mis chap 4
if there is an information security breach and the information was encrypted, the person stealing the information would be unable to read what
encryption, public key encryption(PKE), certificate authority, digital certicate
what does the ethical computer use policy ensure?
ensures all users are informed of the rules and, by agreeing to use the system on that basis. consent to abide by the rules
information management
examines the organizational resource of information and regulates its definitions, users, value, and distribution ensuring it has the types of data/information required to function and grow effectively
smart card
a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing
authentication
a method for confirming users' identities
information governance
a method or system of government for information management or control
elevation of priveldge
a process by which a user misleads a system in granting unauthorized rights, usually for the purpose of compromising ir destroying the system.
sniffer
a program or device that can monitor data traveling over a network. sniffers can show all the data bring transmitted over a network including passwords and sensitive information. sniffers tend to be a favorite weapon in the hacker's aresenal
adware
a software that, while purpoting to serve some useful function and often fulfilling that function, also allows internet advertisements to display advertisements without the consent if the computer user
spyware
a special class of adware that collects data about the user and transmits it over the internet without the user;s knowledge or permission
phishing
a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent email
polymorphic viruses and worms
change their form as the propagate
packet tampering
consists of altering the contents of packets as they travel over the internet or altering data on computer disks after penetrating a network.
information privacy policy
contains general principles regarding information privacy, the unethical use of information occurs "unintentionally"
ethical computer use policy
contains general principles to guide computer user behavior
internet use policy
contains general principles to guide the proper use of the internet
intrusion detection software
features full time-monitoring tools that search for patterns in network traffic to identify intruders
script kiddies or script bunnies
find hacking code on the internet and click and point their way into sysetms to caase damage or spread viruses
denial-of service attack (DoS)
floods a website with so many requests for service that slows down or crashes the site
what is the first line of defense?
follow to help combat insider issues to develop information security policies and an information security plan
how much can downtown cost an organization?
from $100 dollars to over $1 million
information ethics
govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution , and processing of information itself
social engineering
hackers use their social skills to trick people into revealing access credentials or other valuable information
firewall
hardware and/or software that guards a private network by analyzing the information leaving and entering the network
crackers
have criminal intent when hacking
trojan-horse virus
hides inside other software, usually as an attachment or a downloadable file
what does have ethics? what doesn't?
people and information
what is the biggest issue surrounding information security?
people, like insiders, social engineering, and dumpster diving
privacy
the right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent
pirated software
the unauthorized use, duplication, distribution, or sale of coprighted software
information technology monitoring
tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed
hacker
experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge
employee monitoring policy
explicitly state how, when, and where the company monitors its employees
nonrepudiation
a contractual stipulation to ensure that ebusiness participates do not deny their online actions
what do organizations strive to build?
a corporate culture based on ethical principles that employees can understand and implement
splogs
are fake blogs created solely to raise the search engine rank of affiliated websites. even blogs that are legitimate are plagued by spam, with spammers taking advantage of the comment feature of most blogs to comment with links to spam sites
hoaxes
attack computer systems by transmitting a virus hoax, with a real virus attached. by masking the attack in a seemingly legitimate message and send the attack on to their co-workers and friends, infecting many users along the way
distributed denial of service attack (DDoS)
attacks from multiple computers that flood a website with so many requests for a service that it slows down or crashes. a common type is the ping of death, in which thousands of computers try to access a website at the same time, overloading it and shutting it down
what are several types of hackers?
black-hate hacker, cracker, cyberterrorist, hactivist, script kiddies or script bunnies, white-hat hacker
black-hat hackers
break into other people's computer systems and may just look around or may steal and destroy information
email privacy policy
details the extent to which email messages may be read by others
malicious code
includes a various of threats such as viruses, worms, and trojan horses
what are some tools to prevent information misuse?
information management, information governance, information compliance, ediscovery
intellectual property
intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents
what causes business issues related to information ethics?
intellectual property, copyright, pirated software. counterfeit software
insiders
legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident
dumpster diving
looking through people's trash to obtain information
backdoor programs
open a way into the network for future attacks
what must be protected?
organizational information is intellectual capital
social media policy
outlines the corporate guidelines or principles governing employee online communications
epolicies
policies and procedures that address information management along with the ethical use of computers and the internet in the business environment
content filtering
prevents emails containing sensitive information from transmitting and stops spam and viruses from spreading
downtime
refers to a period of time when system is unavailable
acceptable use policy(AUP)
requires a user to agree to follow it to be provided access to corporate email, information systems, and the internet
pharming
reroutes requests for legitimate websites to false websites
encryption
scrambles information into alternative form that requires a key or password or decrypt
cyberterrorists
seek to cause harm to people critical systems or information and use the internet as a weapon of mass destruction
anti-spam policy
simply states that email users will not send unsolicited emails (or spam)
tokens
small electronic devices that change user passwords automatically
counterfeit software
software manufactured to look like the real thing and sold as such
virus
software written with malicious intent to cause annoyance or damage
what is the most ineffective form of authentication?
something the user knows such as a user id and password
ediscovery
the ability of a company to identify, search, gather, seize. or export digital information in responding to a litigation, audit, investigation, or information inquiry
information compliance
the act of confronting, acquiescing, or yielding information
confidentiality
the assurance that messages and information are available only to those who are authorized to view them
identity theft
the forging of someone's identity for the purpose of fraud
spoofing
the forging of the return address on an email so that the message appears to come from someone other than the actual sender. this is not a virus but rather a way of which virus authors conceal their identities as they send out virus
biometrics
the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting
ethics
the principles and standards that guide our behavior toward other people
authorization
the process of giving someone permission to do or have something
information security
the protection of information from accidental or intentional misuse by persons inside or outside an organization