MIS 180 chapter 4
trust
_____ among companies, customers, partners, and suppliers is the support structure of ebusiness
authentication, authorization
_____ and _____ technologies can prevent identity theft
information security
a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization
nonrepudiation
a contractual stipulation to ensure that ebusiness participants do not deny their online actions
digital certificate
a data file that identifies individuals or organizations online and is comparable to a digital signature
smart card
a device about the size of a credit card, containing embedded technologies that can store info and small amounts of software to perform some limited processing
m-spam (mobile phone spamming)
a form of spam that sends unsolicited text messages to mobile phones
hardware key logger
a hardware device that captures keystrokes on their journey from the keyboard to the motherboard
authentication
a method for confirming user's identities
information governance
a method or system of government for information management or control
elevation of privilege
a process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system. for example, an attack might log onto a network by using a guest account and then exploit a weakness in the software that lets the attacker change the guest privileges to administrative privileges
sniffer
a program or device that can monitor data traveling over a network. ____ can show all the data being transmitted over a network, including passwords and sensitive information. *tend to be a favorite weapon in the hacker's arsenal*
key logger (key trapper) software
a program that records every keystroke and mouse click
cookie
a small file deposited on a hard drive by a website containing information about customers and their web activities. ___ allow websites to record the comings and goings of customers, usually without their knowledge or consent
spyware
a special class of adware that, while purporting to serve some useful function and often fulfulling that function, also allows internet advertisersto display ads without the consent of the computer user
phishing
a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses
certificate authority
a trusted third party, such as verisign, that validates user identities by means of digital certificates
updated
antivirus must be frequently ____ to protect against newly created viruses
hoaxes
attack computer systems by transmitting a virus hoax, with a real virus attached. by masking the attack in a seemingly legitimate message
distributed denial-of-service attack (DDoS)
attacks from multiple computers that flood a website with so many requests for service that it slows down or crashes. a common type is the ping of death
knows, has, part of
authentication and authorization techniques fall into 3 categories: 1. something the user ____, such as a user ID and password 2. something the user ___, such as a smart card or token 3. something that is ___ ____ the user, such as a fingerprint or voice signature
black-hat hackers
break into other people's computer systems and may just look around or may steal and destroy information
polymorphic viruses and worms
change their form as an attachment or downloadable file
packet tampering
consists of altering the contents of packets as they travel over the internet or altering data on computer disks after penetrating a network.
web log
consists of one line of information for every visitor to a website and is usually stored on a web server
information privacy policy
contains general principles regarding information privacy. an organization that wants to protect its info should develop one
ethical computer use policy
contains general principles to guide computer user behavior (for example: might explicitly state that users should refrain from playing computer games during work hours)
internet use policy
contains general principles to guide the proper use of the internet
information security plan
details how an organization will implement information security policies *best way a company can safeguard itself from people is by implementing this*
email privacy policy
details the extent to which email messages may be read by others
hackers
experts in technology who use their knowledge to break into computer networks , either for profit or just motivated by the challenge
splogs (spam blogs)
fake blogs created to raise the search engine rank of affiliated website.
intrusion detection software (IDS)
features full-time monitoring tools that search for patterns in network traffic to identify intruders
costs of downtime
financial performance, damaged reputation, revenue, and other expenses
script kiddies (script bunnies)
find hacking code on the internet and click-and-point their way into systems to cause damage or spread viruses
denial-of-service attack (DoS)
floods a website with so many requests for service that it slows down or crashes the site
information ethics
govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself
information management
guidelines about how the organizational resource of information and examines the organizational resource of information and regulates its definitions, uses, value, and distribution, ensuring it has the types of data/information required to function and grow effectively
social engineering
hackers use their social skills to trick people into revealing access credentials or other valuable info
firewall
hardware and/or software that guard a private network by analyzing incoming and outgoing info for the correct markings
crackers
have criminal intent when hacking
hactivists
have philosophical and political reasons for breaking into systems and will often deface the website as a protest
trojan horse virus
hides inside another software, usually as an attachment or a downloadable file
information security policies
identify the rules required to maintain info security, such as requiring users to log off before leaving for lunch or meetings, never sharing passwords, and changing passwords every 30 days
ethical computer use policy
if an organization were to have only one epolicy, it should be an ______
malicious code
includes a variety of threats such as viruses, worms, and trojan horses
no ethics
information itself has
intellectual property
intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents
insiders
legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident.
