Upgrade to remove ads
Information systems chapter 12
Terms in this set (44)
You jiggle when you jump
an opportunity for threats to gain access to individual or organizational assets.
some measure that individuals or organizations take to block the threat from obtaining the asset.
the asset that is desired by the threat
include accidental problems caused by both employees and non employees
employees and former employees who intentionally destroy data or other systems components
fires, floods, hurricanes, earthquakes, tsunamis, avalanches, and other acts of nature
unauthorized data disclosure, incorrect data modification, faulty service, denial of service, and loss of infrastructure.
five types of security loss
unauthorized data disclosure
occurs when a threat obtains data that is supposed to be protected.
occurs when someone deceives by pretending to be someone else.
uses pretexting vie email
pretending to be someone else
there is also IP ------ and email ------
a technique for intercepting computer communications, they can do it wireless or with a direct connection
breaking into computers, servers, or networks to steal data such as customers lists, product inventory data, employee data, and other proprietary confidential data.
incorrect data modification
incorrectly increasing a customer's discount, or incorrectly modifying an employees salary, occur through human error when they follow procedures incorrectly.
includes system errors
problems that result because of incorrect system operation. includes incorrect data modification, systems that work incorrectly by sending the wrong goods to a customer or the ordered goods to the wrong customer, incorrectly billing customers, or sending the wrong information to employees.
occurs when computer criminals invade a computer system and replace legitimate programs with their own unauthorized ones that shut down legitimate applications and substitute their own processing to spy, steal, and manipulate data.
denial of service
the fourth type of loss, humans can inadvertently shut down a web server or corporate gateway router by starting a computationally intensive application.
loss of infrastructure
a bulldozer cutting a conduit of fiber optic cables, and the floor crashing into web servers.
advanced persistent threat
is a sophisticated, possibly long running computer hack that is perpetrated by large, well funded organizations like governments. uses stu x net and flame
intrusion detection system
a computer program that senses when another computer is attempting to scan the disk or access a computer.
brute force attack
the password cracker tries every possible combination of characters.
small files that your browser stores on your computer when you visit web sites.
involve the hardware and software components of an information system. involves identification and authentication IE logging onto email or Facebook
a plastic card similar to a credit card, these have a microchip unlike the magnetic strip in credit cards,
personal identification number
number needed to be authenticated.
uses personal physical characterisitcs such as fingerprints, facial features, and retinal scans to authenticate users.
the process of transforming clear text into coded, unintelligible text for secure storage or communication. uses encryption algorithms DES, #DES, and AES
a number used to encrypt the data, it unlocks a message
the same key is used to encode and decode.
two keys are used, one key encodes the message, and the other key decodes the message.
public key/private key
is used on the internet, each site has a public key for encoding messages and a private key for decoding them. Sending a friend a box with a lock, he puts something in, locks it, sends it back
data are encrypted using a protocol called the secure socket layer, or the transport layer security
a computing device that prevents unauthorized network access.
sits outside the organizational network, it is the first deivce that internet traffic encounters.
protects all of an organizations computers and a second internal firewall that protects the LAN.
packet filtering firewall
examines each part of a message and determines whether to let that part pass.
types of viruses
malware is a viruses, worms, trojan horses, spyware,a nd adware
a virus replicates itself
trojan horses are viruses that disguise themselves as useful program files
spyware programs are installed without the users knowledge or permission
adware watches user activities and produce popup ads
malware definitions, patterns that exist in malware code
SQL injection attack
occurs when a user enters a SQL statement into a form in whcih they are supposed to enter a name or other data.
protect databases and other organizational data.
refers to an organization wide function that is in charge of developing data policies and enforcing data standards.q
refers to a function that pertains to a particular data base. develops procedures and practices to ensure efficient and orderly multiuser processing of the database, to control changes to the database structure, and to protect the database.
when a trustworthy party has your key
involve the people and the procedure components of information systems. when people follow the right procedure for system use and recovery.
THIS SET IS OFTEN IN FOLDERS WITH...
Information Systems Chapter 4
Information Systems Chapter 6
YOU MIGHT ALSO LIKE...
Using MIS chapter 10
Using MIS chapter 10
OTHER SETS BY THIS CREATOR
MGMT 449 Chapter 10
MGMT 449 Chapter 9
MGMT 449 Chapter 8
MGMT 449 Chapter 7
OTHER QUIZLET SETS
MIS exam 4 definitions CH 10