Securing Information Systems
Quiz yourself by thinking what should be in
each of the black spaces below before clicking
on it to display the answer.
Help!
|
|
||||
|---|---|---|---|---|---|
| Defines acceptable uses of the firm's information resources and computing equipment, including desktop and laptop computers, wireless devices, telephones, and the Internet, and specifies consequences for noncompliance. | acceptable use policy (AUP)
🗑
|
||||
| Software designed to detect, and often eliminate, computer viruses from an information system. | antivirus software
🗑
|
||||
| Specific controls unique to each computerized application that ensure that only authorized data are completely and accurately processed by that application. | application controls
🗑
|
||||
| The ability of each party in a transaction to ascertain the identity of the other party. | authentication
🗑
|
||||
| Technology for authenticating system users that compares a person's unique charcteristics such as fingerprints, face, or retinal image, aginst a stored set profile of these characteristics. | biometric authentication
🗑
|
||||
| A group of computers that have been infected with bot malware without users' knowledge, enabling a hacker to use the amassed resources of the computer to launch distributed denial-of-service attacks, phishing campaigns or spam. | botnet
🗑
|
||||
| Software program code defects. | bugs
🗑
|
||||
| Planning that focuses on how the company can restore business operations after a disaster strike. | business continuity planning
🗑
|
||||
| Occurs when an individual or computer program fraudently clicks on an online as without any intention of learning more about the advertiser or making a purchase. | click fraud
🗑
|
||||
| The commission of illegal acts through the use of a computer or against a computer system. | computer crime
🗑
|
||||
| The scientific collection, examination, authentication, preservation, and analysis of data held on or retrieved from computer storage media in such a way that the information can be used as evidence in a court of law. | computer forensics
🗑
|
||||
| Rogue software program that attaches itself to other software programs or data files in order to executed, often causing hardware and software malfunctions. | computer virus
🗑
|
||||
| All of the methods, policies, and procedures that ensure protection of the organization's assets, accuracy and reliability of its records, and operational adherence to managememnt standards. | controls
🗑
|
||||
| Intentional disruption, defacement, or even destruction of a Web site or corporate information system. | cybervandalism
🗑
|
||||
| State-sponsored activity designed to cripple and defeat another state or nation by damaging or disrupting its computers or networks. | cyberwarfare
🗑
|
||||
| Techonology for managing network traffic by examining data packets, sorting out low-priority data from higher priority business-critical data, and sending packets in order of priority. | deep packet inspection (DPI)
🗑
|
||||
| Flooding a network server or Web server with false communications or requests for services in order to crash the network. | denial-of-service (DoS) attack
🗑
|
||||
| Attachments to an electronic message to verify the identity of the sender and to provide the reciver with the means to encode a reply. | digital certificates
🗑
|
||||
| Planning for the restoration of computing and communications services after they have been disrupted. | disaster recovery planning
🗑
|
||||
| Uses numerous computers to inundate and overwhelm a network from numerous launch points. | distributed denial-of-service (DDoS) attack
🗑
|
||||
| Period of time in which an information system is not operational. | downtime
🗑
|
||||
| The coding and scrambling of messages to prevent their being read or accessed without authorization. | encryption
🗑
|
||||
| Wireless networks that pretend to be legitimate Wi-Fi networks to entice participants to log on and reveal passwords or credit card numbers. | evil twins
🗑
|
||||
| Systems that contain extra hardware, software, and power supply components that can back a system up and keep it running to prevent system failure. | fault-tolerant computer systems
🗑
|
||||
| Hardware and software placed between an organization's internal network and an external network to prevent outsiders from invading private networks. | firewalls
🗑
|
||||
| Overall control environment governing the design, security, and use of computer programs and the security of data files in general throughout the organization's information technology infrastructure. | general controls
🗑
|
||||
| Requires financial institutions to ensure the security and confidentiality of customer data. | Gramm-Leach-Bliley Act
🗑
|
||||
| A person who gains unauthorized access to a computer network for profit, criminal mischief, or personal pleasure. | hacker
🗑
|
||||
| Tools and technologies, including backup hardware resources, to enable a system to recover quickly from a crash. | high-availability computing
🗑
|
||||
| Law outlining medical security and privacy rules and procedures for simplifying the administration of healthcare billing and automating the transfer of healthcare data between healthcare providers, payers, and plans. | HIPAA
🗑
|
||||
| Business Processes and software tools for identifying the valid users of a system and controlling their access to system resources. | identity management
🗑
|
||||
