CISflashcardslibrecomplete

1
Q

Topics Covered

A

Protecting Information Resources; Data Communication; The Internet, Intranets, and Extranets; HTML, E-Commerce

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Risks Associated with Information Technologies

A
Misuses of information technology
Preventing and Minimizing 
Policies and procedures
Operating system updates
Antivirus and antispyware software
E-mail security features
Firewalls
Intrusion detection systems
Vulnerability scanners
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Computer Crime and Fraud

A
Computer fraud 
Unauthorized use of computer data for personal gain 
Examples
Denial-of-service attacks 
Identity theft 
Software piracy 
E-mail spamming
Company insiders commit most computer crimes 
�Malicious insider�
Computer fraud 
Unauthorized use of computer data for personal gain 
Examples
Denial-of-service attacks 
Identity theft 
Software piracy 
E-mail spamming
Company insiders commit most computer crimes 
�Malicious insider�
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Phishing

A

Phishing
Sending fraudulent e-mails that seem to come from legitimate sources
Direct e-mail recipients to false Web sites
To capture private information
Phishing
Sending fraudulent e-mails that seem to come from legitimate sources
Direct e-mail recipients to false Web sites
To capture private information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Keystroke Loggers

A
Keystroke loggers
Monitor and record keystrokes 
Can be software or hardware devices
Both legitimate and illegitimate uses
Keystroke loggers
Monitor and record keystrokes 
Can be software or hardware devices
Both legitimate and illegitimate uses
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Sniffing

A

Capturing and recording network traffic

Often used by hackers to intercept information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Spoofing

A

Attempt to gain access to a network by posing as an authorized user to find sensitive information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Viruses

A

Type of malware
Estimating the dollar amount of damage viruses cause can be difficult
Usually given names
I Love You, Michelangelo
Virus: Consists of self-propagating program code that�s triggered by a specified time or event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Worms

A

Travels from computer to computer in a network
Independent programs that can spread themselves without having to be attached to a host program
Replicates into a full-blown version that eats up computing resources
Well-known worms
Code Red, Melissa, and Sasser

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Trojan Programs

A

Named after the Trojan horse the Greeks used to enter Troy during the Trojan War
Contains code intended to disrupt a computer, network, or Web site
Usually hidden inside a popular program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Logic bomb

A

Type of Trojan program used to release a virus, worm, or other destructive code
Triggered at a certain time or by an event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Backdoors

A

Programming routine built into a system by its author
Enables the author to bypass security and sneak back into the system later to access programs or files
Users aren�t aware a backdoor has been activated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Blended threat

A

Combines the characteristics of several malicious codes with vulnerabilities on public/private networks
Goal is not to just start/transmit an attack, but to spread it
Multi-layer security system can guard from threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Denial-of-Service Attacks

A

Floods a network or server with service requests
Prevent legitimate users� access to the system
Targets Internet servers
Distributed denial-of-service (DDoS) attack
Hundreds or thousands of computers work together to bombard a Web site with thousands of requests for information in a short period
Frequently use Botnets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Social Engineering

A

Using �people skills� to trick others into revealing private information
Takes advantage of the human element of security systems
Difficult to track
Use the private information they�ve gathered to break into servers and networks and steal data
Commonly used social-engineering techniques
�Dumpster diving� and �shoulder surfing�

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Security Concepts The Triad

A

Confidentiality
System must not allow disclosing information to anyone who isn�t authorized to access it
Integrity
Ensures the accuracy of information resources in an organization
Financial transactions
Availability
Ensures that computers and networks are operating
Authorized users can access the information they need

Plus�
Authentication
Non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Security Measures and Enforcement: An Overview

A
Biometric security measures 
Nonbiometric security measures 
Physical security measures 
Access controls 
Virtual private networks 
Data encryption 
E-commerce transaction security measures 
Computer Emergency Response Team
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Biometric Security Measures

A
Use a physiological element unique to a person 
Biometric devices and measures
Facial recognition
Fingerprints
Hand geometry
Iris analysis
Palm prints
Retinal scanning
Signature analysis
Use a physiological element unique to a person 
Biometric devices and measures
Facial recognition
Fingerprints
Hand geometry
Iris analysis
Palm prints
Retinal scanning
Signature analysis
Vein analysis 
  Voice recognition
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Firewalls

