domain name to profit from the goodwill of a trademark belonging to someone else.

IS security

Refers to precautions taken to keep all aspects of information systems safe from destruction, manipulation, or unauthorized use or access. Because threats to information systems constantly evolve, ______ is an ongoing process.

cookies

Small text files passed to a Web browser on a user's computer by a Web server. The browser stores the message in a text file, and the message is sent back to the server each time the user's browser requests a page from that server.

Access control software

allows computer users access to only those files related to their work.

tunneling

The practice of creating an encrypted "tunnel" to send secure (private) data over the (public) Internet

virus

a destructive program that disrupts the normal functioning of computer systems. Differs from other types of malicious code in that they can reproduce themselves.

botnet

a group of destructive software robots working together on a collection of zombie computers via the Internet.

Risk analysis

a process in which you assess the value of the assets being protected, determine their probability of being compromised, and compare the probable costs of their being compromised with the estimated costs of whatever protections you might have to take.

Record keeping

a type of information systems control that helps ensure the reliability of information

worm

a type of malware that propagates through the Internet or other computer networks.

logic bomb

a variation of a Trojan horse that is set off by certain types of operations, such as entering a specific password or adding or deleting names and other information to and from certain computer files.

company's disaster recovery plan

addresses: -chain of command -which events are considered a disaster -what should be done to prepare the backup site -what hardware and software are needed to recover from a disaster.

Computer-assisted auditing tools

allow software auditors use to test applications and data using test data or simulations. Auditors use these tools because testing all controls under all possible conditions is very inefficient and often not feasible.

drive-by hacking

an attacker accesses the network, intercepts data from it, and even uses network services and/or sends attack instructions to it without having to enter the home, office, or organization that owns the network.

Stuxnet

an example of a cyberwar attack.

Cyberwar

an organized attempt by a country's military to disrupt or destroy the information and communication systems of another country. technologies can be used to electronically blind, jam, deceive, overload, and intrude into an enemy's information systems infrastructure.

crackers

another name for a black hat, Those who break into computer systems with the intention of doing damage or committing a crime

black hat

another name for a cracker, someone who breaks into computer systems with the intention of doing damage or committing a crime.

Hactivists

attempt to break into systems or deface Web sites to promote political or ideological goals (such as free speech, human rights, and antiwar campaigns).

Keyloggers

capture users' keystrokes to gather information like passwords and credit card numbers.

cold backup site

comprises all necessary connections for power and communication, but nothing else. In the case of a disaster, a company has to first set up all necessary equipment, ranging from office furniture to Web servers. -the least expensive option -takes a longer time before a company can resume working after a disaster.

Honeypots

computers, data, or network sites designed to entice crackers. Organizations and governments are increasingly utilizing _______ to proactively gather intelligence to improve their defenses or to catch cybercriminals.

Industrial espionage

covert activities, such as the theft of trade secrets, bribery, blackmail, and technological surveillance.

Reverse engineering

disassembling software to discover and understand any protection mechanisms built into the software by its original developer.

Spam

electronic junk mail or junk newsgroup postings, usually for the purpose of advertising some product and/or service.

firewall

essentially a security fence around the perimeter of an organization's information systems spots unauthorized intruders who try to penetrate a private network. generally placed between the organization's private internal networks and the Internet, although they can also be used to protect one part of a company's network from the rest of the network. can be implemented in hardware, in software, or in a combination of both.

IS risk management

gaining an understanding of the interplay among threats, vulnerabilities, and impacts.

Hot backup site

have a redundant backup of the data so that the business processes are interrupted as little as possible. -more expensive -a redundant backup of all the data -ensures that the company can resume working immediately after a disaster

IS controls

help ensure the reliability of information and can consist of different measures, such as systems security policies or record keeping, to trace actions and transactions and who is responsible for them.

Cyberterrorism

individuals and organized groups use of computer and networking technologies against persons or property to intimidate or coerce governments, civilians, or any segment of society in order to attain political, religious, or ideological goals. could damage the machines that control traffic lights, power plants, dams, or airline traffic in order to create fear and panic.

True hackers

individuals motivated by curiosity and not by a desire to do harm.

Trojan horse

infects an information system by posing as a legitimate program or file. A computer infected with a ______ appears to function normally. But in fact, the computer is performing underlying functions dictated by the _______.

Business continuity planning

ocuses on how the company can restore its IS operations after a disaster strikes. The plan identifies critical business processes and determines action plans for handling mission-critical functions if systems go down.

information systems audit

often performed by external auditors, can help organizations assess the state of their IS controls to determine necessary changes and to help ensure the information systems' availability, confidentiality, and integrity.

Shareware

refers to software that a user can access on a trial basis without paying for it.

Spyware

refers to software that covertly gathers information about a user through an Internet connection without the user's knowledge. Monitoring users' computer activity and secretly transmitting that information to someone else is done sometimes hidden within freeware or shareware programs or is embedded within a Web site and downloaded to the user's computer, without the user's knowledge, in order to track data about the user for marketing and advertisement purposes.

Phishing

setting up fake Web sites or sending e-mail messages that look like those of legitimate businesses to ask users for confidential personal data.

Malware

short for "malicious software" such as viruses, worms, and Trojan horses.

cybersquatting

the practice of registering a domain name and then trying to sell it for big bucks to the person, company, or organization most likely to want it.

Sarbanes-Oxley Act

to protect investors from fraudulent practices by organizations. It mandates that companies demonstrate compliance with accounting standards and establish controls and corporate governance.

online transaction processing

transactions entered online are immediately processed by the computer.

CAPTCHA

typically consists of a distorted image displaying a combination of letters and/or numbers that a user has to input into a form before submitting it. a way to prevent spammers from using bots to automatically submit online forms. used to prevent bots from trying to break passwords using a brute force approach.

Audit-control software

used to keep track of computer activity so that auditors can spot suspicious activity and take action.

Biometric authentication

uses systems that read and interpret individual human traits, such as fingerprints, irises, and voices, in order to grant or deny access.


Related study sets

MKTG 3803 - Digital Marketing - Chapter 3

View Set

Types of Bones MCQ - Skeletal System & Joints

View Set

Nursing Drug Applications: IM Injections

View Set

AP Lang- Unit 1, 2, 3, 4, 5, 6 Vocab

View Set

AP Gov Unit 4 Bellringers (2/7- 3/1)

View Set