Search
Browse
Create
Log in
Sign up
Log in
Sign up
DSCI 320 Chapter 4
STUDY
Flashcards
Learn
Write
Spell
Test
PLAY
Match
Gravity
Terms in this set (91)
Information ethics
govern the ethical and moral issues arising from the development and the use information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself
Ethics
The principles and standards that guide
our behavior toward other people
Intellectual property
intangible creative work that is embodied in physical form and includes copyright, trademarks, and patents
Copyright
the legal protection afforded an expression of an idea such as a song, book, or game.
Fair use doctrine
In certain situations, it is legal to use copyrighted material
Pirated software
the unauthorized use , duplication, distribution , or sale of copyrighted software
Counterfeit software
manufactured to look like the real thing and sold as such
Patent
an exclusive right to make, use, and sell an invention and is granted
Privacy
the right to be left alone when you have to be, to have control over your personal possessions, and to not be observed without your consent.
Confidentiality
the assurance that messages and information remain available only to those authorized to view them
Digital right management
a technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution
Information management
examines the organizational resources of information and regulates its definition, uses, value, and distribution ensuring it has the types of data/information required to function and grow effectively
Tools to prevent information misuse
• Information management
• Information governance
• Information compliance
• Ediscovery
Information governance
method or system of government for information management or control
Information compliance
act of conforming, acquiescing, or yielding information
Information property
ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged
Ediscovery
refers to the ability of a company to identify, search, gather, seize, or explore digital information in responding to litigation, audit, investigation, or information inquiry
Child Online Protection Act
was passed to protect minors from accessing inappropriate material on the internet
Sarbanes-Oxley Act
protects investors by improving the accuracy and reliability of corporate disclosures
EPolicies
policies and procedures that address information management along with the ethical use of computers and the internet in the business environment.
The ethical computer user policy
• Ethical computer use policy- contains general principles to guide computer use behavior
-ensures all users are
informed
of the rules and, by agreeing to use the system on that basis,
consent
to abide by the rules
1. Ethical Computer Use Policies
a.
Cyber bullying
b.
Click-fraud
- abuse of pay-per-click
c.
Competitive click fraud
- computer crime company clicks its own
2. Information Privacy Policy
Contains general principles regarding information privacy
The unethical use of information typically occurs "unintentionally" when it is used for new purposes
2. Acceptable use policy
requires a user to agree to follow it be provided access to corporate email
Nonrepudiation-
ensures that ebusiness participants do not deny their online actions
Internet use policy
contains general principles to guide the proper use of the internet
Cyber vandalism
electronic defacing of website
Typosquatting
someone registers purposely misspelled variations of well-known domain names (bing)
Website name steal
theft of a websites name that occurs when someone posing as administrator changes ownership
Internet censorship
government attempt to control internet traffic
3. Email Privacy Policy
-details the extent to which emails messages may be read by others
Organizations can mitigate the risks of email and instant messaging communication tools by implementing and adhering to an email privacy policy
spam
unsolicited email
anti-spam policy
states that email users will not send unsolicited email
-can
opt out
Teergrubbing
anti-spamming approach where receiving program launches counter attack.
4. Social Media Policy
Outlines corporate guidelines or principles governing employee online communications
5. Workplace monitoring Policy
a.
physical security
- tangible protection such as alarms, guards, fireproof doors, fences, and vault
b.
workplace MIS monitoring
- tracks peoples activities by such measures as number of keystrokes, error rate, and number of transactions processed
c.
employee monitoring policy
- stating explicitly how, when, and where the company monitors its employees. Best PATH
Employee monitoring policy
Explicitly state how, when, and where the company monitors its employees
Information Security
the protection of information from accidental or intentional miss use by persons inside or outside an organization
Information technology monitoring
Tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed
Downtime
period of time when a system is unavailable
hackers
experts in technology who use their knowledge to break into computers and computer networks (profit or challenge)
White-hat hackers
work at the request of the system owners to find system vulnerabilities and plug the holes
Hactivists
have philosophical and political reasons for breaking into systems and will often deface the website as a protest
Script kiddies or script bunnies
find hacking code on the Internet and click-and-point their way into systems to cause damage or spread viruses
Black-hat hackers
break into other people's computer systems and may just look around or may steal and destroy information
Cracker
a hacker with criminal intent
Cyberterrorist
seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction
drive by hacking
computer attack where an attacker access a wifi, intercepts data, and sends attack instructions with out entering the office or organizations that own the network
virus
most common form. Software written with intent to cause annoyance or damage
Adware
software that, while purporting to serve some useful function and often fulfilling that function, also allows internet advisors to display advertisements without the consent of the computer user
Spyware
a special class of adware that collect data about the user and transmits it over the internet without the users specific knowledge or permission
worm
a type of virus that spreads itself, not only from file to file, but also from computer to computer. The primary difference between a virus and a worm is that a virus must attach to something, such as an executable file, in order to spread. Worms do not need to attach to anything to spread and can tunnel themselves into computers.
