Term
|
Definition
| refers to all of the processes and policies designed to protect an organization’s information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction |
|
|
Term
|
Definition
| an information resource is any danger to which a system may be exposed. |
|
|
Term
|
Definition
| information resources is the harm, loss or damage that can result if a threat compromises that resource. |
|
|
Term
|
Definition
| information resources is the harm, loss or damage that can result if a threat compromises that resource. |
|
|
Term
|
Definition
| in general, is any network external to your organization. |
|
|
Term
|
Definition
| occurs when the attacker watches another person’s computer screen over that person’s shoulder. Particularly |
|
|
Term
|
Definition
| an attack where the attacker uses social skills to trick a legitimate employee into providing confidential company information such as passwords. |
|
|
Term
| 8. Competitive intelligence |
|
Definition
| consists of legal information-gathering techniques. |
|
|
Term
|
Definition
| crosses the legal boundary of information-gathering techniques |
|
|
Term
| 11. Intellectual property. |
|
Definition
| Property created by individuals or corporations which are protected under trade secret, patent, and copyright laws. |
|
|
Term
|
Definition
| Property created by individuals or corporations which are protected under trade secret, patent, and copyright laws. |
|
|
Term
|
Definition
| Document that grants the holder exclusive rights on an invention or process for 20 years. |
|
|
Term
|
Definition
| Statutory grant that provides creators of intellectual property with ownership of the property for life of the creator plus 70 years. |
|
|
Term
|
Definition
| Copying a software program without making payment to the owner. |
|
|
Term
|
Definition
| segment of computer code that performs malicious actions by attaching to another computer program. |
|
|
Term
|
Definition
| segment of computer code that performs malicious actions and will spread by itself without requiring another computer program. |
|
|
Term
|
Definition
| computer program that hides in another computer program and reveals its designated behavior only when it is activated. |
|
|
Term
|
Definition
| is a segment of computer code that is embedded inside an organization’s existing computer programs and is designed to activate and perform a destructive action at a certain time or date. |
|
|
Term
|
Definition
| use deception to acquire sensitive personal information by masquerading as official-looking e-mails or instant messages. |
|
|
Term
| 21. In a distributed denial-of-service attack, |
|
Definition
| the attacker first takes over many computers. These computers are called zombies or bots. Together, these bots form a botnet. |
|
|
Term
|
Definition
| record your keystrokes and your Web browsing history. |
|
|
Term
|
Definition
| collects personal information about users without their consent. Two types of spyware are keystroke loggers (key loggers) and screen scrapers |
|
|
Term
|
Definition
| record a continuous “movie” of what you do on a screen. |
|
|
Term
|
Definition
| is alien software that is designed to use your computer as a Launchpad for spammers. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| are small amounts of information that Web sites store on your computer. |
|
|
Term
| 28. A supervisory control and data acquisition (SCADA) system |
|
Definition
| is a large-scale, distributed, measurement and control system. |
|
|
Term
|
Definition
| The probability that a threat will impact an information resource. |
|
|
Term
|
Definition
| To identify, control and minimize the impact of threats. |
|
|
Term
|
Definition
| To assess the value of each asset being protected, estimate the probability it might be compromised, and compare the probable costs of it being compromised with the cost of protecting it. |
|
|
Term
|
Definition
| To assess the value of each asset being protected, estimate the probability it might be compromised, and compare the probable costs of it being compromised with the cost of protecting it. |
|
|
Term
|
Definition
| Accept the potential risk, continue operating with no controls, and absorb any damages that occur. |
|
|
Term
|
Definition
| Limit the risk by implementing controls that minimize the impact of threat. |
|
|
Term
|
Definition
| Transfer the risk by using other means to compensate for the loss, such as purchasing insurance. |
|
|
Term
|
Definition
| Physical protection of computer facilities and resources. |
|
|
Term
|
Definition
| Restriction of unauthorized user access to computer resources; use biometrics and passwords controls for user identification. |
|
|
Term
| 38. Communications (network) controls. |
|
Definition
| To protect the movement of data across networks and include border security controls, authentication and authorization. |
|
|
Term
|
Definition
