CMSC 304 Final Exam

Corporate Social Responsibility (CSR)

The concept that an organization should act ethically by taking responsibility for the impact of its actions on its shareholders, consumers, employees, community, environment, and suppliers; makes companies look good publicity-wise

Stakeholder

Someone who stands to gain or lose, depending on how a particular situation is resolved

Ethics Officer

Serves as organization’s internal control point for ethics and improprieties, allegations, complaints, and conflicts of interest and provides corporate leadership and advice on corporate governance issues

Board of Directors

Responsible for the careful and responsible management of an organization; for-profit organization: primary objective is to oversee the organization’s business activities and management for the benefit of all stakeholders; non-profit organization: board reports to the community that it serves

Code of ethics

a statement that highlights an organization’s key ethical issues and identifies the overarching values and principles that are important to the organization and its decision making

social audits

a formal review of a company’s endeavors, procedures, and code of conduct regarding social responsibility and the company’s impact on society

Mission Statement

Used by a company to explain its purpose for being; explains company’s cultures, values, and ethics

Problem Statement

Most important part of the decision-making process; clear and concise description of the issue that needs to be addressed

Identify Alternatives

Second step of the decision-making process; enlisting the help of others is ideal

Implement the Decision

Fourth step in the decision-making process; transition plan

Evaluate the Results

Last step in decision-making process

Fraud

The crime of obtaining goods, services, or property through deception or trickery

Breach of Contract

When one party fails to meet the terms of a contract

Foreign Corrupt Practices Act (FCPA)-Fine

Makes it a crime to bribe a foreign official, a foreign political party official, or a candidate for foreign political office

Internet Censoring

The control or suppression of the publishing or accessing of information on the Internet

Whistle Blower

An effort made by an employee to attract attention to a negligent, illegal, unethical, abusive, or dangerous act by a company that threatens the public interest

Resume Inflation

Lying on a resume

Misrepresentation

The misstatement or incomplete statement of a material fact

Bribery

The act of providing money, property, or favors to someone in business or government in order to obtain a business advantage

Separation of Duties

The concept of having different aspects of a process handled by different people to prevent fraud

Professional Code of Ethics

The principles and core values that are essential to the work of a particular occupational group

Association for Computing Machinery (ACM)

A computing society that’s the world’s largest educational and scientific society

Institute of Electrical and Electronics Engineer Computing Society (IEEE)

Institute that covers fields of electrical, electronic, and information technologies and sciences; one of the largest and oldest IT professional associations

SANS Institute

Provides information security training and certifications for a large range of individuals, such as auditors, network administrators, and security managers

Negligence

Not doing something that a reasonable person would do or doing something that a reasonable person would not do

Reasonable Person Standard

A legal standard that defendants who have particular expertise or competence are measured against

Breach of the duty of care

Failure to act as a reasonable person would act

Professional malpractice

breach of duty care by a professional

White Box

A type of dynamic testing that treats the software unit as a device that has expected input and output behaviors but whose internal workings are known

Black Box

A type of dynamic testing that treats the software unit as a device that has expected input and output behaviors but whose internal workings are unknown

Revenge Porn

A form of cyberharassment; often uploaded by ex-partners with an intention to shame, embarrass, and/or harass their former partner

Acceptable Use Policy (AUP)

Document that stipulates restrictions and practices that a user must agree to in order to use organizational computing and network resources

Firewall

Hardware or software (or a combination of both) that serves as the first line of defense between an organization’s network and the Internet; limits access to the company’s network based on the organization’s Internet-use policy

Compliance

To be in accordance with established policies, guidelines, specifications, or legislation

John Doe Lawsuit

A type of lawsuit that organizations may file in order to gain subpoena power in an effort to learn the identity of anonymous Internet users who they believe have caused some form of harm to the organization through their postings

Exploit

An attack on an information system that takes advantage of a particular system vulnerability

System vulnerability

a weakness in an IT system that can be exploited by an attacker to deliver a successful attack

Ransomware

Malware that stops you from using your computer or accessing your data until you meet certain demands, such as paying a ransom or sending photos to the attacker

