Mis chapter 10 key terms

Card Set Information

Mis chapter 10 key terms
2013-11-19 22:05:04
MIS Exam2

MIS chapter 10 key terms
Show Answers:

  1. Acceptable use policy
    Computer and/or internet usage policies for people within an organization, with clearly spelled-out penalties for noncompliance.
  2. Access-control software
    Software for securing information systems that allows only specific users access to specific computers, applications, or data.
  3. Adware
    Free software paid for by advertisements appearing during the use of the software.
  4. Audit-control software
    Software used to keep track of computer activity, enabling auditors to spot suspicious activity.
  5. Authentication
    The process of confirming the identity of a user who is attempting to access a restricted system or Web site.
  6. Backup
    A copy of critical data on a separate storage medium.
  7. Backup site
    A facility allowing businesses to continue functioning in the event a disaster strikes.
  8. Biometrics
    Body characteristics such as fingerprints, retinal patterns in the eye, or facial characteristics that allow the unique identification of a person.
  9. Bot herder
    A computer criminal who "owns" a botnet.
  10. Botnet
    A collection of zombie computers used for destructive activities or spamming.
  11. Business continuity plan
    A plan describing how a business resumes operation after a disaster.
    Short for "completely automated turing test to tell computers and humans apart" A system designed to prevent automated mechanisms from repeatedly attempting to submit forms or gain access to a system. A CAPTCHA requires the user to enter letters or numbers that are presented in the form of a distorted image before submitting an online form.
  13. Certificate authority
    A trusted middleman between computers that verifies that a web site is a trusted site and that provides a large-scale public-key encryption.
  14. Cold backup site
    A backup facility consisting of an empty warehouse with all the necessary connections for power and communication but nothing else.
  15. Collocation facility
    A facility in which businesses can rent space for servers or other information systems equipment.
  16. Computer-assisted auditing tool
    Software used to test information systems controls.
  17. Computer crime
    The use of a computer to commit an illegal act.
  18. Computer forensics
    The use of formal investigative techniques to evaluate digital information for judicial review.
  19. Control objectives for information and related technology (COBIT)
    A set of best practices that help organizations to both maximize the benefits from their information systems infrastructure and establish appropriate controls.
  20. Cookie
    A small text file (typically containing certain information collected from/about a user or data related to the user's browsing session) passed by a web server to a web browser to be stored on a user's computer; this message is then sent back to the server each time the user's browser requests a page from that server.
  21. Copyright
    A form of intellectual property, referring to creations of the mind such as music, literature, or software.
  22. Cracker
    An individual who breaks into computer systems with the intention of doing damage or committing a crime.
  23. Cyberbullying
    The use of a computer to intentionally cause emotional distress to a person.
  24. Cyberharassment
    The use of a computer to communicate obscene, vulgar, or threatening content that causes a reasonable person to endure distress.
  25. Cybersquatting
    The dubious practice of registering a domain name, then trying to sell the name to the person, company, or organization most likely to want it.
  26. Cyberstalking
    The use of computer to repeatedly engage in threatening or harassing behavior.
  27. Cyberterrorism
    The use of computer and networking technologies against persons or property to intimidate or coerce governments, individuals, or any segment of society to attain political, religious, or ideological goals.
  28. Cyberwar
    An organized attempt by a country's military to disrupt or destroy the information and communications systems of another country.
  29. Denial of service attack
    An attack by crackers--often using zombie computers --that makes a network resource(ex. a website) unavailable to users or available with only a poor degree of service.
  30. Disaster recovery plan
    An organizational plan that spells out detailed procedures for recovering from systems-related disasters, such as virus infections and other disasters that might strike critical information systems.
  31. Drive-by hacking
    A computer attack in which an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network.
  32. Encryption
    The process of encoding messages or files so that only intended recipients can decipher and understand them.
  33. Firewall
    Hardware or software designed to keep unauthorized users out of network systems.
  34. Hacker
    An individual who gains unauthorized access to computer systems.
  35. Hacktivist
    A cybercriminal pursuing political, religious, or ideological goals.
  36. Honeypot
    A computer, data, or network site that is designed to be enticing to crackers so as to detect, deflect, or counteract illegal activity.
  37. Hot backup site
    A fully equipped backup, having everything from hardware, software, and current data to office equipment.
  38. Identity theft
    Stealing another person's security number, credit card number, and other personal information for the purpose of using the victim's credit rating to borrow money, buy merchandise, or run up debt that are never repaid.
  39. Information modification
    The intentional change of electronic information by unauthorized users.
  40. Information systems audit
    An assessment of the state of an organization's information systems controls to determine necessary changes and to help ensure the information systems' availability, confidentiality, and integrity.
  41. Information systems controls
