D333 Terms

studied byStudied by 13 people
4.0(1)
Get a hint
Hint

acceptable use policy (AUP)

1 / 331

encourage image

There's no tags or description

Looks like no one added any tags here yet for you.

332 Terms

1

acceptable use policy (AUP)

A document that stipulates restrictions and practices that a user must agree in order to use organizational computing and network resources.

New cards
2

acceptance

When an organization decides to accept a risk because the cost of avoiding the risk outweighs the potential loss of the risk. A decision to accept a risk can be extremely difficult and controversial when dealing with safety-critical systems because making that determination involves forming personal judgments about the value of human life, assessing potential liability in case of an accident, evaluating the potential impact on the surrounding natural environment, and estimating the system's costs and benefits.

New cards
3

advanced persistent threat (APT)

A network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time (weeks or even months).

New cards
4

agile development

A software development methodology in which a system is developed in iterations lasting from one to four weeks. Unlike the waterfall system development model, agile development accepts the fact that system requirements are evolving and cannot be fully understood or defined at the start of the project.

New cards
5

Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS)

An agreement of the World Trade Organization that requires member governments to ensure that intellectual property rights can be enforced under their laws and that penalties for infringement are tough enough to deter further violations.

New cards
6

American Recovery and Reinvestment Act

A wide-ranging act that authorized $787 billion in spending and tax cuts over a 10-year period and included strong privacy provisions for electronic health records, such as banning the sale of health information, promoting the use of audit trails and encryption, and providing rights of access for patients.

New cards
7

annualized loss expectancy (ALE)

The estimated loss from a potential risk event over the course of a year. The following equation is used to calculate the annual loss expectancy: ARO × SLE = ALE. Where ARO is the annualized rate of occurrence, an estimate of the probability that this event will occur over the course of a year and SLE is the single loss expectancy, the estimated loss that would be incurred if the event happens.

New cards
8

annualized rate of occurrence (ARO)

An estimate of the probability that a risk event will occur over the course of a year.

New cards
9

anonymous expression

The expression of opinions by people who do not reveal their identity.

New cards
10

anonymous remailer service

A service that allows anonymity on the Internet by using a computer program that strips the originating header and/or IP address from the message and then forwards the message to its intended recipient.

New cards
11

anti-SLAPP laws

Laws designed to reduce frivolous SLAPPs (strategic lawsuit against public participation (SLAPP), which is a lawsuit filed by corporations, government officials, and others against citizens and community groups who oppose them on matters of concern).

New cards
12

antivirus software

Software that scans for a specific sequence of bytes, known as a virus signature, that indicates the presence of a specific virus.

New cards
13

artificial intelligence systems

The people, procedures, hardware, software, data, and knowledge needed to develop computer systems and machines that can simulate human intelligence processes, including learning (the acquisition of information and rules for using the information), reasoning (using rules to reach conclusions), and self-correction (using the outcome from one scenario to improve its performance on future scenarios).

New cards
14

audit committee

A group that provides assistance to the board of directors in fulfilling its responsibilities with respect to the oversight of the quality and integrity of the organization's accounting and reporting practices and controls, including financial statements and reports; the organization's compliance with legal and regulatory requirements; the qualifications, independence, and performance of the company's independent auditor; and the performance of the company's internal audit team.

New cards
15

avoidance

The elimination of a vulnerability that gives rise to a particular risk in order to avoid the risk altogether. This is the most effective solution but often not possible due to organizational requirements and factors beyond an organization's control.

New cards
16

Bathsheba syndrome

The moral corruption of people in power, which is often facilitated by a tendency for people to look the other way when their leaders act inappropriately.

New cards
17

best practice

A method or technique that has consistently shown results superior to those achieved with other means and that is used as a benchmark within a particular industry.

New cards
18

Bill of Rights

The first 10 amendments to the United States Constitution that spell out additional rights of individuals.

New cards
19

black-box testing

A type of dynamic testing that involves viewing the software unit as a device that has expected input and output behaviors but whose internal workings are unknown (a black box).

New cards
20

blended threat

A sophisticated threat that combines the features of a virus, worm, Trojan horse, and other malicious code into a single payload.

New cards
21

body of knowledge

An agreed-upon sets of skills and abilities that all licensed professionals must possess.

New cards
22

botnet

A large group of computers, which are controlled from one or more remote locations by hackers, without the knowledge or consent of their owners.

New cards
23

breach of contract

The failure of one party to meet the terms of a contract.

New cards
24

breach of the duty of care

The failure to act as a reasonable person would act.

New cards
25

breach of warranty

When a product fails to meet the terms of its warranty.