dumpster diving
looking through people's trash to obtain info
most working professionals use _____ as their preferred means of corporate communications
content filtering
occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission of unauthorized info
content filtering
occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission or unauthorized information
backdoor programs
open a way into the network for future attacks
social media policy
outlining the corporate guidelines or principles governing employee online communication
epolicies
policies and procedures that address information management along with the ethical use of computers and the internet in the business environment
content filtering, encryption, and firewalls
prevention and resistance technologies stop intruders from accessing and reading data by means of
clickstream
records information about a customer during a web surfing session such as what website were visited, how long the visit was, what ads were viewed, and what was purchased
downtime
refers to a period of time when a system is unavailable
ediscovery (electronic discovery)
refers to the ability of a company to identify, search, gather, seize, or export digital information inquiry
acceptable use policy (AUP)
requires a user to agree to follow it to be provided access to corporate email, information systems, and the internet
pharming
reroutes requests for legitimate websites to false websites
antivirus software
scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware
encryption
scrambles information into an alternative form that requires a key or password to decrypt
cyberterrorists
seeks to cause harm to people or to destroy critical systems or information and use the internet as a weapon of mass destruction
mail bomb
sends a massive amount of email to a specific person or system that can cause that user's server to stop functioning
anti-spam
simply states that email users will not send unsolicited emails (or spam)
tokens
small electronic devices that change user passwords automatically
spyware (sneakware or stealthware)
software that comes hidden in free downloadable software and tracks online movements, mines the information stored on a computer, or uses a computer's CPU and storage for some task the user knows nothing about
spyware
software that comes hidden in free downloadable software and tracks online movements, mines the information stored on a computer, or uses and computer's CPU and storage for some task the user knows nothing about
adware
software that generates ads that install themselves on a computer when a person downloads some other program from the internet
counterfeit software
software that is manufactured to look like the real thing and sold as such
virus
software written with malicious intent to cause annoyance or damage
worm
spreads itself, not only from file to file, but from computer to computer.
employee monitoring policy
stating explicitly how, when, and were the company monitors its employees
information compliance
the act of conforming, acquiescing, or yielding information
confidentiality
the assurance that messages and information remain available only to those authorized to view them
identity theft
the forging of someone's identity for the purpose of fraud
spoofing
the forging of the return address on email so that the message appears to come from someone other than the actual sender. not a virus but rather a way by which virus authors conceal their identities as they send out viruses
quadrant 1
the goal for organizations to make decisions within _____ that are both legal and ethical
biometrics
the identification of a user based on a physical characteristic such as a fingerprint, iris, face, voice, or handwriting
copyright
the legal protection afforded an expression of an idea, such as a song, book, or video game
hard drives
the only reliable way to truly obliterate digital information is to destroy the ____ _____ where the file was stored.
attach to something
the primary difference between a virus and a worm is that a virus must
ethics
the principles and standards that guide our behavior toward other people
authorization
the process of providing a suer with permission including access levels and abilities such as file access, hours access, and amount of allocated storage space
make money
the purpose of spam is to
privacy
the right to be left alone when you want to be, to have control over your personal possessions, and not be observed without your consent
pirated software
the unauthorized use, duplication, distribution, or sale of copyrighted software
informed, consent
the users should be ____ of the rules and, be agreeing to the system on that basis, ____ to abide by them
gatekeeper
think of a firewall as a _____ that protects computer networks from intrusion by providing a filter and safe transfer points for access to and from the internet and other networks
repudiate
to deny
information technology monitoring
tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed
ethics and security
two fundamental building blocks for all organizations
people, technology
two lines of defense that organizations address security risks
phishing, pharming
two means of stealing identity
spam
unsolicited email. it plagues employees at all levels within an organization and clogs email systems and siphons MIS resources away from legitimate business projects
one in five
up to ________ responds with the information and becomes a victim of identity theft and fraud
typical AUP
users agree to the following in a typical _____: 1. not using the service as part of violating any law 2. not attempting to break the security of any computer network or user 3. not posting commercial messages to groups without prior permission 4. not performing any nonrepudiation
public key encryption (PKE)
uses two keys, a public key that everyone can have and a private key only for the recipient
white-hat hackers
work at the request of the system owners to find system vulnerabilities and plug the holes