Ch. 10 Terms
Terms in this set (20)
A system of moral principles that human beings use to judge right and wrong and to develop rules of conduct.
Natural laws and rights
An ethical system that judges the morality of an action based on how well it adheres to broadly accepted rules, regardless of the action's actual consequences.
An ethical system that judges whether an act is right or wrong by considering the consequences of the action, weighing its positive effects against its harmful ones.
intellectual property (IP)
Intangible assets such as music, written works, software, art, designs, movies, creative ideas, discoveries, inventions, and other expressions of the human mind that may be legally protected by means of copyrights or patents.
Digital rights management (DRM)
Technologies that software developers, publishers, media companies, and other intellectual property owners use to control access to their digital content.
The protection of data about individuals.
An intermediary server that receives and analyzes requests from clients and then directs them to their destinations: sometimes used to protect privacy.
A term that encompasses the protection of an organization's information assets against misuse, disclosure, unauthorized access, or destruction.
Malicious software designed to attack computer systems.
A combination of the terms robot and network referring to a collection of computers that have been compromised by malware and used to attack other computers.
Distributed Denial of Service (DDoS)
An attack in which computers in a botnet are directed to flood a single website server with rapid-fire page requests, causing it to slow down or crash.
An attempt to steal passwords or other sensitive information by persuading the victim, often in an email, to enter the information into a fraudulent website that masquerades as the authentic version.
A matrix that lists an organization's vulnerabilities, with ratings that assess each one in terms of likelihood and impact on business operations, reputation, and other areas.
Incidence response plan
A plan that an organization uses to categorize a security threat, determine the cause, preserve any evidence, and also get the systems back online so the organization can resume business.
A combination of two or more authentications a user must pass to access an information system, such as a fingerprint scan combined with a password.
Technique that scrambles data using mathematical formulas, so that it cannot be read without applying the key to decrypt it.
Public key encryption
A security measure that uses a pair of keys, one to encrypt the data and the other to decrypt it. One key is public, widely shared with everyone, but the other is private, known only to the recipient.
A defensive technical control that inspects incoming and outgoing traffic and either blocks or permits it according to rules the organization establishes. The firewall can be a hardware device or a software program.
A gateway service that permits users to log in once with a single user ID and password to gain access to multiple software applications.
The art of manipulating people into breaking normal information security procedures or divulging confidential information.