MIS last set - chapter 8

adherence

"sticking to" or "being faithful to"

Malware

(for malicious software) is any program or file that is harmful to a computer user. Thus, malware includes computer viruses, worms, Trojan horses, and also spyware programs that gather information about a computer user without permission.

adage

a proverb or short statement expressing a general truth

Cracking

A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security. A cracker can be doing this for profit, maliciously, for some altruistic purpose or cause, or because the challenge is there. Some breaking-and-entering has been done ostensibly to point out weaknesses in a site's security system.

Public key

A more secure form of encryption called public key encryption uses two keys: one shared (or public) and one totally private as shown in Figure 8.6. The keys are mathematically related so that data encrypted with one key can be decrypted using only the other key. To send and receive messages, communicators first create separate pairs of private and public keys. The public key is kept in a directory and the private key must be kept secret. The sender encrypts a message with the recipient's public key. On receiving the message, the recipient uses his or her private key to decrypt it.

Viruses

A program or programming code that replicates itself by being copied or initiating its copying to another program, computer boot sector or document.

Worms

A self-replicating virus that does not alter files but resides in active memory and duplicates itself without human intervention.

Cyber vandalism

Hacker activities have broadened beyond mere system intrusion to include theft of goods and information, as well as system damage and cybervandalism, the intentional disruption, defacement, or even destruction of a Web site or corporate information system. For example, cybervandals have turned many of the MySpace "group" sites, which are dedicated to interests such as home beer brewing or animal welfare, into cyber-graffiti walls, filled with offensive comments and photographs.

Spoofing

Hackers attempting to hide their true identities often spoof, or misrepresent, themselves by using fake e-mail addresses or masquerading as someone else. Spoofing also may involve redirecting a Web link to an address different from the intended one, with the site masquerading as the intended destination

what hackers create security problems and damage systems

Hackers not only threaten the security of computer systems, but they also steal goods and information, as well as damage systems and commit cybervandalism. They may intentionally disrupt, deface, or even destroy a Web site or corporate information system.

Social engineering

Malicious intruders seeking system access sometimes trick employees into revealing their passwords by pretending to be legitimate members of the company in need of information.

SLL Secure Sockets Layer (349)

Two methods for encrypting network traffic on the Web are SSL and S-HTTP. Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) enable client and server computers to manage encryption and decryption activities as they communicate with each other during a secure Web session.

Digital signatures

a digital code (generated and authenticated by public key encryption) which is attached to an electronically transmitted document to verify its contents and the sender's identity.

Digital Certificates

are data files used to establish the identity of users and electronic assets for protection of online transactions (see Figure 8.7). A digital certificate system uses a trusted third party, known as a certificate authority (CA, or certification authority), to validate a user's identity. There are many CAs in the United States and around the world, including Symantec, GoDaddy, and Comodo.

Spyware

can secretly install itself on an Internet user's computer by piggybacking on larger applications. Once installed, the spyware calls out to Web sites to send banner ads and other unsolicited material to the user, and it can report the user's movements on the Internet to other computers

Access control

consist of all the methods, policies, and organizational procedures that ensure the safety of the organization's assets; the accuracy and reliability of its account records; and operational adherence to management standards

Security Policies

consists of statements ranking information risks, identifying acceptable security goals, and identifying the mechanisms for achieving these goals

Security policy

consists of statements ranking information risks, identifying acceptable security goals, and identifying the mechanisms for achieving these goals. The security policy drives policies determining acceptable use of the firm's information resources and which members of the company have access to its information assets.

Acceptable Use Policy (AUP)

defines acceptable uses of the firm's information resources and computing equipment, including desktop and laptop computers, wireless devices, telephones, and the Internet. The policy should clarify company policy regarding privacy, user responsibility, and personal use of company equipment and networks. A good AUP defines unacceptable and acceptable actions for each user and specifies consequences for noncompliance

Phishing

involves setting up fake Web sites or sending email messages that look like those of legitimate businesses to ask users for confidential personal data. The email instructs recipients to update or confirm records by providing social security numbers, bank and credit card information, and other confidential data either by responding to the email message or by entering the information at a bogus Web site. New phishing techniques such as evil twins and pharming are very hard to detect.

Smart cards

is a device about the size of a credit card that contains a chip formatted with access permission and other data. (Smart cards are also used in electronic payment systems.) A reader device interprets the data on the smart card and allows or denies access.

SHTTP Secure Hypertext Transfer Protocol

is another protocol used for encrypting data flowing over the Internet, but it is limited to individual messages, whereas SSL and TLS are designed to establish a secure connection between two computers.

Encryption

is the process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the intended receiver. Data are encrypted by using a secret numerical code, called an encryption key, that transforms plain data into cipher text. The message must be decrypted by the receiver.

Trojans

it is a software program that appears to be benign but then does something other than expected. The Trojan horse is not itself a virus because it does not replicate, but it is often a way for viruses or other malicious code to be introduced into a computer system.

Sniffer

it is a type of eavesdropping program that monitors informa- tion traveling over a network. When used legitimately, sniffers help identify potential network trouble spots or criminal activity on networks, but when used for criminal purposes, they can be damaging and very difficult to detect. its enable hackers to steal proprietary information from anywhere on a network, including e-mail messages, company files, and confidential reports.

Hacker

it is an individual who gains unauthorized access to a computer system by finding weaknesses in security protections used by Web sites and computer systems.

Biometrics

it is based on the measurement of a physical or behavioral trait that makes each individual unique.

Pharming

it redirects users to a bogus Web page, even when the individual types the correct Web page address into his or her browser. This is possible if pharming perpetrators gain access to the Internet address information stored by Internet service providers to speed up Web browsing and the ISP companies have flawed software on their servers that allows the fraudsters to hack in and change those addresses.

Key loggers

record every keystroke made on a computer to steal serial numbers for software, to launch Internet attacks, to gain access to e-mail accounts, to obtain passwords to protected computer systems, or to pick up personal information such as credit card numbers

Authentication

refers to the ability to know that a person is who he or she claims to be. Authentication is often established by using passwords known only to authorized users. An end user uses a password to log on to a computer system and may also use passwords for accessing specific systems and files.

forensics

scientific tests or techniques used in connection with the detection of crime.

ERM employee relationship management

software deals with employee issues that are closely related to CRM, such as setting objectives, employee performance management, performance-based compensation, and employee training.

severity

the fact or condition of being severe = intense

Authentication

the process or action for proving or showing something to be true, valid, genuine