Viruses

A piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner

Worms

A harmful program that resides in active memory of the computer and duplicates itself

Trojan Horse

A seemingly harmless program in which malicious code is hidden

DDOS (Distributed Denial-of-Service) Attacks

attack in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks

Rootkit

A set of programs that enables its users to gain administrator-level access to a computer without the end user’s consent or knowledge

Advanced Persistent Threats (APT)

A network attack in which an intruder gains access to a network and stays there–undetected–with the intention of stealing data over a long period of time (weeks or even months)

Phishing

The act of fraudulently using email to try to get the recipient to reveal personal data

Smishing

Another variation of phishing that involves the use of texting

CIA Triad

Confidentiality, integrity, and availability

Risk Assessment

The process of assessing security-related risks to an organization’s computers and and networks from both internal and external threats

Disaster Recovery

A documented process for recovering an organization’s business information system assets–including hardware, software, data, networks, and facilities–in the event of a disaster

Authentication & Authorization

Two vital information security processes that administrators use to protect systems and information

Routers

A networking device that connects multiple networks together and forwards data packages from one network to another

Encryption

The process of scrambling messages or data in such a way that only authorized parties can read it

Intrusion detection system (IDS)

software and/or hardware that monitors system and network resources and activities and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment

Intrusion prevention system (IPS)

network security tool (can be hardware or software) that monitors a network for malicious activity and takes action to prevent it

Bill of Rights- Anonymity (purpose of the Bill of Rights)

to protect unpopular individuals from retaliation and their ideas from suppression at the hand of an intolerant society

Fair Credit Reporting Act

An act that regulates the operations of credit-reporting bureaus, including how they collect, store, and use credit information

Graham- Leach Bliley Act

A bank deregulation law that **replaced Glass-Steagall Act** and requires companies that offer consumers financial products or services like loans, financial or investment advice, or insurance– to explain their information-sharing practices to their customers and to safeguard sensitive data

HIPAA (Health Insurance Portability and Accountability Act)

An act designed to improve the portability and continuity of health insurance coverage; to reduce fraud, waste, and abuse in health insurance healthcare delivery; and to simplify the administration of health insurance

Foreign Intelligence Surveillance Act (FISA)

An act that granted NSA expanded authority to collect, without court-approved warrants, international communications as they flow through U.S. telecommunications network communications and facilities

Electronic Communication Privacy Act

An act that deals with the protection of three main issues: 1) the protection of communications while in transfer from sender to receiver; 2) the protection of communications held in electronic storage; and 3) the prohibition of devices from recording dialing, routing, addressing, and signaling information without a search warrant

US Patriot Act

Gave sweeping new powers both to domestic law enforcement and U.S. international intelligence agencies, including increasing the ability of law enforcement agencies to search telephone, email, medical, financial, and other records

EU General Data Protection Act (GDPR)

Designed to strengthen data protection for individuals within the EU by addressing the export of personal data outside the EU, enabling citizens to see and correct their personal data, and ensure data protection consistency across the EU

Freedom of Information Act (FOIA)

A law that grants citizens the right to access certain information and records of federal, state, and local governments upon request

Fourth Amendment

Amendment to U.S. Constitution that protects citizens from unreasonable government searches and is often invoked to protect the privacy of government employees

Vehicle Data Recorder (VDR)

A device that records vehicle and occupant data for a few seconds before, during, and after any vehicle crash that is severe enough to deploy the vehicle’s airbags

Fair and Accurate Credit Transactions Act

amendment to the Fair Credit Reporting Act that allows consumers to request and obtain a free credit report once each year from each of the three primary consumer credit reporting companies (Equifax, Experian, and TransUnion)

Rights To Financial Privacy Act

Act that protects the records of financial institution customers from unauthorized scrutiny by the federal government

American Recovery and Reinvestment Act

Wide-ranging act that authorized $787 billion in spending and tax cuts over a 10-year period and included strong privacy provisions for electronic health records, such as banning the sale of health information, promoting the use of audit trails and encryption, and providing rights of access for patients ( Protects Health Records)

Children’s Online Privacy Protection Act (COPPA)