| Theft of key pieces of personal information, such as credit card or Social Security numbers, in order to obtain merchandise and services in the name of the victim or to obtain false credentials. | identity theft
🗑
|
||||
| Tools to monitor the most vulnerable points in a network to detect and deter unauthorized intruders. | intrusion detection systems
🗑
|
||||
| Spyware that records every keystroke made on a computer. | key loggers
🗑
|
||||
| Malicious software programs such as computer viruses, worms, and Trojan horses. | malware
🗑
|
||||
| Companies that provide security management services for subscribing clients. | managed security service providers (MSSPs)
🗑
|
||||
| Identifies all the controls that govern individual information systems and assesses their effectiveness. | MIS audit
🗑
|
||||
| Transaction processing mode in which transactions entered on-line are immediately processed by the computer. | online transaction processing
🗑
|
||||
| Authentication established by a user to prevent unauthorized persons from accessing specific systems and files. | password
🗑
|
||||
| Small pieces of software that repair flaws in programs without disturbing the proper operation of the software. | patches
🗑
|
||||
| Phishing technique that redirects users to a bogus Web page, even when the individual types the correct Web page address into his or her browser. | pharming
🗑
|
||||
| A form of spoofing involving setting up fake Web sites or sending e-mail messages that look like those of legitimate bsuinesses to ask users for confidential personal data. | phishing
🗑
|
||||
| Uses two keys one shared (or public) and one private. | public key encryption
🗑
|
||||
| System for creating public and private keys using a certificate authority (CA) and digital certificates for authentication. | public key infrastructure (PKI)
🗑
|
||||
| Computer systems designed to recover rapidly when mishaps occur. | recovery-oriented computing
🗑
|
||||
| Determining the potential frequency of the occurence of a problem and the potential damage if the problem were to occur. Used to determine the cost/benefit of a control. | risk assessment
🗑
|
||||
| Law passed in 2002 that imposes responsibility on companies and their management to protect investors by safeguarding the accuracy and integrity of financial information that is used internally and released externally. | Sarbanes-Oxley Act
🗑
|
||||
| Protocol used for encrypting data flowing over the Internet; limited to individual messages. | Secure Hypertext Transfer Protocol (S-HTTP)
🗑
|
||||
| Enables client and server computers to manage encryption and decryption activities as they communicate with each other during a secure Web session. | Secure Sockets Layer (SSL)
🗑
|
||||
| Policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems. | security
🗑
|
||||
| Statements ranking information risks, identifying acceptable security goals, and identifying the mechanism for achieving these goals. | security policy
🗑
|
||||
| A credit-card-size plastic card that stores digital information that can be used for electronic payments in place of cash. | smart card
🗑
|
||||
| A type of eavesdropping program that monitors information traveling over a network. | sniffer
🗑
|
||||
| Tricking people into revealing their passwords by pretending to be legitimate users or member of a company in need of information. | social engineering
🗑
|
||||
| Misrepresenting one's identity on the Internet or redirecting a Web link to an address different from the intended one, with the site masquerading as the intended destination. | spoofing
🗑
|
||||
| Technology that aids in gathering information about a person or organization without their knowledge. | spyware
🗑
|
||||
| is gaining attention as a technology for enabiling | Blockchain
🗑
|
||||
| consisting of malware that comes with a downloaded file that a user intentionally or unintentionally requests | Drive by download
🗑
|
||||
| examines the firms overall security environment as well as controls governing individual information system | information system audit
🗑
|
||||
| physical device similar to an identification card, design to prove the identity of a single user | token
🗑
|
||||
| software program that appears to be benign but then does something other than expected | trojan horse
🗑
|
||||
| increases security by validating users through a multi step process. | two factor authentication
🗑
|
||||
| combining various security tools including farewells, virtual private networks, intrusion detection systems, and web content filtering and anti spam software into a single appliance to create comprehensive security management products. | unified threat management
🗑
|
||||
| technique in which eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic | war driving
🗑
|
||||
| independent computer programs that copy themselves from one computer to other computers over a network | worms
🗑
|
||||
| hole in the software unknown to its creator | zero vulnerabilities
🗑
|
||||
| Type of malware trying to extort money from users by taking control of their computers, blocking access to files, or displaying annoying pop-ups messages. | Ransomware
🗑
|
||||
| a major malware taking advantage of vulnerabilities in poorly coded web application software to introduce malicious program code into a companies systems and networks | SQL injection attack
🗑
|
Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Created by:
TroyIS3310
Popular Computers sets