BCOR 2205 Quiz 2

ethics

the principles and standards that guide our behavior toward other people

information ethics

Govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself

privacy

(major ethical issue) the right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent

Confidentiality

the assurance that messages and information are available only to those who are authorized to view them

intellectual property

intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents

Copyright

the legal protection afforded an expression of an idea, such as a song, book, or video game, and some types of proprietary documents

patent

is an exclusive right to make, use, and sell an invention and is granted by a government to the inventor

pirated software

the unauthorized use, duplication, distribution, or sale of copyrighted software

counterfeit software

software that is manufactured to look like the real thing and sold as such

data/web scraping

the process of importing information from a website into a spreadsheet or local file saved on a computer

click-fraud

the abuse of pay-per-click, pay-per-call, and pay-per-conversion revenue models by repeatedly clicking a link to increase charges or costs for the advertiser

digital trust

is the measure of consumer, partner, and employee confidence in an organizations ability to protect and secure data and the privacy of individuals

information privacy policy

contains general principles regarding information privacy

fair information practices (FIPs)

general term for a set of standard governing the collection and use of personal data for addressing issues of privacy and accuracy

acceptable use policy

Requires a user to agree to it before they are provided access Either email, information systems, or an online platform)

Cybervandalism

electronically deface the website

typosquatt

register with purposely misspelled variations of well known domain names

email privacy policy

details the extent to which email messages may be read by others

social media policy

Outlines the corporate guidelines or principles governing employee online communications

Rule 41: Search and Seizure

-allows a federal judge magistrate to issue a warrant that allows an investigator to gain remote access to a digital device suspected in a crime even if its outside the geographical region
-VPM

the general data protection regulation (GDPR)

Proposed set of regulations adopted by the European Union to protect Internet users from clandestine tracking and unauthorized personal data usage.
-most expensive and expansive data/privacy protection penalty for violation

organizational information is...

intellectual capital - it must be protected

Information Security

The protection of information from accidental or intentional misuse by persons inside or outside an organization

Cybersecurity

involves prevention, detection, and response to cyber attacks that can have wide-ranging effects on the individual, organizations, community, and at the national level

downtime

Refers to a period of time when a system is unavailable

CISA duties

responsible for protecting the nation critical infrastructure from physical and cyber threats

comprehensive cyber protection

24/7 cyber situational awareness, analysis, incident response, and cyber defense capabilities to the federal, state, local, tribal, and territorial governments, the private sector, and International partners

infrastructure resilience

coordinates security and resilience efforts and delivers training, technical assistance, and assessments. Provides all-hazards risk analyses for US critical infrastructure

emergency communications

CISA conducts extensive outreach to support and promote the ability of emergency response providers and relevant government officials to continue to communicate in the event of natural disasters and acts of terrorism

black-hat hackers

break into other people's computer systems and may just look around or may steal and destroy information

crackers

have criminal intent when hacking

cyberterrorists

seek to cause harm to people or to destroy critical systems or information and use the internet as a weapon of mass destruction

Hactivists

have philosophical and political reasons for breaking into systems and will often deface the website as a protest

Script kiddies or script bunnies

find hacking code on the internet and click-and-point their way into systems to cause damage or spread viruses

white-hat hackers

work at the request of the system owners to find system vulnerabilities and plug the holes

Bug Bounty Program

a crowdsourcing program initiative that rewards individuals for discovering and reporting software bugs

virus

software written with malicious intent to cause annoyance or damage

worm

a type of virus that spreads itself, not only from file to file, but also from computer to computer

Malware

software that is intended to damage or disable computers and computer systems.

adware

software that, although purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements without the consent of the computer user

spyware

a special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission

ransomware

a form of malicious software that infects your computer and asks for money

Scareware

A type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software

dumpster diving

looking through peoples trash to obtain information

insiders

legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident

Social Engineering

hackers use their social skills to trick people into revealing access credentials or other valuable information

pretexting

a from of social engineering in which one individual lies to obtain confidential data about another individual