Denial-of-service attack (DoS)
floods a website with so many requests for service that it slows down or crashes the site
Distributed denial-of-service attack (DDoS)
attacks from multiple computers that flood a website with so many requests for service that it slows down or crashes
Trojan-horse virus
hides inside other software, usually as an attachment or a downloadable file
Backdoor programs
viruses that open a way into the network for future attacks
Polymorphic viruses and worms
change their form as they propagate
First line of defense
People
Insiders
legitimate users who purposefully or accidentally mis use their access to the environment and cause some kind of business-affecting incident
Social engineering
hackers use their social skills to tick people into revealing access credentials or other valuabe information
Dumpster diving
looking though peoples trash to find info- hacker style
Information security policies
Identify the rules required to maintain information security, such as requiring users to log off before leaving for lunch or meetings, never sharing passwords, etc...
Information security plan
details how an organization with implement the information security policies
Second line of defense
technology
poeple, data, attacks
three primary information technology security areas:
People: Authentic and Authorizatio
Data: Prevention and Resistance
Attacks: Detection and Response
Destructive agents
agents designed by spammers and other internet attackers to farm email addresses off websites or deposit spyware on machines
Identify theft
forging of someone's identity in the purpose of fraud
Information secrecy
category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity
Phishing
technique to gain info for the purpose of identity theft.
Phishing expedition
masking attacking that combines spam with spoofing. Emails sent look from respectable company but not
Spear phishing
emails are carefully designed to target a specific person or organization
Vishing
phone scam that attempts to defraud people (PAPA)
Pharming
reroute requests for legitimate websites to false websites
Zombie
program that secretly takes over another computer for purpose of attack on other computers
Zombie farm
group of computers on which hacker planted zombie programs
Pharming attack
uses zombie farm, often by an organization crime association, to launch a massive phishing attack
Time bombs
computer viruses that wait for a specific date before executing their instructions
Authentication
process of providing a user with permission including access levels and abilities such as files access, hours, etc. *A method for confirming users'
identities* Techniques fall into 3 categories.
oSomething the users knows, user ID and password-ineffective
oSomething user has, smart card or token
•
Token
n*- small electronic devices that change user password automatically
•
Smart card
d*- device about the size of a credit card, embedded technologies that can store information and small amounts of software.- identity instruments
oSomething part of user, fingerprint or voice signature
•
Biometrics
s*- identification of user based on physical
Data: prevention and resistance
-Technologies that stop intruders from accessing and reading data by means of content filtering, encryption , and firewalls
-
available to help prevent and build resistance to attacks
content filtering
occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission or unauthorized information
encryption
scrambles information into an alternative form that requires a key or password to decrypt
decrypt
information is to decode it and is the opposite of encrypt
Cryptography
science that studies encryption, hides the message so only sender an receiver can read them
Advanced encryption standard
designed to keep government information secure
Public key encryption
Public key that everyone can have
•
certificate authority
y*- trusted 3rd party that validates user identities by means of digital certificates
•
digital certificate
e*- data file that identifies individuals or organizations online and is comparable to a digital signature
Private only for recipient encryption
•
Firewall
l*- software that gaurds a private network by analyzing incoming and outgoing information for the correct markings
•
Antivirus software
e*- scans and searches hard drives to prevent, detect, and remove known viruses, adware, spyware
Firewalls
Hardware and/or software that guards a private network by analyzing the information leaving and entering the network
Cyber war
an organized attempt by a country's military to disrupt or destroy information and communication systems for another country
Cyperterrorism
the use of computer and network technologies against persons or property to intimidate or coerce governments, individuals, or any segment of society to attain political, religious, or ideological goals. With so many intruders planning computer attacks, it is critical that all computer systems are protected
detection and response
If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage
intrusion detection software
features fulltime monitoring tools that search for patterns in networks traffic to identify intruders
YOU MIGHT ALSO LIKE...
Introduction to Business | Gaspar, Bierman, Kolari, Hise, Smith, Arreola-Risa
AcademicMediaPremium
$12.99
STUDY GUIDE
Info Chapter 4
86 Terms
Preston_Ray4
BSAD 141 Ch 4
77 Terms
jlnagle23
Chapter 4
65 Terms
NicoMartinez1228
OTHER SETS BY THIS CREATOR
Cocktails
8 Terms
emily_spear9
MIS Chapter 5 Quiz
24 Terms
emily_spear9
MGMT 408
128 Terms
emily_spear9
DSCI 320 Chapter 3
62 Terms
emily_spear9
THIS SET IS OFTEN IN FOLDERS WITH...
DSCI 320 Chapter 1
66 Terms
emily_spear9
DSCI 320 Chapter 2
69 Terms
emily_spear9
;