Foundations of Information Systems: Information Security and Control

This set of flashcards covers key vocabulary and concepts related to information security and control as discussed in the Foundations of Information Systems course.

Information Security

The processes and policies designed to protect an organization’s information and ISs from unauthorized access, use, disclosure, disruption, modification, or destruction.

Unintentional Threats

Acts performed without malicious intent that represent a serious threat to information security, often stemming from human error.

Social Engineering

An attack where the perpetrator uses social skills to trick employees into providing confidential company information.

Ransomware

A type of malicious software that blocks access to a system or encrypts data until a ransom is paid.

Risk Mitigation Strategies

Strategies to manage risks including risk acceptance, risk limitation, and risk transference.

Human Mistakes

Errors made by individuals that can lead to breaches in information security, such as carelessness with devices and poor password management.

Access Controls

Measures put in place to restrict unauthorized individuals from using information resources.

Physical Controls

Controls that prevent unauthorized access to a company’s facilities, such as gates, guards, and alarm systems.

Deliberate Threats

Intentional actions aimed at compromising information systems, such as espionage, sabotage, and data theft.

Firewalls

Security devices or software that monitor and control incoming and outgoing network traffic based on predetermined security rules.