MIS CHAPTER 10 Flashcards

Unlock all answers in this set

Unlock answers
question
threat
answer
a person or organizaiton that seeks to obtain or alter data or other IS assets illegally, without the owner's permission or knowledge
question
vulnerability
answer
an opportunity for threats to gain access to individual or organizational assets
question
safeguard
answer
some measure that individual or organizations take to block the threat from obtaining the asset
question
target
answer
an asset desired by the threat
question
human errors and mistakes
answer
include accidental problems caused by employees and non employees
question
computer crime
answer
includes employees and former employees who intentionally destroy data or other system components
question
unauthorized data disclosures
answer
occurs then a threat obtains data that is supposed to be protected
question
pretexting
answer
occurs when someone deceives by pretending to be someone else
question
phishing
answer
obtaining unauthorized data by using pretexting via email, also known as email spoofing
question
phisher
answer
the person who pretends to be a legitimate company and sends an email requesting confidential data
question
IP spoofing
answer
occurs when an intruder uses another site's IP address to masquerade as that other site
question
sniffing
answer
a technique for intercepting computer communications
question
wardrivers
answer
simply take computers with wireless connections through an area and search for unprotected wireless networks
question
hacking
answer
braking into a computers, servers, or networks to steal data such as customer lists
question
incorrect data modification
answer
incorrectly increasing a customer's discounts or incorrectly modifying employees salary
question
system errors
answer
incorrect data modification caused by human error such as the lost update problem
question
faulty service
answer
includes problems that result because of incorrect system operation
question
usurpation
answer
occurs when computer criminals invade a computer system and replace legitimate programs with their own unauthorized ones
question
Denial of service
answer
human error in following procedures or lack of procedures can result in ____ caused by consuming so many resources, entry can't get through
question
advanced persistent threat
answer
a sophisticated, possibly long-term computer hack that is perpetrated by large well funded organizations such as governments- used to engage in cyber war and espionage
question
Stuxnet
answer
reputed to have been used to set back the Iranian nuclear program
question
flame
answer
a large complex computer program that operates as a cyber spy
question
intrusion detection system
answer
is a computer program that senses when another computer is attempting to scan or access a computer or network
question
brute force attack
answer
the password cracker tries every possible combination of characters
question
cookies
answer
small files that your browser receives when you visit web sites
question
manage risk
answer
proactively balance the trade off between risk and cost
question
identification
answer
the username identifies the user
question
authentication
answer
the password authenticates the user
question
smart card
answer
a plastic card similar to a credit card which have a microchip with much more data, requires PIN
question
biometric authentication
answer
uses personal physical characteristics such as fingerprints to authenticate users
question
encryption
answer
the process of transforming clear text into coded, unintelligible text for secure storage or communication
question
encryption algorithms
answer
procedures for encrypting data that is difficult to break
question
key
answer
a number used to encrypt the data
question
symmetric encryption
answer
the same key is used to encode and to decode
question
asymmetric encryption
answer
two keys are used, one key to encode the message, another key decodes the message
question
public key encryption
answer
a special version on asymmetric encryption where a public key for encoding messages and a private key for decoding messages
question
https
answer
most secure communication over the internet uses protocol ___
question
secure sockets layer
answer
data are encrypted using a protocol called ___ (also called transport layer security)
question
firewall
answer
a computing device that prevents unauthorized network access, simply a filter
question
perimeter firewall
answer
sits outside the organizational network, is the first device the internet traffic encounters
question
internal firewall
answer
inside the organizational network, protects a LAN
question
packet filtering firewall
answer
examines each part of a message and determines whether to let the part pass, simplest type
question
malware
answer
a broad category of software the includes viruses, spyware, and adware
question
virus
answer
a computer program that replicates itself, consumer's a computer's resources
question
payload
answer
can delete program data or modify data in undetected ways, the program code that causes the unwanted actions
question
trojan horse
answer
viruses hat masquerades useful programs or files
question
worm
answer
a virus that self propagates using the internet or other computer network, speak faster than other virus types because they replicate themselves
question
spyware
answer
programs are installed on the user's computer without the user's knowledge or permission
question
key loggers into a form in which they are supposed to enter a name or other data
answer
captures keystrokes to obtain usernames, passwords, account numbers and other sensitive information
question
adware
answer
is similar to spyware in that it is installed without the user's permission and resides in the background and observes user behavior
question
malware definitions
answer
patterns that exist in malware code should be downloaded frequently
question
SQL injection attack
answer
occurs when users enter a SQL statement and a program will accept this code and make it part of the database command
question
data safeguards
answer
protect databases and other organizational data
question
data administration
answer
refers to an organization wide function that is in charge of developing data polices and enforcing data standards
question
key escrow
answer
a trusted party should have a copy of the encryption key
question
human safeguards
answer
involves that people and procedure components of information systems
question
lease possible privilege
answer
given appropriate job descriptions, user accounts should be defined to give users ____ needed to perform their jobs
question
position sensitivity
answer
enables security personnel to prioritize their activities in accordance with possible risks and losses
question
enforcement
answer
____ consists of three factors: responsibility, accountability, and compliance
question
hardening
answer
a site means to take extraordinary measures to reduce a system's vulnerability
question
honeypots
answer
false targets for computer criminals to attack
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New