Managing Information Systems Chapter 5
Unlock all answers in this set
Unlock answersquestion
Access Controls
answer
designed to protect systems from unauthorized access in order to preserve data integrity.
question
Adware
answer
a form of spyware that collects information about the user (without the user's consent) to determine which advertisements to display in the user's Web browser.
question
Asymmetric Encryption
answer
uses two keys: a public key known to everyone and a private or secret key known only to the recipient. A message encrypted with a public key can be decrypted only with the same algorithm used by the public key and requires the recipient's private key, too. Anyone intercepting the message cannot decrypt it because he or she does not have the private key.
question
Availability
answer
means that computers and networks are operating, and authorized users can access the information they need. It also means a quick recovery in the event of a system failure or disaster.
question
Backdoor
answer
is a programming routine built into a system by its designer or programmer. It enables the designer or programmer to bypass system security and sneak back into the system later to access programs or files.
question
Biometric Security Measures
answer
measures use a physiological element that is unique to a person and cannot be stolen, lost, copied, or passed on to others.
question
Blended Threat
answer
a security threat that combines the characteristics of computer viruses, worms, and other malicious codes with vulnerabilities found on public and private networks.
question
Business Continuity Planning
answer
outlines procedures for keeping an organization operational in the event of a natural disaster or network attack.
question
Callback Modem
answer
verifies whether a user's access is valid by logging the user off (after he or she attempts to connect to the network) and then calling the user back at a predetermined number.
question
Computer Fraud
answer
is the unauthorized use of computer data for personal gain.
question
Confidentiality
answer
means that a system must prevent disclosing information to anyone who is not authorized to access it.
question
Data Encryption
answer
transforms data, called plaintext or cleartext, into a scrambled form called ciphertext that cannot be read by others.
question
Denial-of-Service (Dos) Attack
answer
floods a network or server with service requests to prevent legitimate users' access to the system.
question
Fault-Tolerant Systems
answer
ensure availability in the event of a system failure by using a combination of hardware and software.
question
Firewall
answer
a combination of hardware and software that acts as a filter or barrier between a private network and external computers or networks, including the Internet. A network administrator defines rules for access, and all other data transmissions are blocked.
question
Integrity
answer
refers to the accuracy of information resources within an organization.
question
Intrusion Detection System (IDS)
answer
can protect against both external and internal access. It is usually placed in front of a firewall and can identify attack signatures, trace patterns, generate alarms for the network administrator, and cause routers to terminate connections with suspicious sources.
question
Keystroke Loggers
answer
monitor and record keystrokes and can be software or hardware devices.
question
Logic Bomb
answer
a type of Trojan program used to release a virus, worm, or other destructive code. Logic bombs are triggered at a certain time (sometimes the birthday of a famous person) or by a specific event, such as a user pressing the Enter key or running a certain program.
question
Password
answer
a combination of numbers, characters, and symbols that is entered to allow access to a system.
question
Pharming
answer
Similar to phishing, _____ is directing Internet users to fraudulent Web sites with the intention of stealing their personal information, such as Social Security numbers, passwords, bank account numbers, and credit card numbers. The difference is that pharmers usually hijack an official Web site address, then alter its IP address so that users who enter the correct Web address are directed to the pharmers's fraudulent Web site.
question
Phishing
answer
sending fraudulent e-mails that seem to come from legitimate sources, such as a bank or university.
question
Physical Security Measures
answer
primarily control access to computers and networks, and they include devices for securing computers and peripherals from theft.
question
PKI (Public Key Infrastructure)
answer
enables users of a public network such as the Internet to securely and privately exchange data through the use of a pair of keys—a public one and a private one—that is obtained from a trusted authority and shared through that authority.
question
Secure Sockets Layer (SSL)
answer
a commonly used encryption protocol that manages transmission security on the Internet.
question
Sniffing
answer
capturing and recording network traffic.
question
Social Engineering
answer
In the context of security, ______ means using \"people skills\"—such as being a good listener and assuming a friendly, unthreatening air—to trick others into revealing private information. This is an attack that takes advantage of the human element of security systems.
question
Spoofing
answer
an attempt to gain access to a network by posing as an authorized user in order to find sensitive information, such as passwords and credit card information.
question
Spyware
answer
software that secretly gathers information about users while they browse the Web.
question
Symmetric Encryption
answer
the same key is used to encrypt and decrypt the message. The sender and receiver must agree on the key and keep it secret.
question
Transport Layer Security (TLS)
answer
a cryptographic protocol that ensures data security and integrity over public networks, such as the Internet.
question
Trojan Program
answer
contains code intended to disrupt a computer, network, or Web site, and it is usually hidden inside a popular program. Users run the popular program, unaware that the malicious program is also running in the background.
question
Virtual Private Network (VPN)
answer
provides a secure \"tunnel\" through the Internet for transmitting messages and data via a private network.
question
Virus
answer
consists of self-propagating program code that is triggered by a specified time or event. When the program or operating system containing the virus is used, the virus attaches itself to other files, and the cycle continues.
question
Worm
answer
travels from computer to computer in a network, but it does not usually erase data. Unlike viruses, worms are independent programs that can spread themselves without having to be attached to a host program.