MIS 180 chapter 4

trust

_____ among companies, customers, partners, and suppliers is the support structure of ebusiness

authentication, authorization

_____ and _____ technologies can prevent identity theft

information security

a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization

nonrepudiation

a contractual stipulation to ensure that ebusiness participants do not deny their online actions

digital certificate

a data file that identifies individuals or organizations online and is comparable to a digital signature

smart card

a device about the size of a credit card, containing embedded technologies that can store info and small amounts of software to perform some limited processing

m-spam (mobile phone spamming)

a form of spam that sends unsolicited text messages to mobile phones

hardware key logger

a hardware device that captures keystrokes on their journey from the keyboard to the motherboard

authentication

a method for confirming user's identities

information governance

a method or system of government for information management or control

elevation of privilege

a process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system. for example, an attack might log onto a network by using a guest account and then exploit a weakness in the software that lets the attacker change the guest privileges to administrative privileges

sniffer

a program or device that can monitor data traveling over a network. ____ can show all the data being transmitted over a network, including passwords and sensitive information. *tend to be a favorite weapon in the hacker's arsenal*

key logger (key trapper) software

a program that records every keystroke and mouse click

cookie

a small file deposited on a hard drive by a website containing information about customers and their web activities. ___ allow websites to record the comings and goings of customers, usually without their knowledge or consent

spyware

a special class of adware that, while purporting to serve some useful function and often fulfulling that function, also allows internet advertisersto display ads without the consent of the computer user

phishing

a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses

certificate authority

a trusted third party, such as verisign, that validates user identities by means of digital certificates

updated

antivirus must be frequently ____ to protect against newly created viruses

hoaxes

attack computer systems by transmitting a virus hoax, with a real virus attached. by masking the attack in a seemingly legitimate message

distributed denial-of-service attack (DDoS)

attacks from multiple computers that flood a website with so many requests for service that it slows down or crashes. a common type is the ping of death

knows, has, part of

authentication and authorization techniques fall into 3 categories: 1. something the user ____, such as a user ID and password 2. something the user ___, such as a smart card or token 3. something that is ___ ____ the user, such as a fingerprint or voice signature

black-hat hackers

break into other people's computer systems and may just look around or may steal and destroy information

polymorphic viruses and worms

change their form as an attachment or downloadable file

packet tampering

consists of altering the contents of packets as they travel over the internet or altering data on computer disks after penetrating a network.

web log

consists of one line of information for every visitor to a website and is usually stored on a web server

information privacy policy

contains general principles regarding information privacy. an organization that wants to protect its info should develop one

ethical computer use policy

contains general principles to guide computer user behavior (for example: might explicitly state that users should refrain from playing computer games during work hours)

internet use policy

contains general principles to guide the proper use of the internet

information security plan

details how an organization will implement information security policies *best way a company can safeguard itself from people is by implementing this*

email privacy policy

details the extent to which email messages may be read by others

hackers

experts in technology who use their knowledge to break into computer networks , either for profit or just motivated by the challenge

splogs (spam blogs)

fake blogs created to raise the search engine rank of affiliated website.

intrusion detection software (IDS)

features full-time monitoring tools that search for patterns in network traffic to identify intruders

costs of downtime

financial performance, damaged reputation, revenue, and other expenses

script kiddies (script bunnies)

find hacking code on the internet and click-and-point their way into systems to cause damage or spread viruses

denial-of-service attack (DoS)

floods a website with so many requests for service that it slows down or crashes the site

information ethics

govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself

information management

guidelines about how the organizational resource of information and examines the organizational resource of information and regulates its definitions, uses, value, and distribution, ensuring it has the types of data/information required to function and grow effectively

social engineering

hackers use their social skills to trick people into revealing access credentials or other valuable info

firewall

hardware and/or software that guard a private network by analyzing incoming and outgoing info for the correct markings

crackers

have criminal intent when hacking

hactivists

have philosophical and political reasons for breaking into systems and will often deface the website as a protest

trojan horse virus

hides inside another software, usually as an attachment or a downloadable file

information security policies

identify the rules required to maintain info security, such as requiring users to log off before leaving for lunch or meetings, never sharing passwords, and changing passwords every 30 days

ethical computer use policy

if an organization were to have only one epolicy, it should be an ______

malicious code

includes a variety of threats such as viruses, worms, and trojan horses

no ethics

information itself has

intellectual property

intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents

insiders

legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident.

