Deck 14: Risks, security, and Disaster Recovery

A digital certificate contains its holder's name,a serial number,expiration dates,and a copy of the certificate holder's public key (used to encrypt messages and digital signatures).

Computer "infections" are so named because they act on programs and data in a fashion similar to the way viruses act on living tissue.

Intentional damage to software occurs because of poor training,lack of adherence to simple backup procedures,or simple human error.

Blackout units are a solution to extreme changes in voltage,and can provide several minutes to several hours of backup battery power.

Companies that choose not to fully develop their own recovery plan can outsource it to companies that specialize in either disaster recovery planning or provision of alternative sites.

In recent years,identity theft has been more prevalent as part of phishing.

A protocol called Transport Layer Security (TLS)is used for transactions on the Web.

Symmetric encryption is also called "public-key" encryption.

Redundancies increase expected downtime.

IS managers encourage users to change their user IDs frequently.

Atomic transactions ensure encrypting of all appropriate files.

The recipient of an encrypted message uses the certificate authority's private key to decode the digital certificate attached to the message.

Controls translate business policies into system features.

Encryption slows down communication because the software must encrypt and decrypt every message.

Several manufacturers of computer equipment offer individual keyboard-embedded and mouse-embedded fingerprint devices.

With encryption,the original message is called plaintext.

Copies of applications are usually kept in a safe place to replace those that get damaged.

The greater the number of interdependent systems,the greater the expected downtime.

The best defense against unauthorized access to systems over the Internet is a firewall,which is hardware and software that blocks access to computing resources.

A(n)____________________ is software that is programmed to cause damage at a specified time to specific applications and data files.

____________________ are constraints and other restrictions imposed on a user or a system,and they can be used to secure systems against risks or to reduce damage caused to systems,applications,and data.

____________________ occurs when a Web site receives an overwhelming number of information requests,such as merely logging on to a site.

____________________,the time during which ISs or data are not available in the course of conducting business,has become a dreaded situation for almost every business worldwide.

Some viruses are called ____________________,analogous to the destructive gift given to the ancient Trojans.

____________________ are total losses of electrical power.

Once criminals have a person's identifying details,such as a Social Security number,driver's license number,or credit-card number,they can pretend to be this person,which is a crime called ____________________.

Probably the easiest way to protect against loss of data is to automatically duplicate all data periodically,a process referred to as data ____________________.

A(n)____________________ characteristic is a unique physical,measurable characteristic of a human being that is used to identify a person.

To ensure against interruptions in power supply,organizations use ____________________ systems,which provide an alternative power supply for a short time,as soon as a power network fails.

What are honeytokens?

The cost of damage is the aggregate of all the potential damages multiplied by their respective ____________________.

A(n)____________________ is a way to authenticate online messages,analogous to a physical signature on a piece of paper,but implemented with public-key cryptography.

What is a Trojan horse?

____________________ is the process of ensuring that the person who sends a message to or receives a message from you is indeed that person.

When both the sender and recipient use the same secret key,the technique is called ____________________.

The audit trail is the most important tool of the ____________________,the professional whose job it is to find erroneous or fraudulent cases and investigate them.

What are the main goals of information security?

To prepare for mishaps,either natural or malicious,many organizations have well-planned programs in place,called ____________________.

There might be no point in spending much money to increase the "____________________" of uptime for every system.

Discuss natural disasters that pose a risk to ISs.

____________________ provide backup and operation facilities to which a client's employees can move and continue operations in case of a disaster.

List common controls to protect systems from risks.

One popular tracking tool is the ____________________: a series of documented facts that help detect who recorded which transactions,at what time,and under whose approval.

____________________ are computer files that serve as the equivalent of ID cards by associating one's identity with one's public key.