MIS Chapter 5
Terms in this set (99)
Digital security risk
Event or action that could cause a loss or damage to computer or mobile device hardware, software, data, information, or processing capability.
Any illegal act involving the use of a computer or related devices.
Online or Internet based illegal acts such as distributing malicious software or committing identify theft.
Software used by cybercriminals
Refers to someone who accesses a computer or network illegally.
Someone who accesses a computer or network illegally but has the intent of destroying data, stealing information or other malicious action.
Same intent as a cracker but doesn't have the technical skill and knowledge. Script kiddies often use pre written hacking and cracking programs to break into computers and network.
Someone who demands payment to to stop an attack on an organisations technology infrastructure.
Someone who uses the Internet or network to destroy or damage computers for political reasons. The cyber terrorist might target the nations air traffic control, electricity generating companies or a telecommunication infrastructure.
Describes an attack whose goal ranges from disabling a governments computer to a government's computer network to crippling a country.
Type of hacker whose actions are politically or socially motivated believes his or her actions should be protected under first amendment.
Malware (malicious software)
Consists of programs that act without a users knowledge and deliberately alter the operations of computers and mobile devices.
Some malware contains characteristics two or more classes. E.g. A single threat could contain elements of virus, worm and Trojan horse.
Group of compromised computers or mobile devices connected to a network such as the Internet that are used to attack other networks, usually for nefarious purposes.
Owner is unaware the computer or device is being controlled remotely by an outsider.
Program that performs repetitive task on a network. Cybercrime nails install malicious bots on unprotected computers and devices to create a botnet. The perpetrator then uses the botnet to send spam via email, spread viruses and other malware or commit a distributed denial of service attack.
Denial of service attack (DoS)
An assault whose purpose is to disrupt computer access to Internet service such as web or email.
What is a more devastating type of DoS attack?
Distributed Dos- zombie army attacks.
Program or set of instructions in a program that allows users to bypass security controls when accessing a program, computer or network.
Technique intruders use to make their network or Internet transmission appear legitimate to a victim or network.
What are the two types of spoofing?
IP and email.
Occurs when an intruder computer fools a network into believing it's IP address is associated with a trusted source.
e.g. viruses, worms or other malware.
occurs when the sender's address or other components of an email header are altered so that it appears that the email message originated from a different sender.
e.g. virus hoaxes, spam and phishing scams.
5 methods that protect computers:
-use antivirus software
-be suspicious of unsolicited email attachments
-scan removable media for malware before using it.
-Implement firewall solutions
-back up regularly
online security service
web app that evaluates your computer or mobile device to check for internet and email vulnerabilities and the provides information for how you can better protect your computer.
computer emergency response team coordination center or CERT
federally funded internet research and development center.
hardware and or software that protects a networks resources from intrusion by other users on another network such as the internet. all users should implement a firewall solution.
server outside the organizations network that controls which communications pass in and out of the organizations network.
software firewall that detects and protects a personal computer and its data from unauthorized intrusions.
use of a computer or network without permission.
the use of a computer or its data for unapproved or possibly illegal activities.
what 2 types of users can be a target of unauthorized access and use?
Home and business users.
acceptable use policy (AUP)
outlines the activities for which the computer and network may and may not be used.
to protect files on your device and hard drive from hackers and other intruders, turn off ____________ and printer ________ on your device.
security measure that defines who can access a computer, device or network, when they can access it and what actions they can take whilst accessing it.
records in a file both successful and unsuccessful access attempts.
unique combination of characters, such as letters of the alphabet, numbers, that identifies a specific user.
private combination of characters associated with the user name and allows access to certain computer resources.
what 3 websites provide authentication services to other applications?
private combination of words containing mixed capitalization and punctuation, associated with a user name that allows access to certain computer resources.
how long can passphrases be?
100 characters in length,
numeric password either assigned by a company or selected by a user. Pins provide an additional level of security.
any item that you possess or carry with you in order to gain access to a computer or computer facility.
example of possessed objects include: (4)
bio metric device
authenticates a personal identity by translating a personal characteristic such as a fingerprint, into a digital code that is compared with a digital code stored in a computer verifying a physical or behavioral characteristic.
name some examples of bio metric devices (4)
face recognition systems
hand geometry systems
voice verification systems
captures curves and indentations of a finger print.
why do organizations use fingerprint readers? (3)
to secure doors, computers and software.
name 4 other verification systems
Face recognition system-captures live face images and compares to previously stored image.
Hand geometry set- measures shape and size of a person's hand.
