Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
ISM
test 2
| Question | Answer |
|---|---|
| a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization | information security |
| leading cause = software failure, then human error | downtime |
| legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident | insider |
| using one's social skills to trick people into revealing access credentials o other information valuable to the attacker | social engineering |
| passwords, tokens, smart cards, biometrics | authentication and authorization |
| firewalls, spyware tracking, MIS auditing, encryption (private and public key), content filtering | prevention and resistance |
| intrusion detection system, antivirus software | detection and response |
| monitors network and notifies if anyone hacks network | intrusion detection system |
| five steps in information security plan | 1) develop information security policies 2) communicate infor. security policies 3) identify critical info assets and risks 4) test and re-evaluate 5) obtain stakeholder support |
| hardware and/or software that guards a private network by analyzing the information leaving and entering the network | firewall |
| common type of defense within detection and response tehnologies | antivirus software |
| spyware tracking | |
| MIS auditing | |
| people very knowledgeable about computers who use their knowledge to invade other people's computers | hackers |
| scrambles information into an alternative form that requires a key or password to decrypt the information | encryption |
| the forging of someones identity for purposes of fraud | identity theft |
| technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails | phishing |
| a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing | smart cards |
| small electronic devices that change user passwords automatically | tokens |
| most effective way to manage authentication | biometrics |
| occurs when organizations use software that filters content to prevent the transmission of unauthorized information | content filtering |
| a method of confirming users' identities | authentication |
| process of giving someone permission to do or have something | authorization |
| one of the most ineffective ways for determining authentication | passwords |
| the identification of a user based on a physical characteristic (i.e. fingerprint, iris, face, voice, handwriting) | biometrics |
| stop intruders form accessing intellectual capital | prevention an resistance technologies |
| and encryption system that uses two keys: a public key that everyone can have and a private key for only the recipient | public key encryption (PKE) |
| one of the most common defenses for preventing a security breach | firewall |
| work at the request of the system owners to find system vulnerabilities and plug the wholes | white-hat hackers |
| break into other people's computer systems and may just look around or may steal and destroy information | black-hat hackers |
| have philosophical and political reasons for breaking into systems and will often deface the website as a protest | hactivists |
| find hacking code on the internet and click-and-point their way into systems to cause damage or spread viruses | script kiddies/bunnies |
| a hacker with a criminal intent | cracker |
| seek to cause harm to people or destroy critical systems or information and use the internet as a weapon of mass destruction | cyberterrorist |
| software written with malicious intent to cause annoyance or damage (must attach to something in order to spread) | virus |
| a type of virus that spreads itself, not only from file to file, but also from computer to computer (do not need to attach to anything to spread and can tunnel into computers) | worm |
| malware | |
| hides other software, usually as an attachment or a downloadable file | trojan horse |
| floods a website with so many requests for service that it slows down or crashes the site | denial of service |
| viruses that open a way into the network for future attacks | backdoor programs |
| the forging of the return address on an email so that the message appears to come from someone other than the actual sender. a way by which virus authors conceal their identities as they send out viruses | spoofing |
| war driving | |
| a program or device that can monitor data traveling over a network. Can show all the data being transmitted over a network including passwords and sensitive information. favorite weapon of hackers arsenal | sniffer/sniffing |
| process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system. | elevation of privilege |
| software that comes hidden in free downloadable software and tracks online movements, or uses computer's CPU and storage for some tasks that the user knows nothing about | spyware |
| consists of altering the contents of packets as they travel over the internet or altering data on computer disks after penetrating a network | packet tampering |
| The actual hardware that interprets and executes the program (software) instructions and coordinates how all the other hardware devices work together. | CPU (central processing unit) |
| computer’s main memory(ndom access memory (RAM), cache memory, and the read-only memory (ROM) that is directly accessible to the central processing unit (CPU)) | primary storage |
| Equipment designed to store large volumes of data for long- term storage (e.g., diskette, hard drive, memory card, CD). | secondary storage |
| Equipment used to capture information and commands (e.g., keyboard, scanner). | input devices |
| Equipment used to see, hear, or otherwise accept the results of information processing requests (e.g., monitor, printer). | output devices |
| Equipment used to send information and receive it from one location to another (e.g., modem). | communication devices |
| performs all arithmetic operations and all logic operations (such as sorting and comparing numbers). The control unit | ALU (arithmetic-logic unit) |
