MIS Chapter 4

Question 1

Acceptable Use Policy (AUP)

Answer 1

Requires a user to agree to follow it to be provided access to corporate email, information systems, and the internet.

• Not using the service as part of violating any law
• Not attempting to break the security of any computer network or user
• Not Posting commercial messages to groups without prior permission
• Not performing any nonrepudiation

Question 2

Adware

Answer 2

Is software tha, while purporting to serve some useful functions and often fulfilling that function also allows Internet advertisers to display advertisements without the consent of the computer user.

Question 3

Advanced Encryption Standard (AES)

Answer 3

Designed by the National Institute of Standards to keep government information secure.

Question 4

Anti-Spam Policy

Answer 4

Simply states that email users will not send unsolicited emails (or spam).

Question 5

Anitvirus Software

Answer 5

Scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware.

Question 6

Authentication

Answer 6

Is a method for confirming users’ indentities.

Question 7

Authorization

Answer 7

Is the process of providing a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space.

Question 8

Biometrics

Answer 8

Is the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting.

Question 9

Black-hat Hackers

Answer 9

Break into other people’s computer systems and may just look around or may steal and destroy information.

Question 10

Certificate Authority

Answer 10

Is a trusted third party, such as VeriSign, that validates user identities by means of digital certification.

Question 11

Child Online Protection Act (COPA)

Answer 11

Was passed to protect minors from accessing inappropriate material on the Internet.

Question 12

Click-Fraud

Answer 12

Is the abuse of pay-per-click, pay-per-call, and pay-per-conversion revenue models by repeatedly clicking on a link to increase charges or costs for the advertiser.

Question 13

Competitive Click-Fraud

Answer 13

Is a computer crime where a competitor or disgruntled employee increases a company’s search advertising costs by repeatedly clicking on the advertiser’s link.

Question 14

Confidentiality

Answer 14

Is the assurance that messages and information remain available only to those authorized to view them.

Question 15

Content Filtering

Answer 15

Occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission of unauthorized information.

Question 16

Copyright

Answer 16

Is the legal protection afforded an expression of an idea, such as a song, book, or video game.

Question 17

Counterfeit Software

Answer 17

Is software that is manufactured to look like the real thing and sold as such.

Question 18

Cracker

Answer 18

Have criminal intent when hacking.

Question 19

Cryptography

Answer 19

Is the science that studies encryption, which is the hiding of messages so that only the sender and receiver can read them.

Question 20

Cyberbullying

Answer 20

Includes threats, negative remarks, or defamatory comments transmitted via the Internet or posted on the website.

Question 21

Cybervandalism

Answer 21

Is the electronic defacing of an existing website.

Question 22

Cyberterrorism

Answer 22

Is the use of computer and networking technologies against persons or property to intimidate or coerce governments, individuals, or any segment of society to attain political, religious or ideological goals.

Question 23

Cyberwar

Answer 23

Is an organized attempt by a country’s military to disrupt or destroy information and communication systems for another country.

Question 24

Decrypt

Answer 24

To decode information that has been encrypted.

Question 25

Destructive Agents

Answer 25

Are malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines.

Question 26

Digital Certificate

Answer 26

Is a data file that identifies individuals or organizations online and is comparable to a digital signature.

Question 27

Digital Rights Management

Answer 27

Is a technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution.

Question 28

Downtime

Answer 28

Refers to a period of time when a system is unavailable.

Question 29

Drive-By Hacking

Answer 29

Is a computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or send attack instruction without entering the office or organization that owns the network.

Question 30

Dumpster Diving

Answer 30

Looking through people’s trash to obtain information.

Question 31

Ediscovery (or Electronic Discovery)

Answer 31

Refers to the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or information inquiry.

Question 32

Email Privacy Policy

Answer 32

Details the extent to which email messages may be read by others.

• Defines legitimate email users and explains what happens to accounts after a person leaves the organization
• Explains backup procedure so users will know that at some point, even if a message is deleted from their computer, it is still stored by the company
• Describes the legitimate grounds for reading email and the process required before such action is performed
• Discourages sending junk email or spam to anyone who does not want to receive it
• Prohibits attempting to mail bomb a site
• Informs users that the organization has no control over email once it has been transmitted outside the organization

Question 33

Employee Monitoring Policy

Answer 33

States explicitly how, when, and where the company monitors its employees.

