the legal protection afforded an expression of an idea, such as a song, book, or video game.
intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents
an exclusive right to make, use, and sell an invention and is granted by a government to the inventor.
the principles and standards that guide our behavior toward other people.
the right to be left alone when you want to be, to have control over your personal possessions, and not to be observed without your consent.
the assurance that messages and information remain available only to those authorized to view them.
govern the ethical and moral issues arising from the development and use of information technologies as well as the creation, collection, duplication, distribution, and processing of information itself (with or without the aid of computer technologies)
the unauthorized use, duplication, distribution, or sale of copyrighted software.
software that is manufactured to look like the real thing and sold as such
digital rights management
a technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution
Ediscovery or Electronic discovery
the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or information inquiry
child online protection act (COPA)
was passed to protect minors from accessing inappropriate material on the Internet.
the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity
a method or system of government for information management or control
examines the organizational resource of information and regulates its definitions, uses, value, and distribution, ensuring that it has the types of data/information required to function and grow effectively
the act of conforming, acquiescing, or yielding information
an ethical issue that focuses on who owns information about individuals and how information can be sold or exchanged
policies and procedures that address information management along with the ethical use of computers and the Internet in the business environment.
an act or object that poses a danger to assets.
the abuse of pay-per-click, pay-per-call, and pay-per-conversion revenue models by repeatedly clicking a link to increase charges or costs for the advertiser
a computer crime in which a competitor or disgruntled employee increases a company's search advertising costs by repeatedly clicking the advertiser's link.
ethical computer use policy
contains general principles to guide computer user behavior. For example, it might explicitly state that users should refrain from playing computer games during working hours
bring your own device ( BYOD)
policy allows employees to use their personal mobile devices and computers to access enterprise data and applications
bring your own device policies
Unlimited access for personal devices. Access only to nonsensitive systems and data. Access, but with IT control over personal devices, apps, and stored data. Access, but preventing local storage of data on personal devices
information privacy policy
which contains general principles regarding information privacy
fair information practices
a general term for a set of standards governing the collection and use of personal data and addressing issues of privacy and accuracy
acceptable use policy (AUP)
requires a user to agree to follow it to be provided access to corporate email, information systems, and the Internet
A contractual stipulation to ensure that ebusiness participants do not deny (repudiate) their online actions. is a contractual stipulation to ensure that ebusiness participants do not deny (repudiate) their online actions
is a problem that occurs when someone registers purposely misspelled variations of well-known domain names. These variants sometimes lure consumers who make typographical errors when entering a URL.
the theft of a website's name that occurs when someone, posing as a site's administrator, changes the ownership of the domain name assigned to the website to another website owner.
government attempts to control Internet traffic, thus preventing some material from being viewed by a country's citizens
the extent to which email messages may be read by others.
sends a massive amount of email to a specific person or system that can cause that user's server to stop functioning.
unsolicited email. It plagues employees at all levels within an organization, from receptionist to CEO, and clogs email systems and siphons MIS resources away from legitimate business projects.
simply states that email users will not send unsolicited emails (or spam)
to receive emails by choosing to allow permissions to incoming emails.
an anti-spamming approach by which the receiving computer launches a return attack against the spammer, sending email messages back to the computer that originated the suspected spam
outlining the corporate guidelines or principles governing employee online communications
the process of monitoring and responding to what is being said about a company, individual, product, or brand.
a person within the organization who is trusted to monitor, contribute, filter, and guide the social media presence of a company, individual, product, or brand.
tangible protection such as alarms, guards, fireproof doors, fences, and vaults
tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed
a program that records every keystroke and mouse click
a hardware device that captures keystrokes on their journey from the keyboard to the motherboard
a small file deposited on a hard drive by a website containing information about customers and their web activities. cookies allow websites to record he comings and goings of customers, usually without their knowledge or consent
software that generates ads that install themselves on a computer when a person downloads some other program from the Internet
spyware (sneakware or stealthware)
software that comes hidden in free downloadable software and tracks online movements, mines the information stored on a computer or uses a computers CPU and storage for some task the user knows nothing about
consists of one line of information for every visitor to a website and is usually stored on a web server
records information about a customer during a web surfing session such as what websites were visited, how long the visit was, what ads were viewed and what was purchased
refers to a period of time when a system is unavailable
The electronic defacing of an existing website
govern the ethical and moral issues arising from the development and use of information technologies as well as he creation, duplication, dist., and processing of information itself
Information practices is a general term for a set of standard governing the collection and use of personal data and addressing issues of privacy and accuracy
The electronic defacing of an existing website
a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization
experts in technology who use their knowledge to break into computers and computer networks, either for profit or simply for the challenge
a computer attack by which an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network
break into other peoples computer systems and may just look around or may steal and destroy information
have criminal intent while hacking
seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction
have philosophical and political reason for breaking into systems and will often deface the website as a protest
script kiddies or script bunnies
find hacking code on the internet and click and point their way into systems to cause damage or speed viruses
work at the request of the system owners to find system vulnerabilities and plug the holes
software written with malicious intent to cause annoyance or damage. Some hackers create and leave viruses, causing massive computer damage
spreads itself not only from file to file but also from computer to computer.
