MIS311 FINAL EXAM Chapter 4

Ace your homework & exams now with Quizwiz!

________ are experts in technology who use their knowledge to break into computers and computer networks, either for profit or motivated by the challenge.

Hackers

_________ have philosophical and political reasons for breaking into systems and will often deface the website as a protest.

Hactivists

___________ are legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident.

Insiders

____________ is intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents.

Intellectual Property

__________ is government attempts to control Internet traffic, thus preventing some material from being viewed by a country's citizens.

Internet censorship

___________ contains general principles to guide the proper use of the Internet.

Internet use policy

_________ is the right to be left alone when you want to be, to have control over your personal possessions, and not to be observed without your consent.

Privacy

READ ALL POLICIES ON THE BOOK

READ ALL POLICIES ON THE BOOK

Examples of Financial Performance(Cost of downtime)

Revenue Recognition Cash Flow Payment Guarantees Credit Rating Stock Price

_________ is the part of the U.S. Federal Rules of Criminal Procedure that covers the search and seizure of physical and digital evidence.

Rule 41

____________ find hacking code on the Internet and click-and-point their way into systems to cause damage or spread viruses.

Script kiddies or Script bunnies

_________ is a program or device that can monitor data traveling over a network. Sniffers can show all the data being transmitted over a network, including passwords and sensitive information. Sniffers tend to be a favorite weapon in the hacker's arsenal.

Sniffer

________________ is hackers use their social skills to trick people into revealing access credentials or other valuable information.

Social engineering

___________ is a person within the organization who is trusted to monitor, contribute, filter, and guide the social media presence of a company, individual, product, or brand.

Social media manager

__________ is the process of monitoring and responding to what is being said about a company, individual, product, or brand.

Social media monitoring

__________ is outlines the corporate guidelines or principles governing employee online communications.

Social media policy

__________ is a phishing expedition in which the emails are carefully designed to target a particular person or organization.

Spear phishing

_____________ consists of forging the return address on an email so that the message appears to come from someone other than the actual sender. This is not a virus but rather a way by which virus authors conceal their identities as they send out viruses.

Spoofing

_________ is a special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission.

Spyware

__________ is anti-spamming approach by which the receiving computer launches a return attack against the spammer, sending email messages back to the computer that originated the suspected spam.

Teergrubing

Examples of Other Expenses(Cost of downtime)

Temporary Employees Equipment Rentals Overtime Costs Extra Shipping Charges Travel Expenses Legal Obligations

______________ is a general term for a set of standards governing the collection and use of personal data and addressing issues of privacy and accuracy.

fair information practices (FIPs)

Three methods of Authentication

1. Something the user knows(user ID, Password) 2. Something the user has(Smart card, token) 3. Something that is part of the user(Fingerprint, Voice Signature)

6 epolicies

1. ethical computer use policy 2. information privacy policy 3. acceptable use policy 4. email privacy policy 5. social media policy 6. workplace monitoring policy

____________ is a policy that a user must agree to follow to be provided access to corporate email, information systems, and the Internet.

Acceptable use policy (AUP)

__________ is a software that, while purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements without the consent of the computer user.

Adware

__________ floods a website with so many requests for service that it slows down or crashes.

Denial-of-service attack (DoS)

__________ is a method for confirming users' identities.

Authentication

___________ is the process of providing a user with permission, including access levels and abilities such as file access, hours of access, and amount of allocated storage space.

Authorization

_________ breaks into other people's computer systems and may just look around or may steal and destroy information.

Black-hat hacker

____________ is a policy allowing employees to use their personal mobile devices and computers to access enterprise data and applications.

Bring your own device (BYOD)

___________ is a law that protects minors from accessing inappropriate material on the Internet.

Child Online Protection Act (COPA)

_____________: Passed to protect minors from accessing inappropriate material on the Internet. Figure 4.5 displays the ethical guidelines for information management.

Child Online Protection Act (COPA)

__________ is the practice of artificially inflating traffic statistics for online advertisements.

Click-fraud

___________ is a computer crime in which a competitor or disgruntled employee increases a company's search advertising costs by repeatedly clicking the advertiser's link.

Competitive click-fraud

______ is the assurance that messages and information remain available only to those authorized to view them.

Confidentiality

_______ is the legal protection afforded an expression of an idea, such as a song, book, or video game.

Copyright

__________ is software that is manufactured to look like the real thing and sold as such.

Counterfeit Software

________ is a hacker with criminal intent.

Cracker

Examples of Damaged Reputation(Cost of downtime)

Customers Supplies Financial Markets Banks Business Partners

__________ is threats, negative remarks, or defamatory comments transmitted via the Internet or posted on a website.

Cyberbullying

__________ seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction.

Cyberterrorists

___________ is the electronic defacement of an existing website.

Cybervandalism

_________ is the process of extracting large amounts of data from a website and saving it to a spreadsheet or computer.

Data scrapping

___________ is a technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution.

Digital Rights Management

___________ is a measure of consumer, partner, and employee confidence in an organization's ability to protect and secure data and the privacy of individuals.

Digital trust

Examples of Revenue(Cost of downtime)

Direct less Compensatory Payments Lost Future Revenue Billing Losses Investment Losses Lost Productivity

____________ targets multiple computers and floods a website with so many requests for service that it slows down or crashes. A common type is the Ping of Death, in which thousands of computers try to access a website at the same time, overloading it and shutting it down.