    Controls helping to ensure the reliability of information, consisting of policies and their physical implementation, access restrictions, and record keeping of actions and transactions.
  42. Information systems security
    Precautions taken to keep all aspects of information systems safe from unauthorized use or access.
  43. Information systems security plan
    An ongoing planning process to secure information systems that involves risk assessment, risk-reduction planning, and plan implementation as well as ongoing monitoring.
  44. Industrial espionage
    Covert activities, such as the theft of trade secrets, bribery, blackmail and technological surveillance to gain an advantage over rivals.
  45. Insider threat
    A trusted adversary who operates within an organization's boundaries.
  46. Internet hoax
    A false message circulated online about any topic of public interest, typically asking the recipient to perform a certain action.
  47. IS risk management
    Understanding and evaluating the interplay between threats, vulnerabilities, and impacts to information systems resources in order to implement effective IS controls.
  48. Key generator
    Software used to generate fake license or registration keys to circumvent a program's protection mechanism.
  49. Logic bomb
    A type of computer virus that lies in wait for unsuspecting computer users to perform a triggering operation before executing its instructions.
  50. Malware
    Malicious software, such as viruses, worms, or trojan horses.
  51. Mirror
    To store data synchronously on independent systems to achieve redundancy for purposes of reliability and/or performance.
  52. Online predator
    A cybercriminal using the internet to target vulnerable people, usually the young or old, for sexual or financial purposes.
  53. Patent
    A type of intellectual property typically referring to a process, machine, or material inventions.
  54. Patriot hacker
    Independent citizens or supporters of a country that perpetrate computer attacks on perceived or real enemies.
  55. Phishing
    Attempts to trick financial account and credit card holders into giving away their authorization information, usually by sending spam messages to literally millions of e-mail accounts. Also known as "spoofing"
  56. Recovery point objective
    An objective specifying how timely backup data should be preserved.
  57. Recovery time objective
    An objective specifying the maximum time allowed to recover from a catastrophic event.
  58. Reverse engineering
    Disassembling a piece of software in order to understand its functioning.
  59. Risk acceptance
    A computer system security policy in which no countermeasures are adopted and any damages that occur are simply absorbed.
  60. Risk analysis
    The process in which the value of the assets being protected are assessed, the likelihood of their being compromised is determined, and the costs of their being compromised are compared are compared with the costs of the protections to be taken.
  61. Risk reduction
    The process of taking active countermeasures to protect information systems.
  62. Risk transference
    A computer system security policy in which someone else absorbs the risk, as with insurance.
  63. Sarbanes-Oxley act
    A U.S. government regulation mandating companies to demonstrate compliance with accounting standards and establishing controls and corporate governance.
  64. Secure sockets layer (SSL)
    A popular public-key encryption method used on the internet.
  65. Software piracy
    A type of computer crime where individuals make illegal copies of software protected by copyright laws.
  66. Spam
    Electronic junk mail
  67. Spam filter
    A hardware or software device used to fight spam and other e-mail threats, such as directory harvest attacks, phishing attacks, viruses, and more.
  68. Spear phishing
    A sophisticated fraudulent e-mail attack that targets a specific person or organization by personalizing the message in order to make the message appear as if it is from a trusted source, such as an individual within the recipient's company, a government entity, or a well-known company.
  69. Spim
    Spam via internet messaging
  70. Spyware
    Software that covertly gathers information about a user through an internet connection without the user's knowledge.
  71. Stuxnet
    A computer worm designed to find and infect a particular piece of industrial hardware; used in an attack against Iranian nuclear plants.
  72. Time bomb
    A type of computer virus that lies in wait for a specific date before executing its instructions.
  73. Trojan horse
    A program that appears to be a legitimate, benign program, but carries a destructive payload. Trojan horses typically do not replicate themselves.
  74. Tunneling
    A technology used by VPN's to encapsulate, encrypt, and securely transmit data over the public internet infrastructure, enabling business partners to exchange information in a secured, private manner between organizational networks.
  75. Unauthorized access
    An information systems security breach where an unauthorized individual sees, manipulates, or otherwise handles electronically stored information.
  76. Virtual private network (VPN)
    A network connection that is constructed dynamically within an existing network--often called a "secure tunnel" -- in order to securely connect remote users or nodes to an organization's network.
  77. Virus
    A destructive program that disrupts the normal functioning of computer systems.
  78. Virus prevention
    A set of activities designed to detect and prevent computer viruses.
  79. Warez
    A slang term for stolen proprietary software that is sold or shared for free over the internet.
  80. Web vandalism
    The act of defacing websites
  81. Wikileaks
    An information disclosure portal where volunteers submit and analyze classified and restricted material provided by whistleblowers.
  82. Worm
    A destructive computer code that is designed to copy and send itself throughout networked computers.
  83. Zombie computer
    A virus-infected computer that can be used to launch attacks on web sites.