is software that, although purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements without the consent of the computer use
a special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission
a form of malicious software that infects your computer and asks for money.
open a way into the network for future attacks
denial-of-service attack (DoS)
floods a website with so many request for service that it slows down or crashes
distributed denial-of-service attack (DDoS)
attacks from multiple computers that flood a website with so many requests for service that it slows down or crashes. a common type is the Ping of Death in which thousands of computers try to access a website at the same time overloadin it and shutting it down
viruses and worms change their form as they propagate
hides inside other software, usually as an attachment or a downloadable file
a process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system.
attack computer systems by transmitting a virus hoax with real virus attached. by masking the attck in a seemingly legitimate message unsuspecting users more readily distribute the message and send the attack on to their co workers and friends infecting
includes a variety of threats such as viruses, worms, and trojan horses
consists of altering the contents of packets as they travel over the Internet or altering data on computer disks after penetrating a network.
a program or device that can monitor data traveling over a network. snifflers can show the data being transmitted over a network, including passwords and sensitive info. snifflers tend to be a favorite weapon in the hackers arsenal
consists of forging the return address on an email so that the message appears to come from someone other than the acutal sender. this is not a virus but rather a way by which virus authors conceal their identities as they send out viruses
fake blogs created solely to raise the search engine rank of affiliated websites. even blogs that are legitimate are plagued by spam, with spammers taking advantage of the comment feature of most blogs to comment with links to spam sites
software that comes hidden in free downloadable software and tracks online movements , mines the information stored on a computer or uses a computer CPU and storage for some task the use knows nothing about
legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident.
hackers use their social skills to trick people into revealing access credentials or other valuable information
looking through people's trash, is another way hackers obtain information
a form of social engineering in which one individual lies to obtain confidential data about another individual
information security policies
identify the rules required to maintain information security, such as requiring users to log off before leaving for lunch or meetings, never sharing passwords with anyone, and changing passwords every 30 days
information security plan
details how an organization will implement the information security policies
malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines
consists of forging someone's identity for the purpose of fraud
a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses.
a masquerading attack that combines spam with spoofing.
a phishing expedition in which the emails are carefully designed to target a particular person or organization
vishing (or voice phishing)
a phone scam that attempts to defraud people by asking them to call a bogus telephone number to confirm their account information.
reroutes requests for legitimate websites to false websites
a program that secretly takes over another computer for the purpose of launching attacks on other computers.
a group of computers on which a hacker has planted zombie programs
uses a zombie farm, often by an organized crime association, to launch a massive phishing attack.
a method for confirming users' identities
the process of providing a user with permission, including access levels and abilities such as file access, hours of access, and amount of allocated storage space.
small electronic devices that change user passwords automatically. The user enters his or her user ID and token-displayed password to gain access to the network
a device about the size of a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing.
is the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting
a set of measurable characteristics of a human voice that uniquely identifies an individual.
single factor authentication
the traditional security process, which requires a user name and password
two factor authentication
requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token)
multi factor authentication
requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification).
computer viruses that wait for a specific date before executing their instructions.
occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission of unauthorized information.
scrambles information into an alternative form that requires a key or password to decrypt.
information is to decode it and is the opposite of encrypt.
the science that studies encryption, which is the hiding of messages so that only the sender and receiver can read them.
advanced encryption standard (AES)
designed to keep government information secure.
public key encryption (PKE)
uses two keys: a public key that everyone can have and a private key for only the recipient
a trusted third party, such as VeriSign, that validates user identities by means of digital certificates.
data file that identifies individuals or organizations online and is comparable to a digital signature.
hardware and/or software that guard a private network by analyzing incoming and outgoing information for the correct markings
scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware
an organized attempt by a country's military to disrupt or destroy information and communication systems for another country
the use of computer and networking technologies against persons or property to intimidate or coerce governments, individuals, or any segment of society to attain political, religious, or ideological goals.
intrusion detection software (IDS)
features full-time monitoring tools that search for patterns in network traffic to identify intruders. IDS protects against suspicious network traffic and attempts to access files and data.
Ethical computer use policy
Acceptable use policy
Social media policy
People / authentication and authorization
Data / prevention and resistance
Attacks / detection and response
A trusted third party such as Verisign that validates user identities by means of digital certificates
3 reasons why organizations should develop written epoliciies
Establish : employee procedures, organizations rules, employee guidelines
Outlines the corporate guidelines or principles governing employee online communications
An anti spamming approach where the receiving computer launches a return attack against the spammer , sending email messages back to the computer that originated the suspected spam