DSCI 320 Chapter 4

Terms in this set (91)

Information ethics

govern the ethical and moral issues arising from the development and the use information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself

The principles and standards that guide
our behavior toward other people

Intellectual property

intangible creative work that is embodied in physical form and includes copyright, trademarks, and patents

the legal protection afforded an expression of an idea such as a song, book, or game.

Fair use doctrine

In certain situations, it is legal to use copyrighted material

Pirated software

the unauthorized use , duplication, distribution , or sale of copyrighted software

Counterfeit software

manufactured to look like the real thing and sold as such

an exclusive right to make, use, and sell an invention and is granted

the right to be left alone when you have to be, to have control over your personal possessions, and to not be observed without your consent.

Confidentiality

the assurance that messages and information remain available only to those authorized to view them

Digital right management

a technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution

Information management

examines the organizational resources of information and regulates its definition, uses, value, and distribution ensuring it has the types of data/information required to function and grow effectively

Tools to prevent information misuse

• Information management
• Information governance
• Information compliance
• Ediscovery

Information governance

method or system of government for information management or control

Information compliance

act of conforming, acquiescing, or yielding information

Information property

ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged

refers to the ability of a company to identify, search, gather, seize, or explore digital information in responding to litigation, audit, investigation, or information inquiry

Child Online Protection Act

was passed to protect minors from accessing inappropriate material on the internet

Sarbanes-Oxley Act

protects investors by improving the accuracy and reliability of corporate disclosures

policies and procedures that address information management along with the ethical use of computers and the internet in the business environment.

The ethical computer user policy

• Ethical computer use policy- contains general principles to guide computer use behavior

-ensures all users are informed of the rules and, by agreeing to use the system on that basis, consent to abide by the rules

1. Ethical Computer Use Policies

a. Cyber bullying
b. Click-fraud- abuse of pay-per-click
c. Competitive click fraud- computer crime company clicks its own

2. Information Privacy Policy

Contains general principles regarding information privacy

The unethical use of information typically occurs "unintentionally" when it is used for new purposes

2. Acceptable use policy

requires a user to agree to follow it be provided access to corporate email

Nonrepudiation-

ensures that ebusiness participants do not deny their online actions

Internet use policy

contains general principles to guide the proper use of the internet

Cyber vandalism

electronic defacing of website

someone registers purposely misspelled variations of well-known domain names (bing)

Website name steal

theft of a websites name that occurs when someone posing as administrator changes ownership

Internet censorship

government attempt to control internet traffic

3. Email Privacy Policy

-details the extent to which emails messages may be read by others

Organizations can mitigate the risks of email and instant messaging communication tools by implementing and adhering to an email privacy policy

unsolicited email

anti-spam policy

states that email users will not send unsolicited email
-can opt out

anti-spamming approach where receiving program launches counter attack.

4. Social Media Policy

Outlines corporate guidelines or principles governing employee online communications

5. Workplace monitoring Policy

a. physical security- tangible protection such as alarms, guards, fireproof doors, fences, and vault
b. workplace MIS monitoring- tracks peoples activities by such measures as number of keystrokes, error rate, and number of transactions processed
c. employee monitoring policy- stating explicitly how, when, and where the company monitors its employees. Best PATH

Employee monitoring policy

Explicitly state how, when, and where the company monitors its employees

Information Security

the protection of information from accidental or intentional miss use by persons inside or outside an organization

Information technology monitoring

Tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed

period of time when a system is unavailable

experts in technology who use their knowledge to break into computers and computer networks (profit or challenge)

White-hat hackers

work at the request of the system owners to find system vulnerabilities and plug the holes

have philosophical and political reasons for breaking into systems and will often deface the website as a protest

Script kiddies or script bunnies

find hacking code on the Internet and click-and-point their way into systems to cause damage or spread viruses

Black-hat hackers

break into other people's computer systems and may just look around or may steal and destroy information

a hacker with criminal intent

seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction

drive by hacking

computer attack where an attacker access a wifi, intercepts data, and sends attack instructions with out entering the office or organizations that own the network

most common form. Software written with intent to cause annoyance or damage

software that, while purporting to serve some useful function and often fulfilling that function, also allows internet advisors to display advertisements without the consent of the computer user

a special class of adware that collect data about the user and transmits it over the internet without the users specific knowledge or permission

a type of virus that spreads itself, not only from file to file, but also from computer to computer. The primary difference between a virus and a worm is that a virus must attach to something, such as an executable file, in order to spread. Worms do not need to attach to anything to spread and can tunnel themselves into computers.