New cards
26

bribery

The act of providing money, property, or favors to someone in business or government in order to obtain a business advantage.

New cards
27

bring your own device (BYOD)

A business policy that permits, and in some cases, encourages employees to use their own mobile devices (smartphones, tablets, or laptops) to access company computing resources and applications, including email, corporate databases, the corporate intranet, and the Internet.

New cards
28

BSA | The Software Alliance

A trade group that represent the world's largest software and hardware manufacturers.

New cards
29

business continuity plan

A risk-based strategy that includes an occupant emergency evacuation plan, a continuity of operations plan, and an incident management plan with an active governance process to minimize the potential impact of any security incident and to ensure business continuity in the event of a cyberattack or some form of disaster.

New cards
30

business information system

A set of interrelated components—including hardware, software, databases, networks, people, and procedures—that collects and processes data and disseminates the output.

New cards
31

Capability Maturity Model Integration (CMMI) models

Collection of best practices that help organizations improve their processes.

New cards
32

CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart)

Software that generates and grades tests that humans can pass and all but the most sophisticated computer programs cannot.

New cards
33

certification

Indicates that a professional possesses a particular set of skills, knowledge, or abilities, in the opinion of the certifying organization. Certification can also apply to products (e.g., the Wi-Fi CERTIFIED logo assures that the product has met rigorous interoperability testing to ensure that it will work with other Wi-Fi-certified products) and is generally voluntary.

New cards
34

Child Online Protection Act (COPA)

An act signed into law in 1998 with the aim of prohibiting the making of harmful material available to minors via the Internet; the law was ultimately ruled largely unconstitutional.

New cards
35

Children's Internet Protection Act (CIPA)

An act passed in 2000; it required federally financed schools and libraries to use some form of technological protection (such as an Internet filter) to block computer access to obscene material, pornography, and anything else considered harmful to minors.

New cards
36

Children's Online Privacy Protection Act (COPPA)

An act implemented in 1998 in an attempt to give parents control over the collection, use, and disclosure of their children's personal information.

New cards
37

CIA security triad

Refers to confidentiality, integrity, and availability.

New cards
38

clinical decision support (CDS)

A process and a set of tools designed to enhance healthcare-related decision making through the use of clinical knowledge and patientspecific information to improve healthcare delivery.

New cards
39

CMMI-Development (CMMI-DEV)

A specific application of CMMI frequently used to assess and improve software development practices.

New cards
40

code of ethics

A statement that highlights an organization's key ethical issues and identifies the overarching values and principles that are important to the organization and its decision making.

New cards
41

coemployment relationship

A employment situation in which two employers have actual or potential legal rights and duties with respect to the same employee or group of employees.

New cards
42

Communications Assistance for Law Enforcement Act (CALEA)

An act passed in 1994 that amended the Wiretap Act and Electronic Communications Privacy Act, which required the telecommunications industry to build tools into its products that federal investigators could use—after obtaining a court order—to eavesdrop on conversations and intercept electronic communications.

New cards
43

Communications Decency Act (CDA)

Title V of the Telecommunications Act, it aimed at protecting children from pornography, including imposing $250,000 fines and prison terms of up to two years for the transmission of "indecent" material over the Internet.

New cards
44

compliance

To be in accordance with established policies, guidelines, specifications, or legislation.

New cards
45

computer forensics

A discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a manner that preserves the integrity of the data gathered so that it is admissible as evidence in a court of law.

New cards
46

computerized provider order entry (CPOE) system

A system that enables physicians to place orders (for drugs, laboratory tests, radiology, physical therapy) electronically, with the orders transmitted directly to the recipient.

New cards
47

conflict of interest

A conflict between a person's (or firm's) self-interest and the interests of a client.

New cards
48

contingent work

A job situation in which an individual does not have an explicit or implicit contract for long-term employment.

New cards
49

contributory negligence

When the plaintiffs' own actions contributed to their injuries.

New cards
50

Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM)

A law that specifies that it is legal to spam, provided the messages meet a few basic requirements—spammers cannot disguise their identity by using a false return address, the email must include a label specifying that it is an ad or a solicitation, and the email must include a way for recipients to indicate that they do not want future mass mailings.

New cards
51

cookie

Text files that can be downloaded to the hard drives of users who visit a website, so that the website is able to identify visitors on subsequent visits.

New cards
52

copyright

The exclusive right to distribute, display, perform, or reproduce an original work in copies or to prepare derivative works based on the work; granted to creators of original works of authorship.

New cards
53

copyright infringement

A violation of the rights secured by the owner of a copyright; occurs when someone copies a substantial and material part of another's copyrighted work without permission.

