Deck 4: Ethics and Information Security: Mis Business Concerns

The Child Online Protection Act was passed to protect minors from accessing inappropriate material on the Internet.

Intellectual property is intangible creative work that is embodied in physical form and includes copyrights,trademarks,and patents.

Epolicies are policies and procedures that address information management along with the ethical use of computers and the Internet in the business environment.

Information property is an ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged.

Pirated software is software that is manufactured to look like the real thing and sold as such.

Information compliance is the act of conforming,acquiescing,or yielding information.

A patent is the legal protection afforded an expression of an idea,such as a song,book,or video game.

Ethics and security are two fundamental building blocks for all organizations.

Confidentiality is the right to be left alone when you want to be,to have control over your own personal possessions,and not to be observed without your consent.

Information governance is a method or system of government for information management or control.

A social media policy outlines the corporate guidelines or principles governing employee online communications.

Digital rights management is a technological solution that allows publishers to control their digital media to discourage,limit,or prevent illegal copying and distribution.

Counterfeit software is the unauthorized use,duplication,distribution,or sale of copyrighted software.

Copyright is an exclusive right to make,use,and sell an invention and is granted by a government to the inventor.

Information management examines the organizational resource of information and regulates its definitions,uses,value,and distribution ensuring it has the types of data/information required to function and grow effectively.

An ethical computer use policy contains general principles to guide computer user behavior.

An acceptable use policy (AUP)requires a user to agree to follow it to be provided access to corporate email,information systems,and the Internet.

Companies do not need a privacy policy for email because an employee's work email is private and cannot be viewed by the company.

Privacy is the legal protection afforded an expression of an idea,such as a song,book,or video game.

Competitive click-fraud is a computer crime where a competitor or disgruntled employee increases a company's search advertising costs by repeatedly clicking on the advertiser's link.

Internet governance is government attempts to control Internet traffic,thus preventing some material from being viewed by a country's citizens.

White-hat hackers break into other people's computer systems and may just look around or may steal and destroy information.

A hacker weapon called a splog (spam blog)is a fake blog created solely to raise the search engine rank of affiliated websites.

Cybervandalism is a problem that occurs when someone registers purposely misspelled variations of well-known domain names.

The Trojan-horse virus hides inside other software,usually as an attachment or a downloadable file.

Cyberbullying is an act or object that poses a danger to assets.

Website name stealing is the theft of a website's name that occurs when someone,posing as a site's administrator,changes the ownership of the domain name assigned to the website to another website owner.

Click-fraud is the abuse of pay-per-click,pay-per-call,and pay-per-conversion revenue models by repeatedly clicking on a link to increase charges or costs for the advertiser.

Smoking areas are targeted by hackers as they regularly use smoking entrances to gain building access where they pose as employees to gain access to the company network.

Workplace MIS monitoring tracks people's activities by such measures as number of keystrokes,error rate,and number of transactions processed.

Downtime refers to a period of time when a system is unavailable and unplanned downtime can strike at any time for various reasons.

Drive-by hacking is a computer attack where an attacker accesses a wireless computer network,intercepts data,uses network services,and/or sends attack instructions without entering the office or organization that owns the network

Information security is a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization.

Cybervandalism includes threats,negative remarks,or defamatory comments transmitted via the Internet or posted on the website.

Two of the common forms of viruses discussed in the book include the Trojan-horse virus and the acceptance-of-service attack.

Information security is a high priority for protection of the company's information and it is critical to implement an information security procedure to combat misuse of this information.

Spyware is software that,while purporting to serve some useful function and often fulfilling that functions,also allows Internet advertisers to display advertisements without the consent of the computer user.

Teergrubing is an antispamming approach where the receiving computer launches a return attack against the spammer,sending email messages back to the computer that originated the suspected spam.

Cybervandalism is the electronic defacing of an existing website.

One of the most ineffective ways to set up authentication techniques is by setting up user IDs and passwords.

Script kiddies or script bunnies find hacking code on the Internet and click-and-point their way into systems to cause damage or spread viruses.

The three primary information security areas are 1) authentication and authorization, 2) policies and rewards, and 3) detection and response.

Organizations address security risks through two lines of defense.The first is people and the second is technology.

Denial-of-service attack (DoS)floods a website with so many requests for service that it slows down or crashes the site.

Backdoor programs change their form as they propagate.

Through social engineering,hackers use their social skills to trick people into revealing access credentials or other valuable information.

Information security policies detail how an organization will implement the information security plan.

Black-hat hackers work at the request of the system owners to find system vulnerabilities and plug the holes.

Backdoor programs open a way into the network for future attacks.

Insiders are illegitimate users who purposely or accidentally misuse their access to the environment to do business.

Tokens are small electronic devices that change user passwords automatically.

A process of providing a user with permission including access levels and abilities such as file access,hours of access,and amount of allocated storage space is called authentication.

Worm spreads itself,not only from file to file,but also from computer to computer.The primary difference between a virus and a worm is that a virus must attach to something,such as an executable file,to spread.Worms do not need to attach to anything to spread and can tunnel themselves into computers.

White-hat hackers have philosophical and political reasons for breaking into systems and will often deface the website as a protest.

Dumpster diving is another security breach for companies and is where people not associated with the company jump into the company's outside garbage bins and try to gather and steal any valuable company products they can resell on eBay.

Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident are called insiders.

Cyberterrorists seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction.

Script-kiddies have criminal intent when hacking.

The technique to gain personal information for the purpose of identity theft,often through fraudulent emails that look as though they came from legitimate businesses is called phishing.

A certificate authority is a trusted third party,such as VeriSign,that validates user identities by means of digital certificates.

Spear phishing is a phishing expedition in which the emails are carefully designed to target a particular person or organization.

Phishing expedition is a masquerading attack that combines spam with spoofing.The perpetrator sends millions of spam emails that appear to be from a respectable company.The emails contain a link to a website that is designed to look exactly like the company's website.The victim is encouraged to enter his or her username,password,and sometimes credit card information.

A zombie farm is a group of computers on which a hacker has planted zombie programs.

Identity theft is the forging of someone's identity for the purpose of fraud.

Identity theft is the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity.

Phishing reroutes requests for legitimate websites to false websites.

Cryptography is the science that studies encryption,which is the hiding of messages so that only the sender and receiver can read them.

Worms are computer viruses that wait for a specific date before executing their instructions.

Decrypt information is to decode it and is the opposite of encrypt.

A certificate authority is a data file that identifies individuals or organizations online and is comparable to a digital signature.

A firewall scrambles information into an alternative form that requires a key or password to decrypt.

A pharming attack uses of a zombie farm,often by an organized crime association,to launch a massive phishing attack.

Spear phishing is a phone scam that attempts to defraud people by asking them to call a bogus telephone number to "confirm" their account information.

A Zombie is a program that secretly takes over another computer for the purpose of launching attacks on other computers.

Biometrics is the identification of a user based on a physical characteristic,such as a fingerprint,iris,face,voice,or handwriting.