| Major objective is proof of identity. |
|
|
Term
| 40. Something the User Is |
|
Definition
| Also known as biometrics, these access controls examine a user's innate physical characteristics. |
|
|
Term
| 41. Something the User Has |
|
Definition
| - These access controls include regular ID cards, smart cards, and tokens. |
|
|
Term
| 42. Something the User Does |
|
Definition
| These access controls include voice and signature recognition. |
|
|
Term
| 43. Something the User Knows |
|
Definition
| These access controls include passwords and passphrases. A password is a private combination of characters that only the user should know. A passphrase is a series of characters that is longer than a password but can be memorized easily. |
|
|
Term
|
Definition
| Permission issued to individuals and groups to do certain activities with information resources, based on verified identity. |
|
|
Term
|
Definition
| is a collection of related computer system operations that can be performed by users of the system. |
|
|
Term
|
Definition
| principle that users be granted the privilege for some activity only if there is a justifiable need to grant this authorization. |
|
|
Term
|
Definition
| System that enforces access-control policy between two networks. |
|
|
Term
|
Definition
| (also called antivirus software) are software packages that attempt to identify and eliminate viruses, worms, and other malicious software. The logos show three well-known anti-malware companies. Clicking on the link will take you to each company’s homepage, respectively. |
|
|
Term
|
Definition
| is a process in which a company identifies the software that it will allow to run and does not try to recognize malware. |
|
|
Term
|
Definition
| s a process in which a company allows all software to run unless it is on the blacklist. |
|
|
Term
| 54. Employee monitoring systems |
|
Definition
| monitor employees’ computers, e-mail activities, and Internet surfing activities. |
|
|
Term
|
Definition
| Process of converting an original message into a form that cannot be read by anyone except the intended receiver. |
|
|
Term
|
Definition
| is a private network that uses a public network (usually the Internet) to connect users. |
|
|
Term
| 53. Secure socket layer (SSL), now called transport layer security (TLS), |
|
Definition
| is an encryption standard used for secure transactions such as credit card purchases and online banking. |
|
|
Term
| 55. A demilitarized zone (DMZ) |
|
Definition
| located between the two firewalls; the DMZ contains company servers that typically handle Web page requests and e-mail. |
|
|
Term
| 56. A digital certificate |
|
Definition
| is an electronic document attached to a file certifying that the file is from the organization that it claims to be from and has not been modified from its original format. |
|
|
Term
| 57. Certificate authorities |
|
Definition
| who are trusted intermediaries between two organizations, issue digital certificates. |
|
|
Term
|
Definition
| encrypts each data packet that is sent and places each encrypted packet inside another packet. |
|
|
Term
|
Definition
| is a fully configured computer facility, with all services, communications links, and physical plant operations. |
|
|
Term
|
Definition
| provides many of the same services and options of the hot site, but it typically does not include the actual applications the company runs. |
|
|
Term
|
Definition
| provides only rudimentary services and facilities and so does not supply computer hardware or user workstations. |
|
|
Term
| 62. Information systems auditing |
|
Definition
| Independent or unbiased observers task to ensure that information systems work properly. |
|
|
Term
|
Definition
| Examination of information systems, their inputs, outputs and processing. |
|
|
Term
| Types of Auditors and Audits |
|
Definition
64. Internal. Performed by corporate internal auditors.
65. External. Reviews internal audit as well as the inputs, processing and outputs of information systems.
66. Auditing around the computer means verifying processing by checking for known outputs or specific inputs.
67. Auditing through the computer means inputs, outputs and processing are checked.
68. Auditing with the computer means using a combination of client data, auditor software, and client and auditor hardware. |
|
|
Term
|
Definition
| Performed by corporate internal auditors. |
|
|
Term
|
Definition
| Reviews internal audit as well as the inputs, processing and outputs of information systems. |
|
|
Term
| 66. Auditing around the computer |
|
Definition
| means verifying processing by checking for known outputs or specific inputs. |
|
|
Term
| 67. Auditing through the computer |
|
Definition
| means inputs, outputs and processing are checked. |
|
|
Term
| 68. Auditing with the computer |
|
Definition
| means using a combination of client data, auditor software, and client and auditor hardware. |
|
|