New cards
54

corporate compliance officer

AKA corporate ethics officer. A senior-level manager who provides an organization with vision and leadership in the area of business conduct.

New cards
55

corporate ethics officer

A senior-level manager who provides an organization with vision and leadership in the area of business conduct.

New cards
56

corporate social responsibility (CSR)

The concept that an organization should act ethically by taking responsibility for the impact of its actions on its shareholders, consumers, employees, community, environment, and suppliers.

New cards
57

cost per click (CPC)

One of the two common methods of charging for paid media, where ads are paid for only when someone actually clicks on them.

New cards
58

cost per thousand impressions (CPM)

One of the two common methods of charging for paid media, where ads are billed at a flat rate per 1,000 impressions, which is a measure of the number of times an ad is displayed—whether it was actually clicked on or not.

New cards
59

cyberabuse

Any form of mistreatment or lack of care, both physical and mental, based on the use of an electronic communications device that causes harm and distress to others.

New cards
60

cyberespionage

The deployment of malware that secretly steals data in the computer systems of organizations, such as government agencies, military contractors, political organizations, and manufacturing firms.

New cards
61

cyberharassment

A form of cyberabuse in which the abusive behavior, which involves the use of an electronic communications device, is degrading, humiliating, hurtful, insulting, intimidating, malicious, or otherwise offensive to an individual or group of individuals causing substantial emotional distress.

New cards
62

cyberloafing

Using the Internet for purposes unrelated to work such as posting to Facebook, sending personal emails or Instant messages, or shopping online.

New cards
63

cybersquatter

A person or company that registers domain names for famous trademarks or company names to which they have no connection, with the hope that the trademark's owner will buy the domain name for a large sum of money.

New cards
64

cyberstalking

Threatening behavior or unwanted advances directed at an adult using the Internet or other forms of online and electronic communications; the adult version of cyberbullying.

New cards
65

cyberterrorism

The intimidation of government or civilian population by using information technology to disable critical national infrastructure (e.g., energy, transportation, financial, law enforcement, and emergency response) to achieve political, religious, or ideological goals.

New cards
66

decision support system (DSS)

A type of business information system used to improve decision making in a variety of industries.

New cards
67

defamation

Making either an oral or a written statement of alleged fact that is false and that harms another person.

New cards
68

Defend Trade Secrets Act of 2016

An act passed in 2016 that amended the Economic Espionage Act to create a federal civil remedy for trade secret misappropriation.

New cards
69

deliverable

Products created during various stages of the development process, including statements of requirements, flowcharts, and user documentation.

New cards
70

Department of Homeland Security (DHS)

A large federal agency with more than 240,000 employees and a budget of almost $65 billion whose goal is to provide for a "safer, more secure America, which is resilient against terrorism and other potential threats."

New cards
71

design patent

A type of patent that permits its owner to exclude others from making, using, or selling the design in question.

New cards
72

Digital Millennium Copyright Act (DMCA)

Signed into law in 1998, the act addresses a number of copyright-related issues, with Title II of the act providing limitations on the liability of an Internet service provider for copyright infringement.

New cards
73

disaster recovery plan

A documented process for recovering an organization's business information system assets—including hardware, software, data, networks, and facilities—in the event of a disaster.

New cards
74

distributed denial-of-service (DDoS) attack

An attack in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks.

New cards
75

Doxing

Doing research on the Internet to obtain someone's private personal information—such as home address, email address, phone numbers, and place of employment—and even private electronic documents, such as photographs, and then posting that information online without permission.

New cards
76

duty of care

The obligation to protect people against any unreasonable harm or risk.

New cards
77

dynamic testing

A QA process that tests the code for a completed unit of software by actually entering test data and comparing the results to the expected results.

New cards
78

earned media

Media exposure an organization gets through press and social media mentions, positive online ratings, reviews, tweets and retweets, reposts (or "shares"), recommendations, and so on.

New cards
79

Economic Espionage Act (EEA) of 1996

An act passed in 1996 to help law enforcement agencies pursue economic espionage. It imposes penalties of up to $10 million and 15 years in prison for the theft of trade secrets.

New cards
80

Electronic Communications Privacy Act (ECPA)

An act that deals with the protection of three main issues: (1) the protection of communications while in transfer from sender to receiver; (2) the protection of communications held in electronic storage; and (3) the prohibition of devices from recording dialing, routing, addressing, and signaling information without a search warrant.

New cards
81

electronic discovery (e-discovery)

The collection, preparation, review, and production of electronically stored information for use in criminal and civil actions and proceedings.

