Upgrade to remove ads
MIS CHAPTER 4
Terms in this set (102)
The legal protection afforded an expression of an idea, such as a song, book, or video game.
Intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents.
An exclusive right to make, use, and sell an invention granted by a government to the inventor.
The principles and standards that guide our behavior toward other people.
The right to be left alone when you want to be, to have control over your personal possessions, and not to be observed without your consent.
The assurance that messages and information remain available only to those authorized to view them.
Govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself (with or without the aid of computer technologies).
The unauthorized use, duplication, distribution, or sale of copyrighted software.
Software that is manufactured to look like the real thing and sold as such.
Digital Right Management
A technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution.
Examines the organizational resource of information and regulates its definitions, uses, value, and distribution ensuring it has the types of data/information required to function and grow effectively.
Refers to the overall management of the availability, usability, integrity, and security of company data.
The act of conforming, acquiescing, or yielding information.
An ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged.
Ediscovery (Electronic Discovery)
Refers to the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or information inquiry.
Child Online Protection Act (COPA)
A law that protects minors from accessing inappropriate material on the Internet.
Policies and procedures that address information management along with the ethical use of computers and the Internet in the business environment.
Threats, negative remarks, or defamatory comments transmitted via the Internet or posted on a website.
An act or object that poses a danger to assets.
The abuse of pay-per-click, pay-per-call, and pay-per- conversion revenue models by repeatedly clicking on a link to increase charges or costs for the advertiser.
A computer crime where a competitor or disgruntled employee increases a company's search advertising costs by repeatedly clicking on the advertiser's link.
Ethical Computer Use Policy
Contains general principles to guide computer user behavior.
Contains general principles regarding information privacy.
Acceptable Use Policy (AUP)
A policy that a user must agree to follow to be provided access to corporate email, information systems, and the Internet.
A contractual stipulation to ensure that ebusiness participants do not deny (repudiate) their online actions.
Details the extent to which email messages may be read by others.
Sends a massive amount of email to a specific person or system that can cause that user's server to stop functioning.
Simply states that email users will not send unsolicited emails (or spam).
Customer specifically chooses to deny permission of receiving emails.
Anti-spamming approach where the receiving computer launches a return attack against the spammer, sending email messages back to the computer that originated the suspected spam.
Social Media Policy
Outlines the corporate guidelines or principles governing employee online communications.
Tangible protection such as alarms, guards, fireproof doors, fences, and vaults.
Workplace MIS Monitoring
Tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed.
Employee Monitoring Policy
States explicitly how, when, and where the company monitors its employees.
Key Logger or Key Trapper, Software
A program that records every keystroke and mouse click
Hardware Key Logger
A hardware device that captures keystrokes on their journey from the keyboard to the motherboard.
A small file deposited on a hard drive by a website containing information about customers and their web activities. Cookies allow websites to record the comings and goings of customers, usually without their knowledge or consent.
Software that generates ads that install themselves on a computer when a person downloads some other program from the internet.
Spyware (Sneakware or Stealthware)
Software that comes hidden in free downloadable software and tracks online movements, mines the information stored on a computer, or uses a computers CPU and storage for some task the user knows nothing about.
Consists of one line or information for every visitor to a website and is usually stored on a web server.
Records information about a customer during a web surfing session such as what websites were visited, how long the visit was, what ads were viewed, and what was purchased.
Refers to a period of time when a system is unavailable.
Information Security Plan
Details how an organization will implement the information security policies.
Experts in technology who use their knowledge to break into computers and computer networks, either for profit or motivated by the challenge.
A computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network.
Break into other people's computer systems and may just look around or may steal and destroy information
Have criminal intent when hacking.
Seek to cause harm to people or to destroy critical systems or information and use the internet as a weapon of mass destruction
Have philosophical and political reasons for breaking into systems and will often deface the website as a protest.
Script Kiddies/ Bunnies
Find hacking code on the internet and click-and-point their way into systems to cause damage or spread viruses.
Work at the request of the system owners to find system vulnerabilities and plug the holes.
Software written with malicious intent to cause annoyance or damage.
A special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission.
Open a way into the network for future attacks.
Denial-of-Service Attack (Dos)
Floods a website with so many requests for service that it so=lows down or crashes the site.
Distributed Denial-of Service attack (DDoS)
Attacks from multiple computers that flood a website with so many request for service that it slows down or crashes. A common type is the Ping od Death, in which thousands of computers try to access a website at the same time, overloading it and shutting it down.