dumpster diving

looking through people's trash to obtain info

email

most working professionals use _____ as their preferred means of corporate communications

content filtering

occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission of unauthorized info

content filtering

occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission or unauthorized information

backdoor programs

open a way into the network for future attacks

social media policy

outlining the corporate guidelines or principles governing employee online communication

epolicies

policies and procedures that address information management along with the ethical use of computers and the internet in the business environment

content filtering, encryption, and firewalls

prevention and resistance technologies stop intruders from accessing and reading data by means of

clickstream

records information about a customer during a web surfing session such as what website were visited, how long the visit was, what ads were viewed, and what was purchased

downtime

refers to a period of time when a system is unavailable

ediscovery (electronic discovery)

refers to the ability of a company to identify, search, gather, seize, or export digital information inquiry

acceptable use policy (AUP)

requires a user to agree to follow it to be provided access to corporate email, information systems, and the internet

pharming

reroutes requests for legitimate websites to false websites

antivirus software

scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware

encryption

scrambles information into an alternative form that requires a key or password to decrypt

cyberterrorists

seeks to cause harm to people or to destroy critical systems or information and use the internet as a weapon of mass destruction

mail bomb

sends a massive amount of email to a specific person or system that can cause that user's server to stop functioning

anti-spam

simply states that email users will not send unsolicited emails (or spam)

tokens

small electronic devices that change user passwords automatically

spyware (sneakware or stealthware)

software that comes hidden in free downloadable software and tracks online movements, mines the information stored on a computer, or uses a computer's CPU and storage for some task the user knows nothing about

spyware

software that comes hidden in free downloadable software and tracks online movements, mines the information stored on a computer, or uses and computer's CPU and storage for some task the user knows nothing about

adware

software that generates ads that install themselves on a computer when a person downloads some other program from the internet

counterfeit software

software that is manufactured to look like the real thing and sold as such

virus

software written with malicious intent to cause annoyance or damage

worm

spreads itself, not only from file to file, but from computer to computer.

employee monitoring policy

stating explicitly how, when, and were the company monitors its employees

information compliance

the act of conforming, acquiescing, or yielding information

confidentiality

the assurance that messages and information remain available only to those authorized to view them

identity theft

the forging of someone's identity for the purpose of fraud

spoofing

the forging of the return address on email so that the message appears to come from someone other than the actual sender. not a virus but rather a way by which virus authors conceal their identities as they send out viruses

quadrant 1

the goal for organizations to make decisions within _____ that are both legal and ethical

biometrics

the identification of a user based on a physical characteristic such as a fingerprint, iris, face, voice, or handwriting

copyright

the legal protection afforded an expression of an idea, such as a song, book, or video game

hard drives

the only reliable way to truly obliterate digital information is to destroy the ____ _____ where the file was stored.

attach to something

the primary difference between a virus and a worm is that a virus must

ethics

the principles and standards that guide our behavior toward other people

authorization

the process of providing a suer with permission including access levels and abilities such as file access, hours access, and amount of allocated storage space

make money

the purpose of spam is to

privacy

the right to be left alone when you want to be, to have control over your personal possessions, and not be observed without your consent

pirated software

the unauthorized use, duplication, distribution, or sale of copyrighted software

informed, consent

the users should be ____ of the rules and, be agreeing to the system on that basis, ____ to abide by them

gatekeeper

think of a firewall as a _____ that protects computer networks from intrusion by providing a filter and safe transfer points for access to and from the internet and other networks

repudiate

to deny

information technology monitoring

tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed

ethics and security

two fundamental building blocks for all organizations

people, technology

two lines of defense that organizations address security risks

phishing, pharming

two means of stealing identity

spam

unsolicited email. it plagues employees at all levels within an organization and clogs email systems and siphons MIS resources away from legitimate business projects

one in five

up to ________ responds with the information and becomes a victim of identity theft and fraud

typical AUP

users agree to the following in a typical _____: 1. not using the service as part of violating any law 2. not attempting to break the security of any computer network or user 3. not posting commercial messages to groups without prior permission 4. not performing any nonrepudiation

public key encryption (PKE)

uses two keys, a public key that everyone can have and a private key only for the recipient

white-hat hackers

work at the request of the system owners to find system vulnerabilities and plug the holes