| he number of millions of CPU cycles per second | MHz (Megahertz) |
| he number of billions of CPU cycles per second | GHz (gigahertz) |
| framework of dividing the resources of a computer into multiple execution environments | virtualization |
| he computer’s primary working memory, in which program instruc- tions and data are stored so that they can be accessed directly by the CPU via the processor’s high-speed external data bus. | RAM (Random Access Memory) |
| refers to RAM’s complete loss of stored information if power is interrupted | volatility |
| a small unit of ultra-fast memory that is used to store recently accessed or frequently accessed data so that the CPU does not have to retrieve this data from slower memory circuits such as RAM | cahce memory |
| the portion of a com- puter’s primary storage that does not lose its contents when one switches off the power | ROM (Read-only memory) |
| 1,024 Bytes | kilabytes |
| 1,024 PB (10^18 bytes) 2 EB = total volume of information generated worldwide annually 5 EB = all words ever spoken by human beings | exabytes |
| modem | |
| bus | |
| allows companies to chain together thousands of PCs to build mass-market systems. | clustering |
| provides the ability to run two or more tasks simultaneously and is viewed as the chip industry’s future | parallel processing |
| allows more than one piece of software to be used at a time | multitasking |
| includes plans for how an organization will build, deploy, use, and share its data, processes, and IT assets--will standardize enterprisewide hardware and software systems, with tighter links to the business strategy-- | enterprise architecture |
| can decrease costs, increase standardization, promote reuse of IT assets, and speed development of new systems--make IT cheaper, strategic and more responsive | enterprise architecture |
| three components of enterprise architecture | information architecture, infrastructure architecture, application architecture |
| identifies where and how important information is maintained and secured | information architecture |
| includes hardware, software, and telecommunications equipment that when combined, provides the underlying foundation to support the organizations goals | infrastructure architecture |
| determines how applications integrate to each other | application architecture |
| backup and recovery, disaster recovery, information security | information architecture |
| an exact copy of a system's information | backup |
| a computer system designed that in the event a component fails, a backup component or procedure can immediately take its place with no loss of service--can be provided via software embedded in hardware or provided by some combination | fault tolerance |
| a backup in which the functions of a computer component are assumed by secondary system components when the primary component becomes unavailable through either failure or scheduled downtime | fail over |
| detailed process for recovering information or an IT system in the event of a catastrophic disaster such as a fire or flood | disaster recovery plan |
| a plan for how an organization will recover and restore partially or completely interrupted critical functions within a predetermined time after a disaster or extended disruption | business continuity plan (BCP) |
| a separate and fully equipped facility where the company can move immediately after a disaster and resume business | hot site |
| a separate facility that does not have any computer equipment, but us a place where employees can move after a disaster | cold site |
| info security/ user access | |
| patches | |
| the ability to get a system up and running in the event of a system crash or failure and includes restoring the information backup | recovery |
| contain a repertoire of web-based data and procedural resources that use shared protocols and standards permitting different applications to share data and services | web services |
| the capability of two or more computer systems to share data and resources, even though they are made by different manufacturers | interoperability |
| detect threats and opportunities and alert those who can act on the information | events |
| software products--need to be reusable | services |
| nonproprietary IT hardware and software mad available by the standards and procedures by which their products work, making it easier to integrate them | open systems |
| business driven IT architectural approach that supports integration a business as linked, repeatable tasks or services--ensures that IT systems can adapt quickly, easily, and economically to support rapidly changing business needs | service oriented architecture |
| a business task | services |
| the capability of services to be joined together on demand to create composite services, or disassembled just as easily into their functional components | loose coupling |
| a markup language for documents containing structured information | XML (extensive markup language) |
| a framework of dividing the resources of a computer into multiple execution environments--a way of increasing physical resources to maximize the investment in hardware | virtualization |
| virtual machines | |
| aggregation of geographically dispersed computing, storage, and network resources, coordinated to deliver improved performance, higher quality of service, better utilization, and easier access to data | grid computing |
| raw facts that describe characteristics of an event | data |
| data converted into meaningful and useful context | information |
| the extent of detail within the information (fine and detailed or coarse and abstract) | information granularity |
| encompasses all of the information contained within a single business process or unit of work, and its primary purpose is to support the performing of daily operational tasks | transactional info |
