20 terms

Chapter 10 MIS 250

STUDY
PLAY

Terms in this set (...)

Ethics
A system of moral principles that human beings use to judge right and wrong and to develop rules of conduct.
Natural Laws and Rights
An ethical system that judges the morality of an action based on how well it adheres to broadly accepted rules, regardless of the action's actual consequences.
Utilitarianism
An ethical system that judges whether an act is right or wrong by considering the consequences of the action, weighing its positive effects against its harmful ones
Intellectual Property
Intangible assets such as music, written works, software, art, designs, movies, creative ideas, discoveries, inventions, and other expressions of the human mind that may be legally protected by means of copyrights or patents.
Digital Rights Management
Technologies that software developers, publishers, media companies, and other intellectual property owners use to control access to their digital content.
Information Privacy
The protection of data about individuals
Proxy
An intermediary server that receives and analyzes requests from clients and then directs them to their destinations; sometimes used to protect privacy
Information Security
A term that encompasses the protection of an organization's information assets against misuse, disclosure, unauthorized access, or destruction
Malware
Malicious software designed to attack computer systems
Distributed Denial of Service
An attack in which computers in a botnet are directed to flood a single website server with rapid-fire page requests, causing it to slow down or crash
Phishing
An attempt to steal passwords or other sensitive information by persuading the victim, often in an email, to enter the information into a fraudulent website that masquerades as the authentic version
Botnet
A combination of the terms robot and network referring to a collection of computers hat have been compromised by malware and used to attack other computers
Risk Matrix
A matrix that lists an organization's vulnerabilities, with ratings that assess each one in terms of likelihood and impact on business operations, reputation, and other areas
Incidence Response Plan
A plan that an organization uses to categorize a security threat, determine the cause, preserve any evidence, and also get the systems back online so the organization can resume business
Encryption
Technique that scrambles data using mathematical formulas, so that it cannot be read without applying the key to decrypt it
Public Key Encryption
A security measure that uses a pair of keys, one to encrypt the data and the other to decrypt it. One key is public, widely shared with everyone, but the other is private, known only to the recipient
Multifactor Authentication
A combination of two or more authentications a user must pass to access an information system, such as a fingerprint scan combined with a password
Firewall
A defensive technical control that inspects incoming and outgoing traffic and either blocks or permits it according to the rules the organization establishes. The firewall can be a hardware device or a software program
Single Sign-On
A gateway service that permits users to log in once with a single user ID and password to gain access to multiple software applications
Social Engineering
The art of manipulating people into breaking normal information security procedures or divulging confidential information