• Be as specific as possible stating when and what (email, IM, Internet, network activity, ext.) will be monitored
• Expressly communicate that the company reserves the right to monitor all employees
• State the consequences of violating the policy
• Always enforce the policy the same for everyone

Question 34

Encryption

Answer 34

Scrambles information into an alternative form that requires a key or password to decrypt.

Question 35

Epolicies

Answer 35

Are policies and procedures that address information management along with the ethical use of computers and the Internet in the business environment.

1. Ethical Computer Use Policy
2. Information Privacy Policy
3. Acceptable Use Policy
4. Email Privacy Policy
5. Social Media Policy
6. Workplace Monitoring Policy

Question 36

Ethical Computer Use Policy

Answer 36

Contains general principles to guide computer user behavior.

Question 37

Ethics

Answer 37

The principles and standards that guide our behavior.

Question 38

Firewall

Answer 38

Is hardware and/or software that guards a private network by analyzing incoming and outgoing information for the correct markings.

Question 39

Hackers

Answer 39

Are experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge.

Question 40

Hactivists

Answer 40

Have philosophical and political reasons for breaking into systems and will often deface the website as a protest.

Question 41

Identity Theft

Answer 41

Is the forging of someone’s identity for the purpose of fraud.

Question 42

Information Compliance

Answer 42

Is the act of conforming, acquiescing, or yielding information.

Question 43

Information Ethics

Answer 43

Governs the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself (with or without the aid of computer technologies).

Question 44

Information Governance

Answer 44

Is a method or system of government for information management or control.

Question 45

Information Management

Answer 45

Examines the organizational resource of information and regulates its definitions, uses, value, and distribution ensuring it has the types of data/information required to function and grow effectively.

Question 46

Information Property

Answer 46

Is an ethical issue that focusses on who owns information about individuals and how information can be sold and exchanged.

Question 47

Information Secrecy

Answer 47

Is the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity.

Question 48

Information Privacy Policy

Answer 48

Contains general principles regarding information privacy.

Question 49

Information Security

Answer 49

Is a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization.

1. People
   - Authentication and Authorization
2. Data
   - Prevention and Resistance
3. Attacks
   - Detection and Response

Question 50

Information Security Plan

Answer 50

Details how an organization will implement the information security policies.

• Applications allowed to be placed on the corporate network
• Corporate computer equipment used for personal reason or personal networks
• Password creation and maintenance including minimum password length, characters to be included while choosing passwords, and frequency for password changes
• Personal computer equipment allowed to connect to the corporate network

Question 51

Information Security Policies

Answer 51

Identify the rules required to maintain information security,, such as requiring users to log off before leaving for lunch or meetings, never sharing passwords with anyone, and changing passwords every 30 days.

Question 52

Insiders

Answer 52

re legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident.

Question 53

Intellectual Property

Answer 53

Is intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents.

Question 54

Internet Censorship

Answer 54

Is government’s attempt to control Internet traffic, thus preventing some material from being viewed by a country’s citizens.

Question 55

Internet Use Policy

Answer 55

Contains general principles to guide the proper use of the Internet.

• Describes the Internet services available to users
• Defines the organization’s position on the purpose of Internet access and what restrictions, if any, are placed on that access
• Describes user responsibility for citing sources, properly handling offensive material, and protecting the organization’s good name
• States the ramifications if the policy is violated

Question 56

Intrusion Detection Software (IDS)

Answer 56

Features full-time monitoring tools that search for patterns in network traffic to identify intruders.

Question 57

Mail Bomb

Answer 57

Sends a massive amount of email to a specific person or system that can cause that user’s server to stop functioning.

Question 58

Nonrepudiation

Answer 58

Is a contractual stipulation to ensure that ebusiness participants do not deny (Repudiate) their online actions.

Question 59

Opt Out

Answer 59

When a user voluntarily chooses to deny permission to incoming emails.

Question 60

Patent

Answer 60

Is an exclusive right to make, use, and sell an invention and is granted by a government to the inventor.

Question 61

Pharming

Answer 61

Reroutes requests for legitimate websites to false websites.

Question 62

Phishing

Answer 62

Is a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses.

Question 63

Phishing Expedition

Answer 63

Is a masquerading attack that combines spam with spoofing.