Denial-of-service attack (DoS)

floods a website with so many requests for service that it slows down or crashes the site

Distributed denial-of-service attack (DDoS)

attacks from multiple computers that flood a website with so many requests for service that it slows down or crashes

Trojan-horse virus

hides inside other software, usually as an attachment or a downloadable file

Backdoor programs

viruses that open a way into the network for future attacks

Polymorphic viruses and worms

change their form as they propagate

First line of defense

legitimate users who purposefully or accidentally mis use their access to the environment and cause some kind of business-affecting incident

Social engineering

hackers use their social skills to tick people into revealing access credentials or other valuabe information

Dumpster diving

looking though peoples trash to find info- hacker style

Information security policies

Identify the rules required to maintain information security, such as requiring users to log off before leaving for lunch or meetings, never sharing passwords, etc...

Information security plan

details how an organization with implement the information security policies

Second line of defense

technology
poeple, data, attacks

three primary information technology security areas:

People: Authentic and Authorizatio
Data: Prevention and Resistance
Attacks: Detection and Response

Destructive agents

agents designed by spammers and other internet attackers to farm email addresses off websites or deposit spyware on machines

forging of someone's identity in the purpose of fraud

Information secrecy

category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity

technique to gain info for the purpose of identity theft.

Phishing expedition

masking attacking that combines spam with spoofing. Emails sent look from respectable company but not

emails are carefully designed to target a specific person or organization

phone scam that attempts to defraud people (PAPA)

reroute requests for legitimate websites to false websites

program that secretly takes over another computer for purpose of attack on other computers

group of computers on which hacker planted zombie programs

Pharming attack

uses zombie farm, often by an organization crime association, to launch a massive phishing attack

computer viruses that wait for a specific date before executing their instructions

process of providing a user with permission including access levels and abilities such as files access, hours, etc. *A method for confirming users'
identities* Techniques fall into 3 categories.
oSomething the users knows, user ID and password-ineffective
oSomething user has, smart card or token
•Tokenn*- small electronic devices that change user password automatically
•Smart cardd*- device about the size of a credit card, embedded technologies that can store information and small amounts of software.- identity instruments
oSomething part of user, fingerprint or voice signature
•Biometricss*- identification of user based on physical

Data: prevention and resistance

-Technologies that stop intruders from accessing and reading data by means of content filtering, encryption , and firewalls
-available to help prevent and build resistance to attacks

content filtering

occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission or unauthorized information

scrambles information into an alternative form that requires a key or password to decrypt

information is to decode it and is the opposite of encrypt

science that studies encryption, hides the message so only sender an receiver can read them

Advanced encryption standard

designed to keep government information secure

Public key encryption

Public key that everyone can have
•certificate authorityy*- trusted 3rd party that validates user identities by means of digital certificates
•digital certificatee*- data file that identifies individuals or organizations online and is comparable to a digital signature

Private only for recipient encryption

•Firewalll*- software that gaurds a private network by analyzing incoming and outgoing information for the correct markings
•Antivirus softwaree*- scans and searches hard drives to prevent, detect, and remove known viruses, adware, spyware

Hardware and/or software that guards a private network by analyzing the information leaving and entering the network

an organized attempt by a country's military to disrupt or destroy information and communication systems for another country

the use of computer and network technologies against persons or property to intimidate or coerce governments, individuals, or any segment of society to attain political, religious, or ideological goals. With so many intruders planning computer attacks, it is critical that all computer systems are protected

detection and response

If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage

intrusion detection software

features fulltime monitoring tools that search for patterns in networks traffic to identify intruders

;