OMIS 1050 WEEK 12

0.0(0)
studied byStudied by 4 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/49

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

50 Terms

1
New cards

What are the ethical issue categories?

  • privacy

  • accuracy

  • property

  • accessibility

2
New cards

What is info privacy?

right to determine info time & extent gathering & communicating

3
New cards

What rules do court decisions follow about privacy?

  • NOT absolute privacy right

  • right to know: collective > individual

4
New cards

What are some privacy threats?

  • data aggregator / digital dossier / profile

  • e-surveillance

  • info in database & e-bulletin board / newsgroup / social network

5
New cards

What is a data aggregator?

company collecting non/public data & producing digital dossier

6
New cards

What is a digital dossier?

e-description

7
New cards

What is profiling?

creating digital dossier

8
New cards

What are some e-surveillance examples?

  • cam

  • sensor

  • geotag

  • drone

  • Google / Microsoft street view image

9
New cards

What are some concerns about info provided to record keepers?

  • where’s the data?

  • accurate data?

    • change inaccurate data?

    • time?

  • when will data release?

  • data use?

  • who gets data?

    • security?

10
New cards

What are informed consent methods?

opt-…

  • in

  • out

11
New cards

What does P3P stand for?

Platform for Privacy Preferences

12
New cards

What is P3P?

protocol communicating privacy policy between site & visitor

13
New cards

What is PIPEDA?

Personal Information Protection & Electronic Documents Act

14
New cards

Why was PIPEDA developed?

Canada e-commerce strategy component

15
New cards

What is the most important factor for ensuring high customer trust?

personal info protection

16
New cards

What does PIPEDA specify?

fair info principles

17
New cards

What are the fair info principles?

  • accountability

  • purpose

  • consent

  • collection & use / disclosure / retention limit

  • accuracy

  • safeguard

  • openness

  • access

  • compliance challenge

18
New cards

What are some info security threats?

  • natural & manmade disaster

  • employee

    • application & system programmer

    • operator

    • user

  • hardware

    • terminal

    • PCS

    • database

  • insider

  • system software

19
New cards

What are the info system threat categories?

  • unintentional act

  • intentional act

  • natural disaster

  • tech failure

  • management failure

20
New cards

What are some unintentional act threats?

  • human error

  • environment hazard

21
New cards

What are the human error risk areas?

  • HR

  • info system

22
New cards

What are some intentional act threats?

  • software attack

  • identity theft

  • espionage / trespass

  • info extortion

  • sabotage / vandalism

  • theft

23
New cards

What are the software attacks?

  • virus

  • worm

  • trojan horse

  • logic bomb

  • DOS

  • social engineering

  • identity theft

24
New cards

What is a virus?

computer code segment

  • attach to other program

25
New cards

What is a worm?

computer code segment

  • spread by itself

26
New cards

What is a trojan horse?

software

  • hide in other program & reveal behaviour when activate

27
New cards

What is a logic bomb?

computer code segment

  • embed in existing program & activate destructive act at date / time

28
New cards

What does DOS stand for?

Denial Of Service

29
New cards

What is DOS?

performing attack preventing system from providing service to user

30
New cards

What is social engineering?

attack using social skills to trick employee to provide info

31
New cards

What is social engineering also called?

phishing

32
New cards

What are some social engineering examples?

  • credit card number

  • phony message & site

33
New cards

What is the fastest growing info crime?

identity theft

34
New cards

What do firms do to protect info?

  • info security control

35
New cards

What is info security control?

  • layer control

  • business continuity plan

36
New cards

What are the control layers?

  • environment

  • general

  • application

37
New cards

What is environment control?

  • management attitude BY

    • action

    • policy

      • ethics

      • supervision quality

38
New cards

What is general control?

security system requiring user & password

  • firewall

39
New cards

What is application control?

  • individual area

    • input

    • process

    • output

40
New cards

What is application control’s purpose?

  • accuracy

  • completeness

  • authorization

  • audit trail

41
New cards

Where are general controls located?

  • physical

  • access

  • communication

42
New cards

What are the access controls’ authentications?

something the user…

  • is

  • has

  • does

  • knows

43
New cards

What defines “something the user is?”

biometrics

44
New cards

What is biometrics?

examining innate physical characteristic

45
New cards

What defines “something the user has?”

  • ID & smart card

  • token

46
New cards

What defines “something the user does?”

  • voice

  • signature recognition

47
New cards

What defines “something the user knows?”

pass…

  • word

  • phrase

48
New cards

What are some communication controls?

  • firewall

  • antimalware

  • white / black …list

  • intrusion detection

  • encryption

49
New cards

What is the cheapest control to execute but hardest to implement?

security policy

50
New cards

Why is shaping policy difficult?

  • ensure no law conflict

    • if challenge, stand in court

  • properly administer