OMIS MIDTERM WEEK 3 Flashcards
What are Ethics?
The principles and standards that guide our behavior toward other people
What are Information ethics?
Governs the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself
What are the 4 categories of Ethical issues?
- Privacy issues
- Accuracy issues
- Property issues
- Accessibility issues
What is Privacy?
Privacy – The right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent
What is Confidentiality?
The assurance that messages and information are available only to those who are authorized to view them
What is an Ethical computer use policy?
Contains general principles to guide computer user behavior
The ethical computer user policy ensures all users are informed of the rules and, by agreeing to use the system on that basis, consent to abide by the rules
What is Information privacy policy?
Contains general principles regarding information privacy
What is an Acceptable use policy (AUP)?
Requires a user to agree to follow it to be provided access to corporate email, information systems, and the Internet
What is Nonrepudiation?
A contractual stipulation to ensure that ebusiness participants do not deny their online actions
What is an Internet use policy?
Contains general principles to guide the proper use of the Internet
What is an Email privacy policy?
Details the extent to which email messages may be read by others
What is Spam?
Unsolicited email
Anti-spam policy
What is Anti-spam policy?
Simply states that email users will not send unsolicited emails (or spam)
What is a Social media policy?
Outlines the corporate guidelines or principles governing employee online communications
What is Information technology monitoring?
Tracks people’s activities by such measures as number of keystrokes, error rate, and number of transactions processed
What is Employee monitoring policy?
Explicitly state how, when, and where the company monitors its employees
What is Information security?
The protection of information from accidental or intentional misuse by persons inside or outside an organization
What is Downtime?
Refers to a period of time when a system is unavailable
What is Authentication?
A method for confirming users’ identities
What is Authorization?
The process of giving someone permission to do or have something
The most secure type of authentication involves
Something the user knows
Something the user has
Something that is part of the user
What are Tokens?
Small electronic devices that change user passwords automatically
What is a Smart card?
A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing
What are Biometrics?
The identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting
What is Privilege escalation?
A network intrusion attack that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications
- Vertical privilege escalation
- Horizontal privilege escalation
What is Personally identifiable information (PII)?
Any data that could potentially identify a specific individual. The two types of PII include sensitive PII and nonsensitive PII.
What is Nonsensitive PII?
Information transmitted without encryption and includes information collected from public records, phone books, corporate directories, websites, etc.
Ex: includes information that does not harm an individual such as an address.
What is Sensitive PII?
Information transmitted with encryption and, when disclosed, results in a breach of an individual’s privacy and can potentially cause the individual harm.
Ex: biometric information, financial information, medical information, and unique identifiers such as passport or Social Security numbers.
What is a Firewall?
Hardware and/or software that guards a private network by analyzing the information leaving and entering the network
What is Intrusion detection software?
Features full-time monitoring tools that search for patterns in network traffic to identify intruders
What is Vertical privilege escalation?
Attackers grant themselves a higher access level such as administrator, allowing the attacker to perform illegal actions such as running unauthorized code or deleting data.
Ex: an attacker might log on to a network by using a guest account and then exploit a weakness in the software that lets the attacker change the guest privileges to administrative privileges.
What is Horizontal privilege escalation?
Attackers grant themselves the same access levels they already have but assume the identity of another user.
Ex: someone gaining access to another person’s online banking account would constitute horizontal privilege escalation.