Management Information Systems Chapter 4 Ethics and Information Security: MIS Business Concerns

Ace your homework & exams now with Quizwiz!

information security

a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization

drive-by hacking

a computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network

competitive click-fraud

a computer crime where a competitor or disgruntled employee increases a company's search advertising costs by repeatedly clicking on the advertiser's link

nonrepudiation

a contractual stipulation to ensure that ebusiness participants do not deny their online actions

digital certificate

a data file that identifies individuals or organizations online and is comparable to a digital signature

smart card

a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing

zombie farm

a group of computers on which a hacker has planted zombie programs

phishing expedition

a masquerading attack that combines spam with spoofing

authentication

a method for confirming users' identities

information governance

a method or system of government for information management or control

spear phishing

a phishing expedition in which the emails are carefully designed to target a particular person or organization

vishing (voice phishing)

a phone scam that attempts to defraud people by asking them to call a bogus telephone number to confirm their account information

typosquatting

a problem that occurs when someone registers purposely misspelled variations of well-known domain names

zombie

a program that secretly takes over another computer for the purpose of launching attacks on other computers

spyware

a special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission

phishing

a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent e-mail

digital rights management

a technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution

certificate authority

a trusted third party, such as VeriSign, that validates user identities by means of digital certificates

teergrubing

an anti-spamming approach where the receiving computer launches a return attack against the spammer, sending email messages back to the computer that originated the suspected spam

information property

an ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged

patent

an exclusive right to make or sell an invention and is granted by a government to the inventor

cyberwar

an organized attempt by a country's military to disrupt or destroy information and communication systems for another country

opt out

choosing to deny permission to incoming emails

time bombs

computer viruses that wait for a specific date before executing their instructions

information privacy policy

contains general principles regarding information privacy

ethical computer use policy

contains general principles to guide computer user behavior

internet use policy

contains general principles to guide the proper use of the internet

decrypt

decodes information and is the opposite of encrypt

advanced encryption standard (AES)

designed to keep government information secure

information security plan

details how an organization will implement the information security policies

email privacy policy

details the extent to which email messages may be read by others

information management

examines the organizational resource of information and regulates its definitions, uses, value, and distribution ensuring it has the types of data/information required to function and grow effectively

hackers

experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge

intrusion detection software (IDS)

features full-time monitoring tools that search for patterns in network traffic to identify intruders

information ethics

govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself

internet censorship

government attempts to control internet traffic, thus preventing some material from being viewed by a country's citizens

social engineering

hackers use their social skills to trick people into revealing access credentials or other valuable information

information security policies

identify the rules required to maintain information security, such as requiring users to log off before leaving for lunch or meetings, never sharing passwords with anyone, and changing passwords every 30 days

cyberbullying

includes threats, negative remarks, or defamatory comments transmitted through the Internet or posted on the website

intellectual property

intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents

threat

is an act or object that poses a danger to assets

firewall

is hardware and/or software that guard a private network by analyzing incoming and outgoing information for the correct markings

insiders

legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident

dumpster diving

looking through people's trash

destructive agents

malicious agents designed by spammers and other internet attackers to farm email addresses off websites or deposit spyware on machines

content filtering

occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission of unauthorized information

social media policy

outlines the corporate guidelines or principles governing employee online communications

child online protection act

passed to protect minors from accessing inappropriate material on the internet

epolicies

policies and procedures that address information management along with the ethical use of computers and the internet in the business environment

downtime

refers to periods of time in which a system is unavailable

ediscovery (electronic discovery)

refers to the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or information inquiry

acceptable use policy (AUP)

requires a user to agree to follow it to be provided access to corporate email, information systems, and the Internet

pharming

reroutes requests for legitimate websites to false websites

anti-virus software

scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware

encryption

scrambles information into an alternative form that requires a key or password to decrypt

mail bomb

sends a massive amount of email to a specific person or system that can cause that user's server to stop functioning

anti-spam policy

simply states that email users will not send unsolicited emails (or spam)

tokens

small electronic devices that change user passwords automatically

counterfeit software

software that is manufactured to look like the real thing and sold as such

adware

software that, while purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements without the consent of the computer user

virus

software written with malicious intent to cause annoyance or damage

employee monitoring policy

stating explicitly how, when, and where the company monitors its employees

physical security

tangible protection such as alarms, guards, fireproof doors, fences, and vaults

click-fraud

the abuse of pay-per-click, pay-per-call, and pay-per-conversion revenue models by repeatedly clicking a link to increase charges or costs for the advertiser

information compliance

the act of conforming, acquiescing, or yielding information

confidentiality

the assurance that messages and information remain available only to those authorized to use them

information secrecy

the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity

cybervandalism

the electronic defacing of an existing website

identity theft

the forging of someone's identity for the purpose of fraud

biometrics

the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting

copyright

the legal protection afforded an expression of an idea, such as a song, book, or video game

ethics

the principles and standards that guide our behavior toward other people

authorization

the process of providing a user with permission including access levels and abilities such as file access, hours of access and amount of allocated storage space

privacy

the right to be left alone when you want to be, to have control over your personal possessions and not to be observed without your consent

cryptography

the science that studies encryption, which is the hiding of messages so that only the sender and receiver can read them

website name stealing

the theft of a website's name that occurs when someone, posing as a site's administrator, changes the ownership of the domain name assigned to the website to another website owner

pirated software

the unauthorized use, duplication, distribution, or sale of copyrighted software

cyberterrorism

the use of computer and networking technologies against persons or property to intimidate or coerce governments, individuals, or any segment of society to attain political, religious, or ideological goals

workplace MIS monitoring

tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed

spam

unsolicited email

pharming attack

uses a zombie farm, often by an organized crime association, to launch a massive phishing attack

public key encryption (PKE)

uses two keys: a public key that everyone can have and a private key for only the recipient


Related study sets

Countries and Bodies of Water that Border France

View Set

NURS 2156 Practice Questions Test One (From Accompanying Study Guide)

View Set