A

Combination of hardware and software
Acts as a filter or barrier between a private network and external computers or networks
Network administrator defines rules for access
Examine data passing into or out of a private network
Decide whether to allow the transmission based on users� IDs, the transmission�s origin and destination, and the transmission�s contents Possible actions after examining packet
Reject the incoming packet
Send a warning to the network administrator
Send a message to the sender that the attempt failed
Allow the packet to enter (or leave) the private network
Main types of firewalls
Packet-filtering firewalls
Application-filtering firewalls
Proxy servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Intrusion Detection Systems

A

Protect against both external and internal access
Usually placed in front of a firewall
Prevent against DoS attacks
Monitor network traffic
�Prevent, detect, and react� approach
Require a lot of processing power and can affect network performance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Passwords

A

The most common access control
Combination of numbers, characters, and symbols that�s entered to allow access to a system
Length and complexity determines its vulnerability to discovery
Guidelines for effective passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Virtual Private Networks

A

Provides a secure �tunnel� through the Internet
For transmitting messages and data via a private network
Remote users have a secure connection to the organization�s network
Low cost
Slow transmission speeds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Data Encryption

A

Transforms data, called plaintext or cleartext, into a scrambled form called ciphertext
Rules for encryption determine how simple or complex the transformation process should be
Known as the �encryption algorithm�
Protocols
Secure Sockets Layer (SSL)
Transport Layer Security (TLS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Asymmetric

A

Based on mathematical functions
Public key � published key used to encrypt data
Private key � key known only to individual user used to decrypt data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Symmetric

A

Based on transformations

Same key used to encrypt and decrypt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Business Continuity Planning

A

Outlines procedures for keeping an organization operational
Prepare for disaster
Plan steps for resuming normal operations as soon as possible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Data Communication

A

Electronic transfer of data from one location to another
Enables an information system to deliver information
Improves the flexibility of data collection and transmission
Basis of virtual organizations
Enables e-collaboration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Bandwidth

A

Amount of data that can be transferred from one point to another in a certain time period

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

�Attenuation

A

�Loss of power in a signal as it travels from device to device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

�Broadband data transmission

A

�Data are sent simultaneously to increase the transmission rate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

�Protocols

A

Rules that govern data communication, including error detection, message length, and transmission speed
Help ensure compatibility between different manufacturers� devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Types of Networks

A

Three major types of networks:
Local area networks
Wide area networks,
Metropolitan area networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Local Area Networks

A

Connects workstations and peripheral devices in close proximity
Common types of local area networks:
Ethernet � most common
and token ring

34
Q

Wide Area

A

Span several cities, states, or even countries

Owned by different parties

35
Q

�MAN

A

Communication for multiple organizations in a city and sometimes nearby cities

36
Q

Network Topologies

A
Represents a network�s physical layout
Five common topologies
Star
Ring
Bus
Hierarchical
Mesh
37
Q

Star Topology

A
Central computer and a series of nodes
Advantages
Cable layouts are easy to modify
Centralized control makes detecting problems easier
Nodes can be added to the network easily
Better for handling heavy but short bursts of traffic
Disadvantages
Single point of potential failure
Increased cost due to many cables
38
Q

Ring Topology

A

Each computer manages its own connectivity
Each node is connected to two other nodes
Upstream neighbor and downstream neighbor
Transmission in one direction
Implementations
Token ring
Fiber Distributed Data Interface (FDDI)
Needs less cable than star
Handles heavy short bursts well

39
Q

Bus Topology

A
Connects nodes along a network segment 
Ends of the cable aren�t connected
Terminator absorbs signal at each end
A node failure has no effect on any other node
Advantages
Easy to extend
Very reliable
Wiring layout is simple and uses the least amount of cable of any topology
Best for handling steady (even) traffic
Disadvantages
Fault diagnosis is difficult
Bus cable can be a bottleneck when network traffic is heavy
40
Q

Major Networking Concepts

A
Important networking concepts
Protocols
TCP/IP
Routing
Routers
Client/server model
41
Q

Protocols

A

Agreed-on methods and rules that electronic devices use to exchange information
Deal with hardware connections
Control data transmission and file transfers
Specify the format of message packets
Multiple protocol support is important

42
Q

Layered Network Architecture

A

The network architecture is layered
Descending levels of abstraction
Applications at the top
Hardware at the bottom
The layers do not communicate directly across to their counterparts
Each layer relies on the next layer down
Getting the layers right has been a subject of debate