Polymorphic Viruses and Worms
Change their form as they propagate.
Hides inside other software, usually as an attachment or a downloadable file.
Spreads itself, not only from file to file, but also from computer to computer. The primary difference between a virus and a worm is that a virus must attach to something, such as an executable file, to spread. Worms do not need to attach to anything to spread and can tunnel themselves into computers.
Elevation of Privilege
A process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system. For example, an attack might log onto a network by using a guest account and then exploit a weakness in the software that lets the attacker change the guest privilege to administrative privileges.
Attack computer systems by transmitting a virus hoax, with a real virus attached, By mistaking the attack in a seemingly legitimate message, unsuspecting users more readily distribute the message and send the attack on to their co-workers and friends, infecting many users on the way.
Includes a variety of threats such as viruses, worms and Trojan horses.
Consists of altering the contents of packets as they travel over the internet or altering data on computer disks after penetrating a network. For example, an attacker might place a tap on a network line to intercept packets as they leave the computer. The attacker could eavesdrop or alter the information as it leaves the network.
A program or device that con monitor data traveling over a network. Sniffers can show all the data transmitted over a network, including passwords and sensitive information. Sniffers tend to be a favorite weapon in a hacker's arsenal.
The forging of the return address on an email so that the message appears to come from someone other than the actual sender. This is not a virus but rather a way by which virus authors conceal their identities as they send out viruses.
Splogs (Spam Blogs)
Fake blogs created solely to raise the search engine rank of affiliated websites. Even blogs that are legitimate are plagued by spam, with spammers taking advantage of the Comment feature of most blogs to comments with links to spam sites.
Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident.
Hackers use their social skills to trick people into revealing access credentials or other valuable information.
Looking through people's trash, another way hackers obtain information.
Information Securities Policies
Identify the rules required to maintain information security, such as requiring users to log off before leaving for lunch or meetings, never sharing passwords with anyone, and changing passwords every 30 days.
Information Security Plan
Details how an organization will implement the information security policies.
Malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines.
The forging of someone's identity for the purpose of fraud.
The category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity.
A technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate sources.
A masquerading attack that combines spam with spoofing.
A phishing expedition in which the emails are carefully designed to target a particular person or organization.
Vishing (Voice Phishing)
A phone scam that attempts to defraud people by asking them to call a bogus telephone number to "confirm" their account information.
Reroutes requests for legitimate websites to false websites.
A program that secretly takes over another computer for the purpose of launching attacks on other computers.
A group of computers on which a hacker has planted zombie programs.
Uses a zombie farm, often by an organized crime association, to launch a massive phishing attack.
A method for confirming users' identities.
The process of providing a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space.
Small electronic devices that change user passwords automatically.
A device about the size of a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing.
The identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting.
Computer viruses that wait for a specific date before executing instructions.
Occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission of unauthorized information.
Scrambles information into an alternative form that requires a key or password to decrypt.
Decodes information and is the opposite of encrypted.
The science that studies encryption, which is the hiding of messages so that only the sender and receiver can read them.
Advanced Encryption Standard (AES)
Introduced by the National Institute of Standards and Technology (NIST), AES is an encryption standard designed to keep government information secure.
Public Key Encryption
Uses two keys: a public key that everyone can have and a private key for only the recipient.
A trusted third party, such as VeriSign, that validates user identities by means of digital certificates.
A data file that identifies individuals or organizations online and is comparable to a digital signature.
Hardware and/or software that guard a private network by analyzing incoming and outgoing information for the correct markings.
Scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware.
An organized attempt by a country's military to disrupt or destroy information and communication systems for another country.
The use of computer and networking technologies against persons or property to intimidate or coerce governments, individuals, or any segment of society to attain political, religious, or ideological goals.
Intrusion Detection Software (IDS)
Features full-time monitoring tools that search for patterns in network traffic to identify intruders.
THIS SET IS OFTEN IN FOLDERS WITH...
BPI - 6
Compt. Lit. 1
YOU MIGHT ALSO LIKE...
Chapter 4 - Ethics and Information Security: MIS B…
BSAD 141 Ch 4
MIS Chapter 4
Mis ch 4
OTHER SETS BY THIS CREATOR
Expressions + -
MIS CHAPTER 6
OTHER QUIZLET SETS
Abnormalities of Teeth (OHS Quiz 6)
ISG Session 1 Quiz Questions
01 BA 148 - Investment Environment & Asset Markets