Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove Ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

ChapterEight

Securing Information Systems

QuestionAnswer
Defines acceptable uses of the firm's information resources and computing equipment, including desktop and laptop computers, wireless devices, telephones, and the Internet, and specifies consequences for noncompliance. acceptable use policy (AUP)
Software designed to detect, and often eliminate, computer viruses from an information system. antivirus software
Specific controls unique to each computerized application that ensure that only authorized data are completely and accurately processed by that application. application controls
The ability of each party in a transaction to ascertain the identity of the other party. authentication
Technology for authenticating system users that compares a person's unique charcteristics such as fingerprints, face, or retinal image, aginst a stored set profile of these characteristics. biometric authentication
A group of computers that have been infected with bot malware without users' knowledge, enabling a hacker to use the amassed resources of the computer to launch distributed denial-of-service attacks, phishing campaigns or spam. botnet
Software program code defects. bugs
Planning that focuses on how the company can restore business operations after a disaster strike. business continuity planning
Occurs when an individual or computer program fraudently clicks on an online as without any intention of learning more about the advertiser or making a purchase. click fraud
The commission of illegal acts through the use of a computer or against a computer system. computer crime
The scientific collection, examination, authentication, preservation, and analysis of data held on or retrieved from computer storage media in such a way that the information can be used as evidence in a court of law. computer forensics
Rogue software program that attaches itself to other software programs or data files in order to executed, often causing hardware and software malfunctions. computer virus
All of the methods, policies, and procedures that ensure protection of the organization's assets, accuracy and reliability of its records, and operational adherence to managememnt standards. controls
Intentional disruption, defacement, or even destruction of a Web site or corporate information system. cybervandalism
State-sponsored activity designed to cripple and defeat another state or nation by damaging or disrupting its computers or networks. cyberwarfare
Techonology for managing network traffic by examining data packets, sorting out low-priority data from higher priority business-critical data, and sending packets in order of priority. deep packet inspection (DPI)
Flooding a network server or Web server with false communications or requests for services in order to crash the network. denial-of-service (DoS) attack
Attachments to an electronic message to verify the identity of the sender and to provide the reciver with the means to encode a reply. digital certificates
Planning for the restoration of computing and communications services after they have been disrupted. disaster recovery planning
Uses numerous computers to inundate and overwhelm a network from numerous launch points. distributed denial-of-service (DDoS) attack
Period of time in which an information system is not operational. downtime
The coding and scrambling of messages to prevent their being read or accessed without authorization. encryption
Wireless networks that pretend to be legitimate Wi-Fi networks to entice participants to log on and reveal passwords or credit card numbers. evil twins
Systems that contain extra hardware, software, and power supply components that can back a system up and keep it running to prevent system failure. fault-tolerant computer systems
Hardware and software placed between an organization's internal network and an external network to prevent outsiders from invading private networks. firewalls
Overall control environment governing the design, security, and use of computer programs and the security of data files in general throughout the organization's information technology infrastructure. general controls
Requires financial institutions to ensure the security and confidentiality of customer data. Gramm-Leach-Bliley Act
A person who gains unauthorized access to a computer network for profit, criminal mischief, or personal pleasure. hacker
Tools and technologies, including backup hardware resources, to enable a system to recover quickly from a crash. high-availability computing
Law outlining medical security and privacy rules and procedures for simplifying the administration of healthcare billing and automating the transfer of healthcare data between healthcare providers, payers, and plans. HIPAA
Business Processes and software tools for identifying the valid users of a system and controlling their access to system resources. identity management
Theft of key pieces of personal information, such as credit card or Social Security numbers, in order to obtain merchandise and services in the name of the victim or to obtain false credentials. identity theft
Tools to monitor the most vulnerable points in a network to detect and deter unauthorized intruders. intrusion detection systems
Spyware that records every keystroke made on a computer. key loggers
Malicious software programs such as computer viruses, worms, and Trojan horses. malware
Companies that provide security management services for subscribing clients. managed security service providers (MSSPs)
Identifies all the controls that govern individual information systems and assesses their effectiveness. MIS audit
Transaction processing mode in which transactions entered on-line are immediately processed by the computer. online transaction processing
Authentication established by a user to prevent unauthorized persons from accessing specific systems and files. password
Small pieces of software that repair flaws in programs without disturbing the proper operation of the software. patches
Phishing technique that redirects users to a bogus Web page, even when the individual types the correct Web page address into his or her browser. pharming
A form of spoofing involving setting up fake Web sites or sending e-mail messages that look like those of legitimate bsuinesses to ask users for confidential personal data. phishing
Uses two keys one shared (or public) and one private. public key encryption
System for creating public and private keys using a certificate authority (CA) and digital certificates for authentication. public key infrastructure (PKI)
Computer systems designed to recover rapidly when mishaps occur. recovery-oriented computing
Determining the potential frequency of the occurence of a problem and the potential damage if the problem were to occur. Used to determine the cost/benefit of a control. risk assessment
Law passed in 2002 that imposes responsibility on companies and their management to protect investors by safeguarding the accuracy and integrity of financial information that is used internally and released externally. Sarbanes-Oxley Act
Protocol used for encrypting data flowing over the Internet; limited to individual messages. Secure Hypertext Transfer Protocol (S-HTTP)
Enables client and server computers to manage encryption and decryption activities as they communicate with each other during a secure Web session. Secure Sockets Layer (SSL)
Policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems. security
Statements ranking information risks, identifying acceptable security goals, and identifying the mechanism for achieving these goals. security policy
A credit-card-size plastic card that stores digital information that can be used for electronic payments in place of cash. smart card
A type of eavesdropping program that monitors information traveling over a network. sniffer
Tricking people into revealing their passwords by pretending to be legitimate users or member of a company in need of information. social engineering
Misrepresenting one's identity on the Internet or redirecting a Web link to an address different from the intended one, with the site masquerading as the intended destination. spoofing
Technology that aids in gathering information about a person or organization without their knowledge. spyware
is gaining attention as a technology for enabiling Blockchain
consisting of malware that comes with a downloaded file that a user intentionally or unintentionally requests Drive by download
examines the firms overall security environment as well as controls governing individual information system information system audit
physical device similar to an identification card, design to prove the identity of a single user token
software program that appears to be benign but then does something other than expected trojan horse
increases security by validating users through a multi step process. two factor authentication
combining various security tools including farewells, virtual private networks, intrusion detection systems, and web content filtering and anti spam software into a single appliance to create comprehensive security management products. unified threat management
technique in which eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic war driving
independent computer programs that copy themselves from one computer to other computers over a network worms
hole in the software unknown to its creator zero vulnerabilities
Type of malware trying to extort money from users by taking control of their computers, blocking access to files, or displaying annoying pop-ups messages. Ransomware
a major malware taking advantage of vulnerabilities in poorly coded web application software to introduce malicious program code into a companies systems and networks SQL injection attack
Created by: TroyIS3310