43
Q

Transmission Control Protocol/Internet Protocol

A

Industry-standard suite of communication protocols
Main advantage is that it enables interoperability
Originally intended for Internet communication
Major protocols in the TCP/IP suite:
Transmission Control Protocol (TCP)
Operates at the Transport layer
Internet Protocol (IP)
Operates at the Network layer

44
Q

Packet

A

Collection of binary digits, including message data and control characters for formatting and transmitting
Sent from computer to computer over a network
When a packet is transmitted from one network device to another, the transmission is called a hop
When packets arrive at the destination computer, they need not in the proper order

45
Q

Routing

A

Process of deciding which path data takes
Decisions made using routing table
Centralized routing
Distributed routing

46
Q

Routers

A

Network connection device containing software
Connects network systems and controls traffic flow between them
Must use a common routing protocol
Operates at network layer
Performs the same functions as a bridge
More sophisticated device
Chooses the best possible path for packets

47
Q

Client/Server Model

A

Software runs on the local computer (the client)
Communicates with the remote server to request information or services
Server
Remote computer on the network that provides information or services in response to client requests
Basic client/server communication
Advantage: scalability
Three levels of logic: presentation, application, and data management

48
Q

Two-Tier Architecture

A

Client communicates directly with the server
Presentation logic is always on the client
Data management logic is on the server
Application logic located on either or both
Effective in small workgroups
Only in small workgroups?

49
Q

Wireless network

A

Uses wireless instead of wired technology Advantages
Mobility, flexibility, ease of installation, and low cost
Disadvantages
Limited throughput and range, in-building penetration problems, vulnerability to frequency noise, and security

50
Q

Mobile network

A

Network operating on a radio frequency (RF), consisting of radio cells served by a base station Advantages
Mobility, flexibility, ease of installation, and low cost
Disadvantages
Limited throughput and range, in-building penetration problems, vulnerability to frequency noise, and security

51
Q

Convergence

A

Integrating voice, video, and data so that multimedia information can be used for decision making
required network upgrades

52
Q

Internet

A

Worldwide collection of millions of computers and networks

Fast enough to mimic synchronous communication

53
Q

World Wide Web (WWW, or �the Web�)

A

Graphical interface to the largely text-based Internet in 1989

54
Q

Browsers are our interface to the Web

A

Microsoft Internet Explorer (IE), Mozilla Firefox, Google Chrome, Apple Safari, and Opera

55
Q

Domain Name System (DNS)

A

Domain names are converted to IP addresses
Domain names
Unique identifiers of resources on the Internet
IBM.com or whitehouse.gov
Internet Protocol (IP) address
208.77.188.166
Assigned by ICANN

56
Q

Domain Name System

A
Uniform resource locators (URLs)
Identify a Web page, the address of a document or site on the Internet 
Suffix indicating the top-level domain (TLD) it belongs to
TLD
Organizational (gTLDs)
Country-code (ccTLDs)
Understand the parts of a URL 
http://www.csub.edu/~hbidgoli/books.html
57
Q

Secure network

A

Uses the Internet and Web technologies to connect intranets of business partners

58
Q

Type of interorganizational system (IOS)

A

Electronic funds transfer (EFT)

Electronic data interchange (EDI)

59
Q

DMZ

A

Refers to the demilitarized zone, an area of the network that�s separate from the organization�s LAN

60
Q

Web Pages and HTML

A

Web pages are created, stored, and sent in encoded form
A browser converts them to what we see on the screen
Hypertext Markup Language (HTML) is the main language used to define how a Web page should look
Features like background color, font, and layout are specified in HTML

61
Q

Marking Up with HTML

A

The words on a Web page are embellished by hidden formatting
Tags are words or abbreviations enclosed in angle brackets,
Most tags come in pairs
The second of the pair comes with a slash: Fluency
The tag pair surrounds the text to be formatted like parentheses
All HTML files must be text format files
More than one kind of formatting can be used at a time

Veni, Vidi, Vici! produces
Veni, Vidi, Vici!

