Ch 8 Text Flashcards
(25 cards)
What is identity theft?
A crime in which an imposter obtains key pieces of personal information, such as social security numbers, driver’s license numbers, or credit card numbers, to impersonate someone else
What is phishing?
Involves setting up fake websites or sending e-mail messages that look like those of legitimate businesses to ask users for confidential personal data
The e-mail instructs recipients to update or confirm records by providing social security, bank and credit card information, and other confidential data either by responding to the e-mail, by entering the information at a bogus website, or calling a telephone number
What is an evil twins attack?
Wireless networks that pretend to offer trustworthy Wi-fi connections to the Internet, such as those in airport lounges, hotels, or coffee shops
Looks identical to the public network
What is pharming?
Redirects users to a bogus web page, even when the individual types the correct web page address in their browser
What is click fraud?
Occurs when an individual or computer program fraudulently clicks an online ad without any intention of learning more about the advertiser or making a purchase
What is cyberwarfare?
A state-sponsored activity designed to cripple and defeat another state or nation by penetrating its computers or networks to cause damage and disruption
What are some mitigating controls?
Authentication
Passwords
Token
Biometric Authentication
Two-Factor Authentication
Firewalls
Intrusion Detection System
Antivirus Software
What is authentication?
Refers to the ability to know that a person is who he or she claims to be
What are passwords?
Known only to authorized users, used to log on to a computer and system
What is a token?
A physical device, similar to an identification card, that is designed to prove the identity of a single user
What is biometric authentication?
Uses systems that read and interpret individual human traits, such as fingerprints, irises, and voices to grant or deny access
What is two-factor authentication?
Increases security by validating users through a multi-step process
What is a firewall?
Prevent unauthorized users from accessing private networks; a combination of hardware and software that controls the flow of incoming and outgoing network traffic
What is an intrusion detection system?
Full-time monitoring tools placed at the most vulnerable points or hotspots of corporate networks to detect and deter intruders continually
What is antivirus software?
Prevents, detects, and removes malware, including computer viruses, computer worms, Trojan horses, spyware, and adware
What are policies, procedures, and standards that can be put in place?
General Controls
Application Controls
Security Policy
Acceptable User Policy
Identity Management
Disaster Recovery Planning
Information Systems Audit
What are general controls?
Govern the design, security, and use of computer programs and the security of data files in general throughout the organization’s information technology infrastructure
Ex. Software controls, hardware controls, computer operations control, data security controls, implementation controls, and administrative controls
What are application controls?
Specific controls unique to each computerized application
What is security policy?
Consists of statements ranking information risks, identifying acceptable security goals, and identifying the mechanisms for achieving these goals
What is acceptable user policy?
Defines acceptable use of the firm’s information resources and computing equipment, including desktop and laptop computers, wireless devices, telephones, and the Internet
What is identity management?
Business processes and software tools for identifying the valid users of a system and controlling their access to system resources
What is disaster recovery planning?
Devises plan for the restoration of disrupted computing and communications services
What is an information systems audit?
Examines the firm’s overall security environment as well as controls governing individual information systems
What is the risk assessment process?
Determines the level of risk to the firm is a specific activity or process is not properly controlled