| encompasses all organizational information and its primary purpose is to support the performing of managerial analysis tasks (used when making important ad hoc decisions) | analytical info |
| immediate up-to-date information | real time info |
| maintains information about various types of objects events people and places | database |
| database management system (dbms) | |
| schema | |
| information is organized into a tree-like structure that allows repeating information using parent/child relationships in such a way that it cannot have too many relationships--often cannot be used to relate to structures that exist in the real world | hierarchical database model |
| a flexible way of representing objects and their relationships (lattice structure) | network database model |
| type of database that stores information in the form of logically related two dimmensional tables | relational database model |
| person, place, thing, transaction, or event about which information is stored | entity |
| fields or columns, characteristics or properties of an entity class | attributes |
| a field (or group of fields) that uniquely identifies a given entity in a table | primary key |
| a primary key of one table that appears as an attribute in another table and acts to provide a logical relationship between the two tables | foreign key |
| row | record |
| character of info | byte |
| lets users create, read, update, delete info | data manipulation |
| data about data | metadata |
| stores info about data in a database | data dictionary |
| data manipulation language, can be embedded in programs | SQL |
| used to specify content and structure of database | data definition |
| increased integrity/quality of data, security, flexibility, performance reduced redundancy, different views available, error checking, constraints | advantages of using a database |
| deals with the physical storage information on a storage device such as a hard disk | physical view |
| focuses on how users logically access information to meet their particular business needs | logical view |
| refers to how well a system can adapt to increased demands | scalability |
| measures how quickly a system performs a certain process or transaction | performance |
| measure of the quality of information | information integrity |
| rules that help ensure the quality of information | integrity constraints |
| rules that enforce basic and fundamental information-based constraints | relational integrity constraints |
| enforce business rules vital to an organization's success and often require more insight and knowledge than relational integrity constraints | business-critical integrity |
| an interactive website kept constantly updated and relevant to the needs of its customers through the use of a database | data driven website |
| logical collection of information, gathered from many different operational databases, that supports business analytical activities and decision making tasks. primary purpose- to aggregate info throughout an organization into a single repository | data warehouse |
| a process that extracts information from the internal and external databases, transforms the information using a common set of enterprise definitions and loads the info into a data warehouse | ETL (extraction, transformation, and loading) |
| contains a subset of data warehouse info | data mart |
| multidimensional analysis | |
| common term for the representation of multidimensional information | cube |
| slice-and-dice | |
| the process of analyyzing data to extract information not offered by raw data alone | data mining |
| spans a large geographic area, often connect smaller networks | WAN (wide area network) |
| a way to use the public telecommunication infrastructure to provide secure access to an organizations network | VPN (virtual private network) |
| uses TCP/IP technology to transmit voice calls over long distance telephone lines, transmits over 10% of all phone calls in the US | VoIP (voice over IP) |
| a private network provided by a third party for exchanging information through a high capacity connection | VAN (value-added network) |
| the difference between the highest and the lowest frequencies that can be transmitted on a single medium, and it is a measure of the medium's capactity | bandwitdh |
| generally refers to high speed internet connections transmitting data at speeds greater than 200 kilobytes per second | broadband |
| PDA | |
| combines the functions of a cellular phone and PDA into a single device | smart phone |
| a telecommunications industry soecification that describes how mobile phones, computers, and personal digital assistants can be easily interconnected by a short range connection | bluetooth |
| a big microwave repeater in the sky, contains one or more transponders tat listen to a particular portion of the electromagnetic spectrum, amplifying incoming signals and transmitting them back to earth | satellite |
| uses the atmospher (or outer space) as the transmission medium to send the signals to a microwave receiver | microwave transmitter |
| wireless mobile content services that provide location-specific information to mobile users moving from location to location | location based services (LBS) |
| a constellation of 24 well spaced satellites that orbit the earth and make it possible for people with ground receivers to pinpoint their geographic location | GPS (global positioning system) |
| designed to work with information that can show on a map | GIS (geographic information systems) |
| means of linking computers using infrared or radio signals | WiFi (wireless fidelity) |
| a telecommunications technology aimed at providing wireless data over long distance in a variety of ways, form point-to-point links to full mobile cellular type access | WiMax (worldwide iinteroperability for microwave access) |
| use active or passive tags in the form of chips or smart labels that can store unique identifiers and relay this information to electronic readers | RFID (radio frequency identification) |
Created by:
1104300003