The rule is to make sure the tags �nest� correctly�they should mirror each other
All the tags between a starting tag and its ending tag should be matched

62
Q

Singleton Tags

A
A few tags are not paired
They do not have a matching ending tag
For those tags, the closing angle bracket > of the singleton tag is replaced by />
Examples: 
 produces a horizontal line 

continues the text to the next line

63
Q

Required Tags

A

Page Title

the main content of the page goes here

64
Q

Marking Links with Anchor Tags

A

Two Sides of a Link, making hyperlinks
When a user clicks a hyperlink, the browser loads a new Web page
There are two parts to a hyperlink:
the highlighted text in the current document, which is called the anchor text
the address of the other Web page, called the hyperlink reference

65
Q

Lists Tags

A

The easiest type of list is the unordered list
Unordered list tags and surround the items of the list
The items are enclosed in list item tags,
* and

66
Q

ordered lists

A

Another list is the ordered list
It uses the tags and
Bullets are replaced with numbers
The ordered list behaves just like the unnumbered list

67
Q

The Style Attribute

A

The style attribute is the most useful attribute
Used to control a huge list of properties for every feature of a Web page
Properties are characteristics of page components, such as color, size, or position.
The value of the style has a standard form: style = “property_name : specification�
style = “property_name : specification”
The colon (:) separates the property name from its specification
The spaces on each side of the colon are optional

Notice that when more than one property is set with style, the name/specification pairs are separated by a semicolon (;)

68
Q

E-business

A

Activities a company performs for selling and buying products and services, using computers and communication technologies

69
Q

E-commerce`

A

Buying and selling goods and services over the Internet

Builds on traditional commerce by adding the flexibility that networks offer and the availability of the Internet

70
Q

Business applications that use the Internet:

A

Buying and selling products and services
Collaborating with other companies
Communicating with business partners
Gathering business intelligence on customers and competitors
Providing customer service
Making software updates and patches available
Offering vendor support
Publishing and disseminating information

71
Q

E-Commerce versus Traditional Commerce

A

Web and telecommunication technologies play major role
No physical store
Click-and-brick e-commerce
Mix of traditional and e-commerce
Even very small businesses can use the Internet and e-commerce applications to gain a competitive edge

72
Q

Advantages and of E-Commerce

A
Advantages:
Better relationships with suppliers, customers, business partners
Price transparency
Round the clock and globe operations
More information on potential customers
Increasing customer involvement
Improving customer service
Increasing flexibility and ease of shopping
73
Q

Disadvantages of E-Commerce

A
Disadvantages:
Bandwidth capacity problems
Security issues 
Accessibility
Acceptance
74
Q

Business-to-Consumer E-Commerce

A
Companies sell directly to consumers
Examples:
Amazon.com
Barnesandnoble.com
Onsale.com
Types:
Pure-play
Brick and mortar stores with virtual storefronts
75
Q

Business-to-Business E-Commerce

A

Involves electronic transactions between businesses
Uses:
Purchase orders, invoices, inventory status, shipping logistics, business contracts, and other operations
Example:
Walmart

76
Q

Walmart B2B

A

Collects, aggregates, analyzes and shares data with suppliers
Deliver the right products in the right quantity to the right location at the right time
Possible hurricane in Florida? Walmart alerts Kellogg�s to increase its shipments of strawberry Pop-Tarts to the Sunshine State because the data shows people buying them when power outages are likely.
Walmart suppliers provide advertising, promotional and point-of-purchase assistance
Sell goods to the customer at the lowest possible cost
Walmart employees can�t even accept a cup of coffee from a supplier � because it adds to the cost of merchandise

77
Q

C2C E-Commerce

A
Involves business transactions between users
Online classified ads:
Craigslist
Online auction sites:
eBay
78
Q

Government and Nonbusiness E-Commerce

A
Categories:
Government-to-citizen (G2C)
Government-to-business (G2B)
Government-to-government (G2G)
Government-to-employee (G2E)
Nonbusiness organizations:
Universities
Nonprofits
Political and social organizations
79
Q

E-Commerce Supporting Technologies

A

Electronic payment systems
Web marketing
Search engine optimization

80
Q

Web Marketing

A
Uses the Web and its supporting technologies to promote goods and services
Terms:
Ad impression
Banner ads
Click
Cost per thousand (CPM)
Cost per click (CPC)
Click-through rate (CTR)
Cookie
81
Q

Search Engine Optimization

A

Method for improving the volume or quality of traffic to a Web site
Some companies offer SEO service
Editing a site�s contents and HTML code to increase its relevance to specific keywords
Recommendations for optimizing a Web site:
Keywords
Page title
Inbound links