Term
- Ethical Computer Use Policy
- Contains general principles to guide computer user behavior
- Ensures users are Informed of the rules and, by agreeing to use the system on that basis, Consent to abide by the rules.
- How to behave at work
- Standard to deal with infractions
- User should be informed by the rules
|
|
Definition
- - Coontains general principles to guide computer user behavior
- Ensures users are Informed of the rules and, by agreeing to use the system on that basis, Consent to abide by the rules.
- How to behave at work
- Standard to deal with infractions
- User should be informed by the rules
|
|
|
Term
- "4" Business Issues related to Information Ethics
- Define: Privacy (is a major ethical issue)
- Define: Confidentiality
|
|
Definition
- - Intellectual Property
- Copyright
- Pirated Software
- unauthorized use, duplication, distribution, or sale of copyrighted software
- Counterfeit software -
- software that is manufactured to look like real thing and sold as such.
- 1) Right to be left alone when you want to be
2) Have control over your own personal possessions
3) not to be observed without your consent
- assurance that Messages and Information are Available only to those who are authorized to view them
|
|
|
Term
- What are the '3' primary areas of ITSecurity?
(Second Line of Defense - IT Security) |
|
Definition
- 1) People: Authentication and Authorization
2) Data: Prevention and Resistance
3) Attack: Detection and Response
|
|
|
Term
- Define: Authentication
- Define: Authorization
- Most secure type of authentication involves? (3)
|
|
Definition
- method of Confirming Users' identities
- process of giving someone permission to do OR have something
- 1) Something the user KNOWS
- such as user ID and Password
- most common way to identify individual users
- one of most Ineffective ways for Determining Authentication because passwords are NOT Secure
2) Something the User HAS - 2 Primary Forms:
- smart card
- device about the size of a credit card,
- containing embedded technologies that can store info and small amounts of software to perform limited processing
- can act as Identification Instruments, a form of digital cash, or a data storage device with ability to store and entire medical record
- token
- small electronic devices that change user passwords automatically
- users eneter in ID and token displayed password to gain access to network
3) Something that is part of the User
- such as fingerprints OR Voice Signature
- best and most effective way to manage authentication
- Utilizes Biometrics - (can be costly and Ineffective)
|
|
|
Term
(First Line of Defense: People - IT Security)
- Majority of IT Security Breaches result from ...?(3)
- What should an organization do to help combat insider issues? (2)
|
|
Definition
- People misusing organizational information
- Insiders
- legitimate users who purposefully or accidentally misues their access to the environment, AND cause some kind of business-affecting incident
- social engineering
- hackers use social skills to trick people into revealing access to credentials or other valuable info.
- Dumpster Diving
- Looking through people's trash - way hackers obtain peoples info
- - Information Security Policies -
- Identify the Rules Required to maintain IT Security
- such as:
- Requiring users to log off before leaving desk
- Never sharing passwords with anyone
- changing passwords every 30 days
- Information Security Plans -
- details how an organization will implement the IT policies
- best way is by implementing and communicatingits IT security plan
|
|
|
Term
- Define: Biometrics
- Define: Information Security
|
|
Definition
- identification of a user use based on a physical characteristic such as:
- fingerprints
- iris
- face
- voice
- handwriting
- protection of information from accidental OR Intentional misuse by persons inside or outside an organization
|
|
|
Term
|
Definition
|
|
Term
- What are the '2' Lines of Defense used to Prevent Security Breaches?
- Define: Phishing
- Define: Pharming
|
|
Definition
- 1) People
- Information Security Policies
- Information Security Plan
2) Technology
- People: Authentication and Authorization
- Data: Prevention and Resistance
- Attack: Detection and Response
2. technique to gain personal info for the purpose of identity theft - usually by fraudlent emails that look genuine and official
3. Reroutes requests for legitimate websites to false websites |
|
|
Term
(Second Line of Defense: Data - It Security)
- What are the '3' Technologies Available to help PREVENT and BUILD Resistance to attacks?
|
|
Definition
- - Content Filtering -
- organizations use software filters content such as emails, to prevent the accidental OR malicious transmission of unauthorized info.
- tech. can prevent sending of sensitive information
- tech. can filter and prevent suspicious files from transmitting potential virus-infected files
- Can filter Spam (form of uncolicited email)
- Encryption -
- scrambles information into an alternative form that requires a key or password to decrypt
- if security breach: theif would be unable to read stolen information
- can switch order of characters, replace characters, or use math. formula to convert info into code
- Frequently used by internet based companies for credit card info.
- Firewalls -
- hardware and/or software that guard a private network by analyzing income AND outgoing info for the correct markings
- if Missing, firewall prevents from Entering Network
- can detect computers communicating with Internet without approval
- Gatekeeper that protects computer networks from intrusion by providing filter and safe transfer points for access to and from the internet and other networks.
|
|
|
