Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Stack #1013824
MIS Chapter 4
| Question | Answer |
|---|---|
| Access Controls | Controls that restrict unauthorized individuals from using information resources and are concerned with user identification. |
| Adware | Alien software designed to help pop-up advertisements appear on your screen. |
| Alien software | Clandestine software that is installed on your computer through duplicitous methods. |
| Anti-malware systems (antivirus software) | Software packages that attempt to identify and eliminate viruses, worms, and other malicious software. |
| Audit | An examination of information systems, their inputs, outputs, and processing. |
| Authentication | A process that determines the identity of the person requiring access. |
| Authorization | A process that determines which actions, rights or privileges the person has, based on verified identity. |
| Back door | Typically a password, known only to the attacker, that allows the attacker to access the system without having to go through any security procedures. |
| Biometrics | The science and technology of authentication (i.e., establishing the identity of an individual) by measuring the subject's physiologic or behavioral characteristics. |
| Blacklisting | A process in which a company identifies certain types of software that are not allowed to run in the company environment. |
| Certificate Authority | A third party that acts as a trusted intermediary between computers (and companies) by issuing digital certificates and verifying the worth and integrity of the certificates. |
| Cold site | A backup location that provides only rudimentary services and facilities. |
| Communications Controls (also network controls) | Controls that deal with the movement of data across networks. |
| Controls | Defense mechanisms (also called countermeasures). |
| Cookie | Small amounts of information that web sites store on your computer, temporarily or more or less permanently. |
| Copyright | A grant that provides the creator of intellectual property with the ownership of it for a specified period of time, currently the life of the creator plus 70 years. |
| cybercrime | Illegal activities executed on the internet. |
| cyberterrorism | Can be defined as a premeditated, politically motivated attack against information, computer systems, computer programs, and data that results in violence against noncombatant targets by subnational groups or clandestine agents. |
| Cyberwarfare | War in which a country's information systems could be paralyzed from a massive attack by destructive software. |
| Demilitarized Zone (DMZ) | A separate organizational local area network that is located between an organization's internal network and an external network, usually the Internet. |
| Denial-of-service attack | A cyber attack in which an attacker sends a flood of data packets to the target computer, with the aim of overloading its resources. |
| digital certificate | An electronic document attached to a file certifying that this file is from the organization it claims to be from and has not been modified from its original format or content. |
| Distributed denial-of-service (DDoS) attack | A denial-of-service attack that sends a flood of data packets from many compromised computer simultaneously. |
| employee monitoring systems | Systems that monitor employee's computers, e-mail activities, and internet surfing activities. |
| Encryption | The process of converting an original message into a form that cannot be read by anyone except the intended receiver. |
| exposure | the harm, loss, or damage that can result if a threat compromises an information resource. |
| firewall | A system ( either hardware, software, or a combination of both) that prevents a specific type of information from moving between untrusted networks, such as the internet, and private networks, such as your company's network. |
| hot sites | A fully configured computer facility, with all information resources and services, communications links, and physical plant operations, that duplicates your company's computing resources and provides near real-time recovery of IT operations. |
| identity theft | Crime in which someone uses the personal information of others to create a false identity and then uses it for some fraud. |
| information security | Protecting an organization's information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. |
| intellectual property | The intangible property created by individuals or corporations, which is protected under trade secret, patent, and copyright laws. |
| least privilege | A principle that users be granted the privilege for some activity only if there is a justifiable need to grant this authorization. |
| logic bombs | Segments of computer code embedded within an organization's existing computer programs. |
| malware | Malicious software such as viruses and worms. |
| network controls | controls that deal with the movements of data across networks. |
| password | A private combination of characters that only the user should know. |
| patent | A document that grants the holder exclusive rights on an invention or process for a specified period of time, currently 20 years. |
| phishing attack | An attack that uses deception to fraudulently acquire sensitive personal information by masquerading as an official-looking e-mail. |
| physical controls | Controls that restrict unauthorized individuals from gaining access to a company's computer facilities. |
| piracy | Copying a software program (other than freeware, demo software, etc.) without making payment to the owner. |
| privacy | the right to be left alone and to be free of unreasonable personal intrusion. |
| privilege | A collection of related computer system operations that can be performed by users of the system |
| public-key encryption | A type of encryption that uses two different keys, a public key and private key. |
| risk | the likelihood that a threat will occur |
| risk acceptance | a strategy in which the organization accepts the potential risk, continues to operate with no controls, and absorbs any damages that occur. |
| risk analysis | The process by which an organization assesses the value of each asset being protected, estimates the probability that each asset might be compromised, and compares the probable costs of each being compromised with the costs of protecting it. |
| risk limitation | A strategy in which the organization limits its risk by implementing controls that minimize the impact of a threat. |
| risk management | A process that identifies, controls, and minimizes the impact of threats, in an effort to reduce risk to manageable levels. |
| risk mitigation | A process whereby the organization takes concrete actions against risks, such as implementing controls and developing a disaster recovery plan. |
| risk transference | A process in which the organization transfers the risk by using other means to compensate for a loss such as by purchasing insurance. |
| secure socket layer (SSL) | An encryption standard used for secure transactions such as credit card purchases and online banking. |
| security | The degree of protection against criminal activity, danger, damage, and/or loss. |
| social engineering | Getting around security systems by tricking computer users inside a company into revealing sensitive information or gaining unauthorized access privileges. |
| spam | Unsolicited e-mail. |
| Spamware | Alien software that uses your computer as launch platform for spammers. |
| spyware | Alien software that can record your keystrokes and/or capture your passwords. |
| threat | Any danger to which an information resource may be exposed. |
| trade secret | Intellectual work, such as a business, plan, that is a company secret and is not based on public info.. |
| transport layer security | an encryption standard used for secure transactions (secure socket layer SSL). |
| Trojan horse | A software program containing a hidden function that presents a security risk. |
| tunneling | A process that encrypts each data packet to be sent and places each encrypted packet inside another packet |
| virtual private network (VPN) | A private network that uses a public network (usually the internet) to securely connect users by using encryption. |
| viruses | Malicious software that can attach itself to (or infect) other computer programs without the owner of the program being aware of the infection. |
| vulnerability | the possibility that an information resource will be harmed by a threat |
| warm site | A site that provides many of the same services and options of the hot site, but does not include the company's applications. |
| whitelisting | A process in which a company identifies acceptable software and permits it to run, and either prevents anything else from running or lets new software run in a quarantined environment until the company can verify its validity. |
| worms | Destructive programs that replicate themselves without requiring another program to provide a sage environment for replication. |
Created by:
jdalt13