Question 64

Physical Security

Answer 64

Is tangible protection such as alarms, guards, fireproof doors, fences, and vaults.

Question 65

Pirated Software

Answer 65

Is the unauthorized use, duplication, distribution, or sale of copyrighted software.

Question 66

Privacy

Answer 66

Is the right to be left alone when you want to be, to have control over your personal possessions, and not be observed without your consent.

Question 67

Public Key Encryption (PKE)

Answer 67

Uses two keys: a public key that everyone can have and private key for only the recipient.

Question 68

Script Kiddies or Script Bunnies

Answer 68

Find hacking codes on the Internet and click-and-point their way into systems to cause damage or spread viruses.

Question 69

Smart Card

Answer 69

Is a device about the size of a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing.

Question 70

Spear Phishing

Answer 70

Is a phishing expedition in which the emails are carefully designed to target a particular person or organization.

Question 71

Social Engineering

Answer 71

When hackers use their social skills to trick people into revealing access credentials or other valuable information.

Question 72

Social Media Policy

Answer 72

Outlines the corporate guidelines or principles governing employee online communications.

• Employee online communication policy detailing brand communication
• Employee blog and personal blog policies
• Employee social network and personal social network policies
• Employee Twitter, corporate Twitter, and personal Twitter policies
• Employee LinkedIn policy
• Employee Facebook usage and brand policy
• Corporate YouTube policy

Question 73

Spam

Answer 73

Unsolicited email.

Question 74

Spyware

Answer 74

Is a special class of adware that collects data about the user and transmits it over the Internet without the user’s knowledge or permission.

Question 75

Teergrubing

Answer 75

Is an anti spamming approach where the receiving computer launches a return attack against the spammer, sending email messages back to the computer that originated the suspected spam.

Question 76

Threat

Answer 76

Is an act or object that poses a danger to assets.

Question 77

Time Bomb

Answer 77

Are computer viruses that wait for a specific date before executing their instructions.

Question 78

Tokens

Answer 78

Are small electronic devices that change user passwords automatically.

Question 79

Typosquatting

Answer 79

Is a problem that occurs when someone registers purposely misspelled variation of well-know domain names.

Question 80

Virus

Answer 80

Is software written with malicious intent to cause annoyance or damage.

• Backdoor programs
• Denial-of-Service Attack (DoS)
• Distributed Denial-of-Service Attack (DDoS)
• Polymorphic Viruses and Worms
• Trojan-Horse Virus
• Worm
• Elevation of Privilege
• Hoaxes
• Malicious Code
• Packet Tampering
• Sniffer
• Spoofing
• Splogs (Spam Blogs)
• Spyware

Question 81

Vishing (Voice Phishing)

Answer 81

Is a phone scam that attempts to defraud people by asking them to call a bogus telephone number to “confirm” their account information.

Question 82

Website Name Stealing

Answer 82

Is the theft of a webs it’s name that occurs when someone, posing as a site’s administrator, changes the ownership of the domain name assigned to the website to another website owner.

Question 83

White-Hat Hackers

Answer 83

Work at the request of the system owners to find system vulnerabilities and plug the holes.

Question 84

Workplace MIS Monitoring

Answer 84

Tracks people’s activities by such measures as number of keystrokes, error rate, and number of transactions processed.

Question 85

Zombie

Answer 85

Is a program that secretly takes over another computer for the purpose of launching attacks on other computers.

Question 86

Zombie Farm

Answer 86

Is a group of computers on which a hacker has planted zombie programs.

Question 87

Legal/Illegal vs. Ethical/Unethical

Answer 87

1. Legal and Ethical
2. Illegal but Ethical
3. Legal but Unethical
4. Illegal and Unethical

Question 88

Downtime Costs

Answer 88

1. Financial Performance
   - Revenue Recognition
   - Cash Flow
   - Payment Guarantees
   - Credit Rating
   - Stock Price
2. Revenue
   - Direct Loss
   - Compensatory Payments
   - Lost Future Revenue
   - Investment Losses
   - Lost Productivity
3. Damaged Reputation
   - Customers
   - Suppliers
   - Financial Market
   - Banks
   - Business Partners
4. Other Expenses
   - Temporary Employees
   - Equipment Rentals
   - Overtime costs
   - Extra Shipping Charges
   - Travel Expenses
   - Legal Obligations