Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Ch.7

Securing Information Systems

TermDefinition
acceptable use policy (AUP) defines acceptable uses of the firms information resources and computing equipment, including desktop and laptop computers, wireless devices, telephones, and the internet, and specifies consequences for noncompliance.
antivirus software software designed to detect, and often eliminate, computer viruses from an information system.
application controls specific controls unique to each computerized application that ensure that only authorized data are completely and accurately processed by that application.
authentication the ability of each party in a transaction to ascertain the identity of the other party.
biometric authentication technology for authenticating system users that compares a persons unique characteristics such as fingerprints, face or retinal image, against a stored set profile of these characteristics.
botnet a croup of computers that have been infected with bot malware without users knowledge, enabling a hacker to use the amassed resources of the computers to launch distributed denial-of-service attacks, phishing campaigns of spam.
bugs software program code defects.
business continuity planning planning that focuses on how the company can restore business operations after a disaster strikes.
click fraud occurs when an individual or computer program fraudulently clicks on an online ad without any intention of learning more about the advertiser or making a purchase.
computer crime the commission of illegal ac ts through the use of a computer or against a computer system
computer forensics the scientific collection, examination, authentication, preservation, and analysis of data held on or retrieved from computer storage media in such a way that the information can be used as evidence in a court of law.
computer virus rogue software program that attaches itself to other software programs or data files in order to be executed, often causing hardware and software malfunctions.
controls all of the methods, policies, and procedures that ensure protection of the organizations assets, accuracy and reliability of its records, and operational adherence to management standards.
cybervandalizm intentional disruption, defacement, or even destruction of a web site or corporate information system.
cyberwarefare state sponsored activity designed to cripple and defeat another state or nation by damaging or disrupting its computers or networks.
deep packet inspection (DPI) technology for managing network t4raffic by examining data packets, sorting out low priority data from higher priority business critical data, and sending packets in order of priority.
Denial of service (DOS) flooding a network server or web server with false communications or requests for services in order to crash the network.
digital certificates attachments to an electronic message to verify the identity of the sender and to provide the receiver with the means to encode a reply.
disaster recovery planning planning for the restoration of computing and communications services after they have been disrupted.
distributed denial of service (DDOS) uses numerous computers to inundate and overwhelm a network from numerous launch points.
downtime period of time in which an information system is not operational.
encryption the coding and scrambling of messages to prevent their being read or accessed without authorization.
evil twin wireless networks that pretend to be legitimate wifi networks to entice participants to log on and reveal passwords or credit card numbers
fault tolerant computer systems systems that contain extra hardware, software, and power supply components that can back a system up and keep it running to prevent system failure.
firewall hardware and software placed between an organizations internal network and an external network to prevent outsiders from invading private networks.
general controls overall control environment governing the design, security, and use of computer programs and the security of data files in general throughout the organization's information technology infrastructure.
gramm-leach-bliley act requires financial institutions to ensure the security and confidentiality of customer data.
hacker a person who gains unauthorized access to a computer network for profit, criminal mischief, or personal pleasure.
high availability computing tools and technologies, including backup hardware resources, to enable a system to recover quickly from a crash.
HIPAA law outlining medical security and privacy rules and procedures for simplifying the administration of healthcare billing and automating the transfer of healthcare data between healthcare providers, payers, and plans.
identity management business processes and software tools for identifying the valid users of a system and controlling their access to system resources.
identity theft theft of key pieces of personal information, such as credit card or social security numbers, in order to obtain merchandise and services in the name of the victim or to obtain false credentials.
intrusion detection systems tools to monitor the most vulnerable points in a network to detect and deter unauthorized intruders.
keyloggers spyware that records every keystroke made on a computer.
malware malicious software programs such computer viruses, worms, and Trojan horses.
managed security service providers (MSSPs) companies that provide security management services fro subscribing clients.
MIS audit identifies all the controls that govern individual information systems and assesses their effectiveness.
Online transaction processing transaction processing mode in which transactions entered on-line are immediately processed by the computer.
password are used to log on to a computer system and may also be used for accessing specific systems and files.
patches small pieces of software that repair flaws in programs without disturbing the proper operation of the software.
pharming phishing techniwue that redirects users to a bogus web page, even when the individual types the correct web page address into his or her browser.
phishing a form of spoofing involving setting up fake web sites or sending email messages that look like those of legitimate businesses to ask users for confidential personal data.
public key encryption uses two keys one shared or public and one private.
public key infrastructure (PKI) system for creating public and private keys using certificate authority (CA) and digital certificates for authentication.
Recovery oriented computing computer systems designed to recover rapidly when mishaps occur.
risk assessment determining the potential frequency of the occurrence of a problem and the potential damage if the problem were to occur. used to determine the cost/benefit of a control.
Sarbanes-Oxley act law passed in 2002 that imposes responsibility on companies and their management to protect investors by safeguarding the accuracy and integrity of financial information that is used internally and released externally.
secure hypertext transfer protocol (S-HTTP) protocol used for encrypting data flowing over the internet: limited to individual messages.
Secure sockets layer (SSL) enables client and server computers to manage encryption and decryption activities as they communicate with each other during a secure web session.
security policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.
security policy statements ranking information risks, identifying acceptable security goals, and identifying the mechanisms for achieving these goals.
smart card a credit card size plastic card that stores digital information and that can be used for electronic payments in place of cash.
sniffer a type of eavesdropping program that monitors information traveling over a network.
social engineering tricking people into revealing their passwords by pretending to be legitimate users or members of a company in need of information
spoofing misrepresenting ones identity on the internet or redirecting a web link to an address different from the intended one, with the site masquerading as the intended destination.
spyware technology that aids in gathering information about a person or organization without their knowledge.
SQL injection attack attacks against a web site that take advantage of vulnerabilities in poorly coded SQL (a standard and common database software application) applications in order to introduce malicious program code into a company's systems and networks.
token physical device, similar to an identification card, that is designed to prove the identity of a single user.
trojan horse a software program that appears legitimate but contains a second hidden function that may cause damage.
unified threat management (UTM) comprehensive security management tools, including firewalls, virtual private networks, intrusion detection systems, and web content filtering and anti-spam software.
war driving an eavesdropping technique in which eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic.
worms independent software programs that propagate themselves to disrupt the operation of computer networks or destroy data and other programs.
Created by: 1493084379