An act implemented in 1998 in an attempt to give parents control over the collection, use and disclosure of their children’s personal information

First Amendment

Amendment to U.S. Constitution that protects Americans’ right to freedom of religion, freedom of assembly, and freedom to assemble peacefully

Defamation

Making either an oral or written statement of alleged fact that is false and that harms another person

Libel

A written defamatory statement

Strategic Lawsuit Against Public Participation (SLAPP)

A lawsuit filed by corporations, government officials, and others against citizens and community groups who oppose them on matters of concern; the lawsuit is usually without merit and is used to intimidate critics out of fear of the cost and effort associated with a major legal battle

Copyright- US Constitution

The exclusive right to distribute, display, perform, or reproduce an original work in copies or to prepare derivative works based on work; granted to creators of original works of authorship

Patent- US Constitution

Grant of a property right issued by U.S. Patent and Trademark Office to an inventor; permits its owner to exclude the public from making, using, or selling a protected invention, and allows for legal action against violators

Trade Secret

Information, generally unknown to the public, that a company has taken strong measures to keep secret

Uniform Trade Secrets Act (UTSA)

An act drafted in the 1970s to bring uniformity to all United States in the area of trade secret law

Plagiarism

The act of stealing someone’s ideas or words and passing them off as one’s own

Fair Use Doctrine

A legal doctrine that allows portions of copyrighted materials to be used without permission under certain circumstances; Title 17, section 107, of the U.S. Code established the four factors that courts should consider when determining whether a particular use of copyrighted property is fair and can be allowed without penalty: 1) the purpose and character of the use (such as commercial or non-profit use, educational purposes); 2) the nature of the copyrighted work; 3) the portion of the copyrighted work used in relation to the work as a whole; and 4) the effect of the use on the value of the copyrighted work

qui-tam provision

a provision of the False Claims Act that allows a private citizen to file a suit in the name of the U.S. government, charging fraud by government contractors and other entities who receive or use government funds

PRO-IP Act

An act that created the position of Intellectual Property Enforcement Coordinator within the Executive Office of the President; increased the trademark and copyright enforcement and substantially increased penalties for infringement

Reverse Engineering

The process of taking something apart in order to understand it, build a copy of it, or improve it

Open Source Code

Any program whose source code is made available for use or modification, as users or other developers see fit

Competitive Intelligence

The act of collecting and analyzing actionable information about competitors and the marketplace to form a business strategy

Trademark Infringement

A violation of the exclusive rights attached to a trademark without the authorization of the trademark owner or any licensees

Cybersquatting

The practice of registering, trafficking in, or using an Internet domain name, with bad faith intent to profit from the goodwill of a trademark belonging to someone else

Internet Corporation for Assigned Names (ICANN)

A nonprofit corporation responsible for managing the Internet’s domain name system

Software Defect

Any error that, if not removed, could cause a software system to fail to meet its users’ needs

Software Quality

The degree to which a software product meets the needs of its users

Product Liability

The liability of manufacturers, sellers, lessors, and others for injuries caused by defective products

Strict Liability

A situation in which the defendant is held responsible for injuring another person, regardless of negligence or intent

Contributory Negligence

When the plaintiffs’ own actions contributed to their injuries

Breach of Warranty

When a product fails to meet the terms of its warranty

Material breach of contract

when a party fails to perform certain express or implied obligations, which impairs or destroys the essence of the contract

Software Development Methodologies

A standard, proven work process that enables systems analysts, programmers, project managers, and others to make controlled and orderly progress in developing high-quality software

Components of a software methodology

responsibilities, techniques, quality guidelines

Software Testing

Dynamic testing, Static testing, Unit testing, Integration testing, System testing, User acceptance testing

Static Testing

A software testing technique in which software is tested without actually executing the code; consists of two steps: review and static analysis

Unit Testing

A software testing technique that involves testing individual components of code (subroutines, modules, and programs) to verify that each unit performs as intended

Integration Testing

Software testing done after successful unit testing, where the software units are combined into an integrated subsystem that undergoes rigorous testing to ensure that the linkages among the various subsystems work successfully