Phishing

A technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses

Vishing

voice phishing - phishing using the phone

pharming

routes requests for legitimate websites to false websites

sock puppet marketing

-the use of false identity to artificially stimulate demand for a product, brand, or service
-sock puppet has very little (If any) detail attached to it and may simply be a fictional name attached to a new google or yahoo email account

Privilege Escalation

a network intrusion attack that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications

vertical privilege escalation

attackers grant themselves a higher access level such as administrator, allowing the attacker to perform illegal actions such as running unauthorized code or deleting data

horizontal privilege escalation

attackers grant themselves the same access levels they already have but assume the identity of another user

first line of defense

-people
-organizations must enable employees, customers, and partners to access information electronically

information security policies

identify the rules required to maintain information security
ex) requiring users to log off before leaving for lunch or meetings, never sharing passwords with anyone, and changing passwords every 30 days

information security plan

details how an organization will implement the information security policies

second line of defense

technology

Authentication

A method for confirming users' identities

Authorization

The process of giving someone permission to do or have something

authentication - username and password

-most common yet least effective
-easy to hack
->50% of help desk calls are password related

tokens

small electronic devices that change user passwords automatically

smart card

A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing

authentication - biometrics

-the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting
-best and most effective way
-costly and intrusive

content filtering

Prevents emails containing sensitive information from transmitting and stops spam and viruses from spreading

Encryption

scrambles information into an alternative form that requires a key or password to decrypt

firewalls

hardware and/or software that guards a private network by analyzing the information leaving and entering the network

Intrusion detection software

Features full-time monitoring tools that search for patterns in network traffic to identify intruders

Data granularity

refers to the extend of detail within the data (fine and detailed vs coarse granular and abstract)

Transactional data

encompasses all of the data contained within a single business process or unit of work, and its primary purpose is to support the performing of daily operational tasks

analytical data

Encompasses all organizational information, and its primary purpose is to support the performing of managerial analysis tasks

real-time data

Immediate, up-to-date data.

real-time system

Provides real-time information in response to requests

data governance

refers to the overall management of the availability, usability, integrity, and security of company data

master data management (MDM)

the practice of gathering data and ensuring that it is uniform, accurate, consistent, and complete, including such entities as customers, suppliers, products, sales, employees, and other critical entities that are commonly integrated across organizational systems

data validation

includes the tests and evaluations used to determine compliance with data governance policies to ensure correctness of data

data base

maintains data about various types of objects (inventory), events (transactions), people (employees), and places (warehouses) as well as data about data (metadata)

MetaData

data about data

data base management systems (DBMS)

allows users to create, read, update, and delete data in a relational database

relational database

contains many tables of data that relate to one another through special key fields

flat file database

contains a single table of data

entity

A person, place, thing, transaction, or event about which information is stored
-described by a set of attributes

relationship

an association among entities

attribute

a collection of related data elements

primary key

a field (or group of fields) that uniquely identifies a given entity in a table.
-must be unique and non-null

foreign key

A primary key of one table that appears as an attribute in another table and acts to provide a logical relationship between the two tables

access level

Determines who has access to the different types of data

access control

Determines types of user access, such as read-only access

data warehouse

a logical collection of data - gathered from many different operational data bases - that support business analysis activities and decision-making tasks

data aggregation

the collection of data from various sources for the purpose of data processing

data cube

the common term for the representation of multidimensional data

data lake

a storage repository that holds a vast amount of raw data in its original format until the business needs it

Data Visulization

describes technologies that allow users to "see: or visualize data to transform data into business perspective

data visualization tools

move beyond Excel graphs and charts into sophisticated analysis techniques such as controls, instruments, maps, time-series graphs, and more

infographics

present the results of data analysis, displaying the patterns, relationships, and trends in a graphical format

data artist

is a business analytics specialist who uses visual tools to help people understand complex data.

business intelligence dashboards

track corporate metrics such as critical success factors and key performance indicators and include advanced capabilities such as interactive controls, allowing users to manipulate data for analysis

Customer resource management (CRM)

involves managing all aspects of a customer's relationship with an organization to increase customer loyalty and retention and an organizations profitability

lead

a person or company that is unknown to your business

account

an existing business relationship exists and can include customers, prospects, partners, and competitions