| Term | Definition |
|---|
| downtime | the period of time during which an IS is not available |
| blackout | total loss of electricity |
| brownout | partial loss of electricity; could be handled by connecting a voltage regulator between PCs and electric netowrk to smoth drops/surges |
| need for uninterruptible power supply (UPS) | backup power |
| vandalism | deliberate destruction |
| data | this unique resource is the primary concern for security |
| keystroke logging | record individual keystrokes |
| social engineering | con artists pretending to be service people who then steal passwords and valuable info |
| identity theft | pretending to be another person |
| phishing | a bogus website that requests users to "update" their personal data |
| spear phishing | use stolen personal info to obtain entry codes to attack org. sys and to steal money from online accounts |
| honeytoken | a bogus record in a networked database used to entice intruder to retrieve it and to alert security personnel who can then combat hackers |
| honeypot | a server containing a mirrored copy of a database or a bogus database, invalid records is set up to make intruders think they've accessed a production database; then security personnel can look at intruders' traces and learn of vulnerable points in configuration of servers |
| virus | spreads from computer to computer; damages applications and data files, disrupt data communications |
| worm | spreads in a network without human intervention; attacks PCs without need to send e-mail or to open receieved files |
| antivirus software | protects against viruses |
| trojan horse | a virus disguised as legitimate software |
| logic bomb | software that lies dormant until a certain event takes place or until PC's inner clock reaches specific time |
| denial of service (DoS) | an attacker launches a large number of information requests that slows down legitimate traffic to site |
| distributed denial of service (DDoS) | an attacher launches a DoS attack from multiple computers, usually from hijacked personal PCs |
| hijacking | an attack using some or all of a PC's resources without the consent of its owner; often doen by DDoS attack, installing software bot on PC, purpose is usually to send spam |
| controls | constraints and restrictions imposed on a user or a system that can be used to secure against risks and to ensure that nonsensical data is not entered, can reduce damage caused to sys, apps, and data |
| reliable application | a control measure that is an application that can resist inappropriate usage such as incorrect data entry or processing |
| backup | a control measure that consists of periodic duplication of all data |
| redundant arrays of independent disks (RAID) | a control measure that consists of a set of disks programmed to replicate stored data |
| access controls | control measures taken to ensure only authorized users have access to a computer, network, application, or data; i.e. physical locks, software locks |
| biometric | a control measure that uses unique physical characteristics such as fingerprints, retinal scans, or voiceprints |
| atomic transaction | a control measure that is a set of indivisible transactions that ensures that only full entry occurs in all the appropriate files to guarantee integrity of data; all of the transactiosn in the set must be completely executed or none can be |
| audit trail | a control measure that is a series of documented facts that help detect who recorded which transactions, at what time, and under whose approval |
| information systems auditor | a person whose job is to find and investigate fraudulent cases |
| firewall | a security measure that screens that activity of a person who logs on to a website and allows retrieval and viewing of certain material, but blocks attempts to change the info or to access other resources that reside on same PC or PCs connected to it; best defense against unauthorized access over Internet; integrated into routers |
| demilitarized zone approach (DMZ) | one end of the network is connected to the trusted network, and the other end to the Internet, which provides a barrier b/w the Internet and a company's org. network, which is usually an intranet |
| proxy server | represents another server that employes a firewall and is placed between the Internet and the trusted network when there is no DMZ |
| authentication | security measure that is the process of ensuring that you are who you say you are |
| encryption | security measure that codes a message into an unreadable form by scrambling the transmitted info |
| plaintext | the original message |
| ciphertext | the encoded message |
| key | a unique combination of bits that must be used to decipher the ciphertext used by receiving PC |
| public-key encryption | uses two keys, one public and one private |
| symmetric encryption | when the sender and the recipient use the same key |
| asymmetric encryption | both a public and a private key are used |
| transport layer security (TLS) | a protocol for transactions on the Web that uses a combination of public key and symmetric key encryption |
| digital signature | a security measure to authenticate online messages; implemented with public keys that authenticates the identiy of the sender of a message and guarantees that it hasn't been altered by others |
| message digest | unique finger rpint of file used to create a digital signature when sending encrypted message |
| digital certificates | computer files that associate one's identity with one's public key, holder's name, a serial number, expiration dates; issued by certificate authority |
| certificate authority (CA) | a trusted 3rd party that issues public keys |
| single sign-on (SSO) | a user must enter his or her name/password only once which saves employees time |
| redundancy | organizations run all system and transactions on 2 computers in parallel to protect against loss of data and biz; very expensive |
| business recovery plan | a plan about how to recover from a disaster |
| mission-critical applications | when developing a biz recover plan, one needs to prioritize recovery needs and these softwares are those that the business need to conduct operations |
| hot sites | alternative sites that a business can use when a disaster occurs; backup sites provide desks, PC sys, internet links |
Combine with other sets
Share on Facebook
Share on MySpace