Voice verification system-compares a persons live speech with their stored voice pattern.
signature verification system- recognizes the shape of handwritten signature and pressure exerted and motion used to write the signature.
Two step/factor verification
computer or mobile device uses two separate methods, one after the next to verify the identify of the user.
e.g. Google and Microsoft
ATMS two step verification method
1) users first insert their cards into their machine.
2)enter PIN to access bank account
Mobile phone and a computer 2 step verification method
1) When users sign into their account they enter a username and password
2) they are promoted to enter another authentication code which is sent as a text or voice message or via a smartphone app.
Iris recognition system
camera uses Iris recognition technology to read pattern in the iris of the eye. e.g. military, government organizations.
discovery, collection and analysis of evidence found on computers and networks.
Digital forensics involve the examination of media, programs, data, log file on computers, criminal prosecutors, military intelligence etc.
occurs when someone steals software media, intentionally erases programs, illegally registers and or activates a program or illegally copies a program.
keygen (short for key generator)
creates software registration numbers and sometimes activates registration codes.
unauthorized and illegal duplication of copyrighted software. - most common form of software theft.
Business Software Alliance (BSA)
operates a website and anti piracy hotlines around the world
conducted either online or by phone, users provide the software product's ID number to associate the software with the computer or mobile device on which the software is installed.
Licensing agreement: single user license agreement (also known as "end user")
provides specific conditions for use of a software, which a user must accept before using the software.
legal agreement that permits multiple users to access the software on the server simultaneously.
legal agreement that permits users to install the software on multiple computers- usually at a volume discount.
Occurs when someone steals personal or confidential information.
Process of converting data that is readable by humans into encoded characters to prevent unauthorised access.
Unencrypted, readable text
Set of steps that can convert readable plaintext into unreadable cipher text.
Set of characters that the originator of the data uses to encrypt the plain text and the recipient of the data used to decrypt the cipher text.
What are the 2 basic types of encryption?
Public and private key
Private key (symmetric key encryption)
Both the originator and the recipient use the same secret key to encrypt and decrypt the data. Kept confidential.
Public key encryption (asymmetric key encryption)
Generates both the private and public key. Public key is made known to the message originators and recipients.
Virtual private network (VPN)
Provides the mobile user with a secure connection to the company network server as I the user has a private line. Helps ensure data is safe.
An encrypted code that a person, website or organisation attaches to an electronic message to verify the identity of the message sender.
Notice that guarantees a user or website is legitimate.
A website that uses encryption techniques to secure its data.
CA- certificate authority
Organisation that issues digital certificates.
Duplicate of a file, program or media that can be used when the original is lost, damaged or destroyed.
Back up a file
Means to make a copy of it.
By copying the back up files to their original location on the computer or mobile device.
Means a location separate from where you typically store or use your computer or mobile device.
What are the 4 different types of back up?
*Continuous data protection is used by large companies
6) cloud services
Oldest copy of the file
Second oldest copy of the file
Most recent copy of the file.
Disaster recovery plan
Written plan that describes the steps an organisation takes to restore its computer operations in the event of a disaster. Can be natural or manmade disaster.
Moral guidelines that govern the use of computers, mobile devices, information systems and networks. E.g. Unauthorised use of Software theft, information accuracy.
Refers to unique and original works such as idea, innovations, logos etc.
Intellectual property rights
Creators are entitled for their work.
Code of conduct
Written guideline that helps determine whether a specification is ethical/unethical or allowed/not allowed.
Involves reducing the electricity and environmental waste whilst using computers, Mobile devices and related technologies.
Energy star program
Helps reduce the amount of electricity used by computers and related devices. If program achieved they get an energy star label.
Power usage effectiveness
Ratio that measures how much power enters the computer facility or data centre against the amount of power required to run the imputed and devices.
Refers to the right of individuals and companies to deny or restrict the collection., use and dissemination of information about them.
Online shopping sites generally use a session cookie to keep track of a users shopping cart.
Scam where a perpetrator sends an official looking email message that attempts to obtain your personal and or financial information.
Defined as gaining unauthorised access to obtaining confidential information by taking advantage of the trusting human nature of victims and the naivety of others.
Involves the use of computers, mobile devices or cameras to observe record and review an employees use of a technology e.g. Emails.
Process of restricting access to certain material. E.g many businesses use content to limit employees web access.
Web filtering software
Program that restricts access to specified websites. Filter email, chat rooms, specific words.
An object that can be tapped or click such as a button or in an email that contains a malicious program.