OMIS MIDTERM WEEK 3

Question 1

What are Ethics?

Answer 1

The principles and standards that guide our behavior toward other people

Question 2

What are Information ethics?

Answer 2

Governs the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself

Question 3

What are the 4 categories of Ethical issues?

Answer 3

• Privacy issues
• Accuracy issues
• Property issues
• Accessibility issues

Question 4

What is Privacy?

Answer 4

Privacy – The right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent

Question 5

What is Confidentiality?

Answer 5

The assurance that messages and information are available only to those who are authorized to view them

Question 6

What is an Ethical computer use policy?

Answer 6

Contains general principles to guide computer user behavior

The ethical computer user policy ensures all users are informed of the rules and, by agreeing to use the system on that basis, consent to abide by the rules

Question 7

What is Information privacy policy?

Answer 7

Contains general principles regarding information privacy

Question 8

What is an Acceptable use policy (AUP)?

Answer 8

Requires a user to agree to follow it to be provided access to corporate email, information systems, and the Internet

Question 9

What is Nonrepudiation?

Answer 9

A contractual stipulation to ensure that ebusiness participants do not deny their online actions

Question 10

What is an Internet use policy?

Answer 10

Contains general principles to guide the proper use of the Internet

Question 11

What is an Email privacy policy?

Answer 11

Details the extent to which email messages may be read by others

Question 12

What is Spam?

Answer 12

Unsolicited email

Anti-spam policy

Question 13

What is Anti-spam policy?

Answer 13

Simply states that email users will not send unsolicited emails (or spam)

Question 14

What is a Social media policy?

Answer 14

Outlines the corporate guidelines or principles governing employee online communications

Question 15

What is Information technology monitoring?

Answer 15

Tracks people’s activities by such measures as number of keystrokes, error rate, and number of transactions processed

Question 16

What is Employee monitoring policy?

Answer 16

Explicitly state how, when, and where the company monitors its employees

Question 17

What is Information security?

Answer 17

The protection of information from accidental or intentional misuse by persons inside or outside an organization

Question 18

What is Downtime?

Answer 18

Refers to a period of time when a system is unavailable

Question 19

What is Authentication?

Answer 19

A method for confirming users’ identities

Question 20

What is Authorization?

Answer 20

The process of giving someone permission to do or have something
The most secure type of authentication involves
Something the user knows
Something the user has
Something that is part of the user

Question 21

What are Tokens?

Answer 21

Small electronic devices that change user passwords automatically

Question 22

What is a Smart card?

Answer 22

A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing

Question 23

What are Biometrics?

Answer 23

The identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting

Question 24

What is Privilege escalation?

Answer 24

A network intrusion attack that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications

• Vertical privilege escalation
• Horizontal privilege escalation

Question 25

What is Personally identifiable information (PII)?

Answer 25

Any data that could potentially identify a specific individual. The two types of PII include sensitive PII and nonsensitive PII.

Question 26

What is Nonsensitive PII?

Answer 26

Information transmitted without encryption and includes information collected from public records, phone books, corporate directories, websites, etc.

Ex: includes information that does not harm an individual such as an address.

Question 27

What is Sensitive PII?

Answer 27

Information transmitted with encryption and, when disclosed, results in a breach of an individual’s privacy and can potentially cause the individual harm.

Ex: biometric information, financial information, medical information, and unique identifiers such as passport or Social Security numbers.

Question 28

What is a Firewall?

Answer 28

Hardware and/or software that guards a private network by analyzing the information leaving and entering the network

Question 29

What is Intrusion detection software?

Answer 29

Features full-time monitoring tools that search for patterns in network traffic to identify intruders

Question 30

What is Vertical privilege escalation?

Answer 30

Attackers grant themselves a higher access level such as administrator, allowing the attacker to perform illegal actions such as running unauthorized code or deleting data.

Ex: an attacker might log on to a network by using a guest account and then exploit a weakness in the software that lets the attacker change the guest privileges to administrative privileges.

Question 31

What is Horizontal privilege escalation?

Answer 31

Attackers grant themselves the same access levels they already have but assume the identity of another user.

Ex: someone gaining access to another person’s online banking account would constitute horizontal privilege escalation.