Test Android StudyStack App
Please help StudyStack get a grant! Vote here.
or...
Reset Password Free Sign Up

Free flashcards for serious fun studying. Create your own or use sets shared by other students and teachers.


incorrect cards (0)
correct cards (0)
remaining cards (0)
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the Correct box, the DOWN ARROW key to move the card to the Incorrect box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

Correct box contains:
Time elapsed:
Retries:
restart all cards



Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

HIT 63

CHAPTER 17

QuestionAnswer
Safeguarding 维护 Information refers to protecting electronic information from unwanted access, sometimes known as a breach 违反
Confidentiality is the act of limiting disclosure of private matters
Information privacy The right of an individual to keep information about themselves from being disclosed to anyone.
Data Security protecting data from unauthorized (accidental or intentional) modification, destruction (the act of destroying 销毁), or disclosure (exposure 披露).
Data integrity means that data should be complete, accurate, consistent, and up-to-date.
Physical (Safeguard 保障) definition: Measure taken to (1) prevent loss through use of locks, burglar proofing, guards, etc., and (2) prevent disaster through access control, alarms, fireproof vaults, fire-suppression (sprinkler) system, power backup, etc.
Administration Safeguards are documented, formal practices to manage data security measures throughout the organization. policies and procedures should be written and formalized in a policy manual.
Access Control means being able to identify which employees should have access to what data.
Administrative controls include policies and procedures that address the management of computer resources.
Examples of administrative controls one such policy might direct users to log-off the computer system when they are not using it. Another policy might prohibit employees from accessing the Internet for purposes that are not work-related
Application Controls contained in the application software or computer programs, which include: password management, edit check, audit trail, and etc. Application controls are important because they are automatic checks that help preserve data confidentiality & integrity 诚信
Audit trail is a software program that tracks every single access to data in the computer system. It logs the name of the individual who accessed the data, the date and time, and the action (modifying, reading, or deleting data)
Business continuity plan (BCP) is for handle an unexpected computer shutdown caused by an intentional or unintentional event or during a natural disaster.
Business continuity Plan (BCP) also called contingency 应急 and disaster planning
Hacker 黑客 a microcomputer user who attempts to gain unauthorized access to proprietary 专有computer systems.
Security breach An act from outside an organization that bypasses or contravenes 违反 security policies, practices, or procedures. A similar internal act is called security violation.
contravene to contravene the law
breach the violation of the law. To break or act contrary 相反 to (a law, promise, etc.). 违反
mitigate 减轻 to make less severe: to mitigate a punishment. to lessen in force or intensity, as wrath, grief, harshness, or pain; moderate.
Edit checks help to ensure data integrity by allowing only reasonable and predetermined values to be entered into the computer
Types of application controls password management, edit checks, and audit trail
Security Means to control access and protect information from accidental or intentional disclosure to unauthorized persons and from alteration, destruction, or loss.
1 of 5 Security threats caused by people Unintentional mistakes: Employees who 1 of 5, Threats from insiders who make unintentional mistakes: accidentally make a typographical error, inadvertently delete files on a computer disk, or unknowingly give out confidential information.
2 of 5 Security threats caused by people Threats from insiders who abuse their access privileges to information: Such threats could be employees who knowingly disclose information about a patient to individuals who do not have proper authorization.
3 of 5 Security threats caused by people Threats from intruders who attempt to access information or steal physical resources: Individuals may physically come onto th eorganizatin's progperty to access information or steal equipment such as laptop computers or printers.
4 of 5 Security threats caused by people Threats form insiders who access information or computer systems for spite or profit: Generally, such employees seek information for the purpose of committing fraud or theft.
5 of 5 Security threats caused by people Threats from vengeful employees or outsiders who mount attacks on the organization's information systems: Disgruntled employees might destroy computer hardware or software. delete or change data, or enter data incorrectly into the computer system.
Categories of people-oriented security threats 1. innocent mistakes. 2. abuse privileges. 3. access or alter data for spite or profit. 4. steal or otherwise harm systems. 5. vengeful employees or outsiders who mount attacks.
Vengeful inflicting or taking revenge 复仇: with vengeful blows.
disgruntled grouchy 不高兴, testy, sullen 忧郁, grumpy 性情乖戾的, dissatisfied. 不满
Data availability means making sure the organization can depend on the information system to perform exactly as expected, without error, and to provide information when and where it is needed.
Technical Safeguards consist of: Access controls, Audit controls, Data integrity 诚信, person or entity authentication, and Transmission security
encryption (to put (computer data) into a coded form ). To put (a message) into code is a process that encodes textual material, converting it to scrambled data that must be decoded in order to be understood. The message is a jumble of unreadable characters and symbols as it is transmitted through the telecommunication network. 加密
HIPAA's Security Rule HIPAA's Security Rule divides its protections into three "safeguard" categories: physical (discussed here), administrative and technical. Each safeguard category includes various standards and implementation specifications.
Security incident A security incident is an alert to the possibility that a breach of security may be taking, or may have taken, place.
Created by: Lilyn Ta on 2011-05-13



bad sites Copyright ©2001-2014  StudyStack LLC   All rights reserved.