Term
|
Definition
| Programs installed on the user's computer without the user's knowledge or permission that reside in the background and, unknown to the user, observe the user's actions and keystrokes, modify computer activity, and report the user's activities to sponsoring organizations |
|
|
Term
|
Definition
| A model that represents the current situation and processes |
|
|
Term
|
Definition
| An encryption method whereby different keys are used to encode and to decode the message; one key encodes the message, and the other key decodes the message |
|
|
Term
|
Definition
| The process whereby an information system verifies(validates) a user |
|
|
Term
|
Definition
| The use of personal physical characteristics, such as fingerprint, facial features, and retinal scans, to verify users |
|
|
Term
|
Definition
| A computer program that is surreptitiously installed and that takes actions unknown and uncontrolled by the computer's owner or adminstrator |
|
|
Term
|
Definition
| The individual or organization that controls a botnet |
|
|
Term
|
Definition
| A network of bots that is created and managed by the individual or organization that infected the network with the bot program |
|
|
Term
|
Definition
| Someone who is well versed in the Porter models, organizational strategy, systems alignment theory, and who understands the proper role for technology |
|
|
Term
| Business process management (BPM) |
|
Definition
| A systematic process of modeling, creating, implementing, and assessing business processes |
|
|
Term
| COBIT (Control Objectives for Information and related Technology) |
|
Definition
| A set of standard practices created by the Information System Audit and Control Association that are used in the assessment of the BPM cycle to determine how well an information system complies with an organization's strategy |
|
|
Term
|
Definition
| A technique used to gain unauthorized access to Web pages that involves entering program code instead of data into web page text boxes |
|
|
Term
|
Definition
| Remote processing centers that provide office space, but no computer equipment, for use by a company that needs to continue operations after a disaster |
|
|
Term
|
Definition
| People who invade computer networks to obtain critical date or to manipulate the system for financial gain |
|
|
Term
|
Definition
| Whether an information system can be developed within a budget |
|
|
Term
| Cross-site scripting (XSS) |
|
Definition
| A technique used to compromise database data in which Web page scripting is injected into the server |
|
|
Term
|
Definition
| Security problem in which users are not able to access an information system |
|
|
Term
|
Definition
| A document supplied by a certificate authority (CA) that contains, among other data, an entity's name and public key |
|
|
Term
|
Definition
| Encrypted message that uses hashing to ensure that plaintext messages are received without alteration |
|
|
Term
|
Definition
| People who take computers with wireless connections through an area and search for unprotected wireless networks in an attempt to gain free Internet access or to gather unauthorized data |
|
|
Term
|
Definition
| A synonym for phising. A technique for obtaining unauthorized data that uses pretexting via e-mail |
|
|
Term
|
Definition
| The process of transforming clear text into coded, unintelligible text for secure storage or communication |
|
|
Term
|
Definition
| Algorithms used to transform clear text into coded, unintelligible text for secure storage or communication |
|
|
Term
|
Definition
| Protects consumer financial data stored by financial institutions, which are defined as banks, securities firms, insurance companies, and organizations that provide financial advice, prepare tax returns, and provide similar financial services |
|
|
Term
|
Definition
| Occurs when a person gains unauthorized access to a computer system |
|
|
Term
| Health Insurance Portability and Accountability Act (HIPAA) |
|
Definition
| Gave individuals the right to access health data created by doctors and other healthcare provides. Sets rules and limits on who can read and receive a person's health information |
|
|
Term
|
Definition
| A remote processing center run by a commercial disaster-recovery service that provides equipment a company would need to continue operations after a disaster |
|
|
Term
|
Definition
|
|
Term
|
Definition
| The process whereby an information system identifies a user by requiring the user to sign on with a user name and password |
|
|
Term
| Information systems security |
|
Definition
| The process of protecting information system vulnerabilities from threats by creating appropriate safeguards |
|
|
Term
|
Definition
| A type of spoofing whereby an intruder uses another site's IP address as if it were that other site |
|
|
Term
|
Definition
| A number used to encrypt the data |
|
|
Term
|
Definition
| A control procedure whereby a trusted party is given a copy of a key used to encrypt database data |
|
|
Term
|
Definition