Distributed denial-of-service attack (DDoS)

________ refers to a period of time when a system is unavailable.

Downtime

_________ is a computer attack by which an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network.

Drive-by hacking

__________ is looking through people's trash; another way hackers obtain information.

Dumpster diving

____________ refers to the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or information inquiry.

Ediscovery (or electronic discovery)

_____________ is a process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system. For example, an attacker might log on to a network by using a guest account and then exploit a weakness in the software that lets the attacker change the guest privileges to administrative privileges.

Elevation of privilege

_____________ is details the extent to which email messages may be read by others.

Email privacy policy

___________ states explicitly how, when, and where the company monitors its employees.

Employee monitoring policy

__________ is policies and procedures that address information management, along with the ethical use of computers and the Internet in the business environment.

Epolicies

__________ contains general principles to guide computer user behavior. For example, it might explicitly state that users should refrain from playing computer games during working hours.

Ethical computer use policy

________ is the principles and standards that guide our behavior toward other people.

Ethics

4 main cost of downtime

Financial Performance Revenue Damaged Reputation Other Expenses

___________ is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).

General Data Protection Regulation (GDPR)

____________ is forging someone's identity for the purpose of fraud.

Identity theft

___________ is the act of conforming, acquiescing, or yielding information

Information Compliance

_____ govern the ethical and moral issues arising from the development and use of information technologies as well as the creation, collection, duplication, distribution, and processing of information itself or without the aid of computer technologies.

Information Ethics

____________ is a method or system of government for information management or control

Information Governance

____________ examines the organizational resource of information and regulates its definitions, uses, value, and distribution ensuring it has the types of data/information required to function and grow effectively

Information Management

__________ is an ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged

Information Property

____________ is the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity

Information Secrecy

FIgure 4.5 5 Ethical Guidelines for Information Management

Information Secrecy Information Management Information Governance Information Property Information Compliance

________ contains general principles regarding information privacy.

Information privacy policy

__________ is a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization.

Information security

_____________ sends a massive amount of email to a specific person or system that can cause that user's server to stop functioning.

Mail bomb

____________ is a contractual stipulation to ensure that ebusiness participants do not deny (repudiate) their online actions.

Nonrepudiation

__________ is receiving emails by choosing to allow permissions to incoming emails.

Opt in

______________ is customer specifically chooses to deny permission to incoming emails.

Opt out

___________ consists of altering the contents of packets as they travel over the Internet or altering data on computer disks after penetrating a network. For example, an attacker might place a tap on a network line to intercept packets as they leave the computer. The attacker could eavesdrop or alter the information as it leaves the network.

Packet tampering

______ is an exclusive right to make, use, and sell an invention and is granted by a government to the .inventor.

Patent

_________ reroutes requests for legitimate websites to false websites.

Pharming

_________ uses a zombie farm, often by an organized crime association, to launch a massive phishing attack.

Pharming attack

_________ is a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate sources.

Phishing

_________ is a masquerading attack that combines spam with spoofing.

Phishing expedition

__________ is tangible protection such as alarms, guards, fireproof doors, fences, and vaults.

Physical security

_______ is the unauthorized use, duplication, distribution, or sale of copyrighted software.

Pirated Sodtware

______________ allows individuals to request to have all content that violates their privacy removed.

The right to be forgotten

_________ is an act or object that poses a danger to assets.

Threat

_________ is small electronic devices that change user passwords automatically.

Tokens

__________ hides inside other software, usually as an attachment or a downloadable file.

Trojan-horse virus

_________ is a groups of hundreds of people whose job is to infiltrate message boards and comments sections in order to advance Russian national aims or seed discord and disharmony.

Troll farms

____________ is a problem that occurs when someone registers purposely misspelled variations of well-known domain names.

Typosquatting

BYOD offer 4 basic options including:

Unlimited access for personal dev1ces Access only to nonsensitive systems and data. Access but with IT control over personal devices, apps, and stored data. Access but preventing local storage of data on personal devices.

____________ is a software written with malicious intent to cause annoyance or damage.

Virus

___________ is a phone scam that attempts to defraud people by asking them to call a bogus telephone number to confirm their account information.

Vishing (voice phishing)

____________ is the theft of a website's name that occurs when someone, posing as a site's administrator, changes the ownership of the domain name assigned to the website to another website owner.

Website name stealing

___________ work at the request of the system owners to find system vulnerabilities and plug the holes.

White-hat hackers

__________ tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed.

Workplace MIS monitoring

_________ is a malware computer program that spreads itself not only from file to file but also from computer to computer.

Worm

___________ is a program that secretly takes over another computer for the purpose of launching attacks on other computers.

Zombie

________ is a group of computers on which a hacker has planted zombie programs.

Zombie farm

An important goal of the amendment to Rule 41 is to ___________ from hiding the location of a computing device with anonymization technology in order to make detection and prosecution more difficult.

prevent criminals

__________ is unsolicited email.

spam

Data scrapping is also known as _____________

web scrapping


Related study sets

8th Grade Parts of Sentence study guide

View Set

English Grammar Secrets: question tags

View Set

Longest rivers in European countries

View Set