New cards
82

electronic health record (EHR)

A comprehensive view of the patient's complete medical history designed to be shared with authorized providers and staff from more than one organization.

New cards
83

electronic medical record (EMR)

A collection of health-related information on an individual that is created, managed, and consulted by authorized clinicians and staff within a single healthcare organization.

New cards
84

Electronic Product Environmental Assessment Tool (EPEAT)

A system that enables purchasers to evaluate, compare, and select electronic products based on a total of 51 environmental criteria.

New cards
85

electronically stored information (ESI)

Any form of digital information, including emails, drawings, graphs, web pages, photographs, word-processing files, sound recordings, and databases stored on any form of magnetic storage device, including hard drives, CDs, and flash drives.

New cards
86

employee leasing

A business arrangement in which an organization (called the subscribing firm) transfers all or part of its workforce to another firm (called the leasing firm), which handles all human resource-related activities and costs, such as payroll, training, and the administration of employee benefits. The subscribing firm leases these workers to an organization, but they remain employees of the leasing firm.

New cards
87

encryption

The process of scrambling messages or data in such a way that only authorized parties can read it.

New cards
88

encryption key

A value that is applied (using an algorithm) to a set of unencrypted text (plaintext) to produce encrypted text that appears as a series of seemingly random characters (ciphertext) that is unreadable by those without the encryption key needed to decipher it.

New cards
89

ethics

A code of behavior that is defined by the group to which an individual belongs.

New cards
90

European Union Data Protection Directive

A directive that requires any company doing business within the borders of the countries comprising the European Union (EU) to implement a set of privacy directives on the fair and appropriate use of information.

New cards
91

exploit

An attack on an information system that takes advantage of a particular system vulnerability.

New cards
92

failure mode

A description of how a product or process could fail to perform the desired functions described by the customer.

New cards
93

failure mode and effects analysis (FMEA)

An important technique used to develop ISO 9000-compliant quality systems by both evaluating reliability and determining the effects of system and equipment failures.

New cards
94

Fair and Accurate Credit Transactions Act

An amendment to the Fair Credit Reporting Act passed in 2003 that allows consumers to request and obtain a free credit report once each year from each of the three primary consumer credit reporting companies (Equifax, Experian, and TransUnion).

New cards
95

Fair Credit Reporting Act

An act that regulates the operations of credit-reporting bureaus, including how they collect, store, and use credit information.

New cards
96

fair information practices

A term for a set of guidelines that govern the collection and use of personal data.

New cards
97

fair use doctrine

A legal doctrine that allows portions of copyrighted materials to be used without permission under certain circumstances. Title 17, section 107, of the U.S. Code established the following four factors that courts should consider when deciding whether a particular use of copyrighted property is fair and can be allowed without penalty: (1) the purpose and character of the use (such as commercial use or nonprofit, educational purposes), (2) the nature of the copyrighted work, (3) the portion of the copyrighted work used in relation to the work as a whole, and (4) the effect of the use on the value of the copyrighted work.

New cards
98

False Claims Act

A law enacted during the U.S. Civil War to combat fraud by companies that sold supplies to the Union Army; also known as the Lincoln Law. See also qui tam.

New cards
99

Family Educational Rights and Privacy Act (FERPA)

A federal law that assigns certain rights to parents regarding their children's educational records.

New cards
100

firewall

Hardware or software (or a combination of both) that serves as the first line of defense between an organization's network and the Internet; a firewall also limits access to the company's network based on the organization's Internet-usage policy.

New cards

Explore top notes

note Note
studied byStudied by 20 people
Updated ... ago
5.0 Stars(2)
note Note
studied byStudied by 45 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 12209 people
Updated ... ago
4.9 Stars(56)
note Note
studied byStudied by 18 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 17 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 62 people
Updated ... ago
5.0 Stars(2)
note Note
studied byStudied by 235 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 11 people
Updated ... ago
5.0 Stars(1)

Explore top flashcards

flashcards Flashcard51 terms
studied byStudied by 2 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard78 terms
studied byStudied by 8 people
Updated ... ago
4.5 Stars(2)
flashcards Flashcard22 terms
studied byStudied by 49 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard300 terms
studied byStudied by 7 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard142 terms
studied byStudied by 36 people
Updated ... ago
5.0 Stars(6)
flashcards Flashcard33 terms
studied byStudied by 23 people
Updated ... ago
5.0 Stars(2)
flashcards Flashcard119 terms
studied byStudied by 4 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard20 terms
studied byStudied by 1628 people
Updated ... ago
4.5 Stars(27)