MIS #3 – Flashcard

Unlock all answers in this set

Unlock answers
question
ethics
answer
the principles and standards that guide our behavior toward other people
question
information ethics
answer
govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself
question
Business issues related to information ethics
answer
1. Intellectual property 2. copyright 3. pirated software 4. counterfeit software
question
privacy
answer
the right to be left alone when you want to be, to have control over your own personal possessions and not to be observed without your consent
question
confidentiality
answer
the assurance that messages and information are available only to those who are authorized to view them
question
______ form the only ethical component of MIS
answer
individuals
question
_______ does not have ethics, _____ do
answer
information, people
question
4 tools to prevent information misuse
answer
1. information management 2. information governance 3. information compliance 4. Ediscovery
question
informational management
answer
examines the organizational resource of information and regulates its definitions, uses, value, and distribution ensuring it has the types of data/information required to function and grow effectively
question
information governance
answer
method or system of government for information management or control
question
information compliance
answer
is the act of conforming, acquiescing, or yielding information
question
Ediscovery
answer
refers to the ability of a company to identify, search, gather, seize, or export digital information in responding to litigation, audit, investigation, or information inquiry
question
Epolicies
answer
policies and procedures address information management along with the ethical use of computers and the Internet in the business environment
question
6 epolicies
answer
1. ethical computer use policy 2. information privacy policy 3. acceptable use policy 4. email privacy policy 5. social media policy 6. workplace monitoring policy
question
ethical computer use policy
answer
contains general principles to guide computer user behavior. It ensures that all users are informed of the rules and, by agreeing to use the system on that basis, consent to abide by the rules
question
information privacy policy
answer
contains general principles regarding information privacy
question
acceptable use policy (AUP)
answer
requires a user to agree to follow it to be provided access to corporate email, information systems, and the Internet
question
nonrepudiation
answer
a contractual stipulation to ensure that ebusiness participants do not deny their online actions
question
internet use policy
answer
contains general principles to guide the proper use of the Internet
question
email privacy policy
answer
details the extent to which email messages may be read by others
question
social media policy
answer
outlines the corporate guidelines or principles governing employee online communications
question
workplace monitoring policy
answer
unless your company policy specifically states otherwise, your employee may listen, watch, and read most of your workplace communications
question
information technology monitoring
answer
tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed
question
employee monitoring policy
answer
explicitly state how, when, and where the company monitors its employees
question
common monitoring technologies include
answer
1. key logger or key trapper 2. hardware key logger 3. cookie 4. adware 5. spyware 6. web log 7. clickstream
question
information security
answer
the protection of information from accidental or intentional misuse by persons inside or outside an organization
question
downtime
answer
refers to a period of time when a system is unavailable
question
Sources of unplanned downtime
answer
bomb threat, hacker, snowstorm, hail, hurricane, power outage, evacuation, fraud, wind, etc
question
How much will downtime cost your business?
answer
Financial Performance Damaged Reputation Revenue Other Expenses
question
hackers
answer
experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge
question
black-hat hackers
answer
break into other people's computer systems and may just look around or may steal and destroy information
question
crackers
answer
have criminal intent when hacking
question
cyberterrorists
answer
seek to cause harm to people to to destroy critical systems or information and use the Internet as a weapon of mass destruction
question
hactivists
answer
have philosophical and political reasons for breaking into systems and will often deface the website as a protests
question
scipt kiddies or script bunnies
answer
find hacking code on the Internet and click-and-point their way to systems to cause damage or spread viruses
question
white-hat hackers
answer
work at the request of the system owners to find system vulnerabilities and plug holes
question
virus
answer
software written with malicious intent to cause annoyance or damage
question
Types of viruses
answer
1. Worm 2. Denial-of-service attack (DoS) 3. Distributed DoS (DDoS) 4. Trojan-horse virus 5. Backdoor program 6. Polymorphic virus
question
worm
answer
spreads itself, not only from file to file, but also from computer to computer. A virus must attach itself to something, a worm does not.
question
DOS
answer
floods a website with so many requests for service that it slows down or crashes the site
question
DDOS
answer
attacks from multiple computers that flood a website with so many requests that is slows down.
question
Trojan-horse
answer
hides inside other software, usually as an attachment or downloadable file
question
backdoor
answer
opens a way into the network for future attacks
question
polymorphic
answer
changes their forms as they propagate
question
Security threats include
answer
1. elevation of privilege 2. hoaxes 3. malicious code 4. packet tampering 5. sniffer 6. spoofing 7. splogs 7. spyware
question
elevation of privilege
answer
process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system
question
Hoaxes
answer
attack computer systems by transmitting a virus hoax, with a real virus attached.
question
malicious code
answer
includes a variety of threats, such as viruses, worms, and trojan horses
question
packet tampering
answer
consists of altering the contents of packets as they travel over the Internet or altering data on the cuntputer disks after penetrating a network
question
sniffer
answer
program or device that can monitor data traveling over a network. hackers favorite weapon
question
spoofing
answer
the forging of the return address on an email so that the message appears to come from someone other than the actual sender.
question
splogs
answer
(spam blogs) are fake blogs created solely to raise the search engine rank of affiliated websites
question
spyware
answer
software that comes hidden in free downloadable software and tracks online movements, mines the info stored, or uses a computer's CPU for some task the user knows nothing about
question
What is the first line of defense?
answer
PEOPLE!
question
The biggest issue surrounding information security is not a technical issue, but a ____ issue
answer
PEOPLE!!
question
Insider
answer
legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident
question
social engineering
answer
hackers use their social skills to trick people into revealing access credentials or other valuable information
question
dumpster diving
answer
looking through people's trash
question
information security policies
answer
identify the rules required to maintain information security. Ex. never sharing passwords
question
information security plan
answer
details how an organization will implement the information security policies
question
3 primary information technology security areas are
answer
1. people 2. data 3. attack
question
people
answer
authentication and authorization
question
data
answer
prevention and resistance
question
attack
answer
detection and response
question
authentication
answer
a method for confirming users' identities
question
authorization
answer
the process of giving someone permission to do or have something
question
The most secure types of authentication involves 3 things
answer
1. something the user knows 2. something the user has 3. something that is part of the user (thumbprint)
question
identity theft
answer
the forging of someone's identity for the purpose of fraud
question
phishing
answer
a technique to gain personal information for the purpose of identity theft, usually by means of fradulent email
question
pharming
answer
reroutes requests for legitimate websites to false websites
question
Downtime can cost an organization anywhere from $___ to $____ per hour
answer
100, 1 million
question
3 technologies available to help prevent and build resistance include
answer
1. content filtering 2. encryption 3. firewalls
question
content filtering
answer
occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission of unauthorized information prevents emails containing sensitive information from transmitting and stops spam and viruses from spreading
question
encryption
answer
scrambles information into an alternative form that requires a key or password to decrypt.
question
firewalls
answer
a hardware and/or software that guard a private network by analyzing incoming and outgoing information for the correct markings
question
Public key encryption
answer
(PKE) uses two keys: public key that everyone can have and a private key for only the recipent.
question
certification authority
answer
a trusted third party, such as VeriSign, that validates user identities by means of digital certificates
question
digital certificate
answer
a data file that identifies individuals or organizations online and is comparable to a digital signature
question
One of the most common defenses for preventing a security breach is a _____
answer
firewall
question
Detection and response
answer
IF prevention and resistance strategies fail, detection and response technologies mitigate the damage
question
intrusion detection software
answer
features full-time monitoring tools that search for patterns in network traffic to identify intruders
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New