| In the context of information systems, (1)to fix the system to do what it was suppose to do in the first place or (2) to adapt the system to change in requirements |
|
|
Term
|
Definition
| Viruses, worms, Trojan horses, spyware, and adware |
|
|
Term
|
Definition
| Patterns that exist in malware code |
|
|
Term
| Organizational feasibility |
|
Definition
| Whether an information system fits within an organization's customer, culture, or legal requirements |
|
|
Term
|
Definition
| A type of system conversion in which the new system runs in parallel with the old one for a while |
|
|
Term
|
Definition
| The program codes of a virus that causes unwanted or hurtful actions, such as deleting programs or data, or even worse, modifying data in ways that are undetected by the user |
|
|
Term
| Personal identification number (PIN) |
|
Definition
| A form of authentication whereby the user supplies a number that only he or she knows |
|
|
Term
|
Definition
| A type of system conversion in which the new system is installed in pieces across the organization(s) |
|
|
Term
|
Definition
| An individual or organization that spoofs legitimate companies in an attempt to illegally capture personal data |
|
|
Term
|
Definition
| A technique for obtaining unauthorized data that uses pretexting via e-mail |
|
|
Term
|
Definition
| A type of system conversion in which the organization implements the entire system on a limited portion of the business |
|
|
Term
|
Definition
| A type of system conversion in which the organization shuts off the old system and starts the new system |
|
|
Term
|
Definition
| Legislation that provides protections to individuals regarding records maintained by the U.S. government |
|
|
Term
|
Definition
| A special version of asymmetric encryption that is popular on the Internet. With this method, each site has a public key for encoding messages and a private key for decoding them |
|
|
Term
|
Definition
| Whether an information system will be able to be developed on the timetable needed |
|
|
Term
|
Definition
| A protocol that uses both asymmetric and symmetric encryption |
|
|
Term
|
Definition
| A systematic plan by which an organization addresses security issues; consists of three components: senior management involvement, safeguards of various kinds, and incident response |
|
|
Term
|
Definition
| A potential challenge to the integrity of information systems from one of three sources: human error and mistakes, malicious human activity, and natural events and disasters |
|
|
Term
|
Definition
| A plastic card similar to a credit card |
|
|
Term
|
Definition
| A technique used for intercepting computer communications |
|
|
Term
|
Definition
| A category of threats that involve manipulating a person or group to unknowingly release confidential information |
|
|
Term
|
Definition
| When someone pretends to be someone else with the intent of obtaining unauthorized data |
|
|
Term
|
Definition
| Programs installed on the user's computer without the user's knowledge or permission that reside in the background and unknown to the use, observe the user's actions and keystrokes. modify computer activity, and report the user's activity to sponsoring organizations. Malicious spyware captures keystrokes to obtain users names, passwords, account numbers, and other sensitive information. |
|
|
Term
|
Definition
| A technique used to compromise database data in which SQL code is unknowingly processed by a Web page |
|
|
Term
|
Definition
| An encryption method whereby the same key is used to encode and to decode the message |
|
|
Term
|
Definition
| The process of converting business activity from the old system to the new |
|
|
Term
|
Definition
| IS professionals who understand both business and technology |
|
|
Term
|
Definition
| The process of creating and maintaining information systems |
|
|
Term
| Systems development life cycle (SDLC) |
|
Definition
| The classical process used to develop information systems. These basic tasks of systems development are combined into the following phases: system definition, requirements analysis, component design, implementation, and system maintenance (fix or enhance) |
|
|
Term
|
Definition
| Whether existing information technology will be able to meet the needs of a new information system |
|
|
Term
|
Definition
| Safeguard that involves the hardware and software components of an information system |
|
|
Term
|
Definition
| Groups of sequences of actions that users will take when using the new system |
|
|
Term
|
Definition
| A challenge to information systems security |
|
|
Term
| Transport Layer Security (TLS) |
|
Definition
| A protocol, using both asymmetric and symmetric encryption, that works between Levels 4 (transport), and 5 (application) of the TCP-OSI protocol architecture |
|
|
Term
|
Definition
| Virus that masquerades as a useful program or file |
|
|
Term
|
Definition
| A computer program that replicates itself |
|
|
Term
|
Definition
| A virus that propagates itself using the Internet or some other computer network |
|
|
