26 terms

MIS Chapter 10

STUDY
PLAY

Terms in this set (...)

Ethics
system of moral principles that human beings use to judge right and wrong and to devlop rules of conduct.
Natural laws and rights
ethical system that judges the morality of an action based on how well it adheres to broadly accepted rules, regardless of the action's actual consequences.
Utilitarianism
ethical system that judges whether an act is right or wrong by considering the consequences of the action, weighing its positive effects against its harmful ones.
Intellectual property (IP)
Intangible assets such as music, written works, software, art, designs, movies, creative ideas, discoveries, inventions and other expressions of the human mind that may be legally protected by means of copyrights or patents.
Digital rights management (DRM)
Technologies that software developers, publishers, media companies, and other intellectual property owners use to control access to their digital content.
Information privacy
protection of data about individuals.
Proxy
intermediary server that receives and analyzes requests from clients and then directs them to their destinations; sometimes used to protect privacy.
Information security
term that encompasses the protection of an organization's information assets against misuse, disclosure, unauthorized access, or destruction.
Malware
malicious software designed to attack computer systems.
Computer virus
malicious software program that can damage files or other programs. Virus can also reproduce itself and spread to other computers by email, instant messaging, file transfer, or other means.
Spyware
Software that monitors a user's activity on the computer and on the internet, often installed without the user's knowledge. May use the u=internet connection to send the data it collects to third parties.
Keylogger
monitoring software that records a user's keystrokes.
Worm
self-replicating program that sends copies to other nodes on a computer network and may contain malicious code intended to cause damage.
Trojan Horse
seemingly useful, or at least harmless, program that instalss malicious code to allow remote access to the computer, as for botnet.
Botnet
combination of the terms robot and network referring to a collection of computers that have been compromised by malware and used to attack other computers.
Distributed denial of service (DDoS)
An attack in which computers in a botnet are directed to flood a single website server with rapid-fire page request, causing it to slow down or crash.
Phishing
attempt to steal passwords or other sensitive information by persuading the victim, often in email, to enter the information into a fraudulent website that masquerades as the authentic version.
Risk matrix
matrix that lists an organization's vulnerabilities, with ratings that assess each one in terms of likelihood and impact on business operations, reputation, and other areas.
Steps in incident response plan
Identify the threat, Contain the damage, Determine the cause, Recover the systems, Evaluate lessons learned.
Incidence response plan
plan that an organization uses to categorize a security threat, determine the cause, preserve any evidence, and also get the systems back online so the organization can resume business.
Multifactor authentication
combination of two or more authentications a user must pass to access an information system, such as fingerprint scan combined with a password.
Encryption
technique that scrambles data using mathematical formulas, so that it cannot be read without applying the key to decrypt it.
Public key encryption
security measure that uses a pair of keys, one to encrypt the data and the other to decrypt it. One key is public, widely shared with everyone, but the other is private, known only to the recipient.
Firewall
defensive technical control that inspects incoming and outgoing traffic and either blocks or permits it according to rules the organization establishes. It can be a hardware device or a software program.
Single sign-on
gateway service that permits users to log in once with a single user ID and password to gain access to multiple software applications.
Social engineering
art of manipulating people into breaking normal information security procedures or divulging confidential information.