Deck 4: Ethics Information Security: MIS Business Concerns

Companies do not need a privacy policy for email because an employee's work email is private and cannot be viewed by the company.

A patent is the legal protection afforded an expression of an idea,such as a song,book,or video game.

An acceptable use policy (AUP)requires a user to agree to follow it to be provided access to corporate email,information systems,and the Internet.

Counterfeit software is the unauthorized use,duplication,distribution,or sale of copyrighted software.

Ethics and security are two fundamental building blocks for all organizations.

Information secrecy is the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity.

The Child Online Protection Act was passed to protect minors from accessing inappropriate material on the Internet.

Confidentiality is the right to be left alone when you want to be,to have control over your own personal possessions,and not to be observed without your consent.

Pirated software is software that is manufactured to look like the real thing and sold as such.

Information management examines the organizational resource of information and regulates its definitions,uses,value,and distribution ensuring it has the types of data/information required to function and grow effectively.

Privacy is the legal protection afforded an expression of an idea,such as a song,book,or video game.

Information property is an ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged.

Copyright is an exclusive right to make,use,and sell an invention and is granted by a government to the inventor.

Intellectual property is intangible creative work that is embodied in physical form and includes copyrights,trademarks,and patents.

Information governance is a method or system of government for information management or control.

Information compliance is the act of conforming,acquiescing,or yielding information.

Epolicies are policies and procedures that address information management along with the ethical use of computers and the Internet in the business environment.

Information secrecy is an ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged.

Digital rights management is a technological solution that allows publishers to control their digital media to discourage,limit,or prevent illegal copying and distribution.

Employee monitoring policies explicitly state how,when,and where the company monitors its employees.

BYOD policies offer four basic options,including unlimited access for personal devices,access only to nonsensitive systems and data,access,but with IT control over personal devices,apps,and stored data,access,but preventing local storage of data on personal devices.

Workplace MIS monitoring tracks people's activities by such measures as number of keystrokes,error rate,and number of transactions processed.

Fair information practices are policies that allows employees to use their personal mobile devices and computers to access enterprise data and applications.

Click-fraud is the abuse of pay-per-click,pay-per-call,and pay-per-conversion revenue models by repeatedly clicking on a link to increase charges or costs for the advertiser.

A user can opt in to receive emails by choosing to allow permissions to incoming emails.

Teergrubing is an antispamming approach where the receiving computer launches a return attack against the spammer,sending email messages back to the computer that originated the suspected spam.

Cybervandalism includes threats,negative remarks,or defamatory comments transmitted via the Internet or posted on the website.

Cybervandalism is a problem that occurs when someone registers purposely misspelled variations of well-known domain names.

Different organizations and countries have their own terms for these concerns.The United Kingdom terms it "Data Protection," and the European Union calls it "Personal Data Privacy"; the Organization for Economic Co-operation and Development (OECD)has written Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

Bring your own device (BYOD)is a general term for a set of standards governing the collection and use of personal data and addressing issues of privacy and accuracy.

Cybervandalism is the electronic defacing of an existing website.

Bring your own device (BYOD)is a policy that allows employees to use their personal mobile devices and computers to access enterprise data and applications.

Competitive click-fraud is a computer crime where a competitor or disgruntled employee increases a company's search advertising costs by repeatedly clicking on the advertiser's link.

Internet governance is government attempts to control Internet traffic,thus preventing some material from being viewed by a country's citizens.

Website name stealing is the theft of a website's name that occurs when someone,posing as a site's administrator,changes the ownership of the domain name assigned to the website to another website owner.

A user can opt out of receiving emails by choosing to deny permission to incoming emails.

A social media policy outlines the corporate guidelines or principles governing employee online communications.

Fair information practices is a general term for a set of standards governing the collection and use of personal data and addressing issues of privacy and accuracy.

An ethical computer use policy contains general principles to guide computer user behavior.

Downtime refers to a period of time when a system is unavailable and unplanned downtime can strike at any time for various reasons.

Black-hat hackers work at the request of the system owners to find system vulnerabilities and plug the holes.

The Trojan-horse virus hides inside other software,usually as an attachment or a downloadable file.

Two of the common forms of viruses discussed in the book include the Trojan-horse virus and the acceptance-of-service attack.

A social media manager is a person within the organization who is trusted to monitor,contribute,filter,and guide the social media presence of a company,individual,product,or brand.

A user can opt out to receive emails by choosing to allow permissions to incoming emails.

Spyware is software that,while purporting to serve some useful function and often fulfilling that functions,also allows Internet advertisers to display advertisements without the consent of the computer user.

Cyberbullying is a person within the organization who is trusted to monitor,contribute,filter,and guide the social media presence of a company,individual,product,or brand.

A user can opt in of receiving emails by choosing to deny permission to incoming emails.

Ransomware is a form of malicious software that infects your computer and asks for money.

White-hat hackers break into other people's computer systems and may just look around or may steal and destroy information.

Information security is a high priority for protection of the company's information and it is critical to implement an information security procedure to combat misuse of this information.

Smoking areas are targeted by hackers as they regularly use smoking entrances to gain building access where they pose as employees to gain access to the company network.

Social media monitoring is the process of monitoring and responding to what is being said about a company,individual,product,or brand.

A social media manager refers to the process of monitoring and responding to what is being said about a company,individual,product,or brand.

Drive-by hacking is a computer attack where an attacker accesses a wireless computer network,intercepts data,uses network services,and/or sends attack instructions without entering the office or organization that owns the network.

Cyberbullying is an act or object that poses a danger to assets.

Simplelocker is a new ransomware program that encrypts your personal files and demands payment for the files' decryption keys.

Information security is a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization.

A hacker weapon called a splog (spam blog)is a fake blog created solely to raise the search engine rank of affiliated websites.

Denial-of-service attack (DoS)floods a website with so many requests for service that it slows down or crashes the site.

A worm is a form of malicious software that infects your computer and asks for money.

Backdoor programs change their form as they propagate.

Cyberterrorists seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction.

Insiders are illegitimate users who purposely or accidentally misuse their access to the environment to do business.

Dumpster diving is another security breach for companies and is where people not associated with the company jump into the company's outside garbage bins and try to gather and steal any valuable company products they can resell on eBay.

Backdoor programs open a way into the network for future attacks.

The three primary information security areas are 1)authentication and authorization,2)policies and rewards,and 3)detection and response.

Worm spreads itself,not only from file to file,but also from computer to computer.The primary difference between a virus and a worm is that a virus must attach to something,such as an executable file,to spread.Worms do not need to attach to anything to spread and can tunnel themselves into computers.

White-hat hackers have philosophical and political reasons for breaking into systems and will often deface the website as a protest.

Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident are called insiders.

Through social engineering,hackers use their social skills to trick people into revealing access credentials or other valuable information.

Script kiddies have criminal intent when hacking.

Script kiddies or script bunnies find hacking code on the Internet and click-and-point their way into systems to cause damage or spread viruses.

Organizations address security risks through two lines of defense.The first is people and the second is technology.

Ransomware is a form of social engineering in which one individual lies to obtain confidential data about another individual.

Information security policies detail how an organization will implement the information security plan.

Pretexting is a form of social engineering in which one individual lies to obtain confidential data about another individual.

Through pretexting,hackers use their social skills to trick people into revealing access credentials or other valuable information.

A worm spreads itself not only from file to file but also from computer to computer.