Information Management1.Dashboard2.My courses3.MIS62224.Week 14: Risk Security And Disaster Recovery5.Final ExamQuestion3Not yet answeredMarked out of 1.00Flag questionQuestion textA computer network within a building, or a campus of adjacent buildings, is called a
Get answer to your question and much more
Question6Not yet answeredMarked out of 1.00
Flag questionQuestion textA _____ is a type of malware that spreads in a network without human intervention.Select one:
Get answer to your question and much more
Question7Not yet answeredMarked out of 1.00Flag questionQuestion textBecause of _____, a company’s nationality is not always obvious.Select one:
Get answer to your question and much more
d.their dispersed operationsQuestion8Not yet answeredMarked out of 1.00Flag questionQuestion textWiMAX is a____ technology.The smallest piece of data is called a ___.Select one:Question9Not yet answeredMarked out of 1.00Flag questionQuestion textTrue or False: Business decisions are not affected by geographic locations.Question10Not yet answeredMarked out of 1.00Flag questionQuestion textThe smallest piece of data is called a ___.Select one:
Get answer to your question and much more
Question11Not yet answeredMarked out of 1.00Flag questionQuestion textOne of the risks of software licensing is the ____.Select one:a.difficulty in modifications to meet specific needsb.lack of after-sales supportc.increased duration for system availability and implementation
Question13Not yet answeredMarked out of 1.00Flag questionQuestion textTrue or False: Compilers and interpreters are types of programming language translators.
Get answer to your question and much more
Question14Not yet answeredMarked out of 1.00Flag questionQuestion text_______ are high-frequency radio waves that can carry signals over long distances with highaccuracy.Select one:
Get answer to your question and much more
Question15Not yet answeredMarked out of 1.00Flag questionQuestion textThe _____ available in some countries is too narrow for high-volume transmission ofgraphically and animation-rich webpages.
Upload your study docs or become a
Course Hero member to access this document
Upload your study docs or become a
Course Hero member to access this document
End of preview. Want to read all 17 pages?
Upload your study docs or become a
Course Hero member to access this document
Tags
relation, company s nationality
Reduce the risk of systems and organizations ceasing operations
Maintain information confidentiality
Ensure the integrity and reliability of data resources
Ensure the uninterrupted availability of data resources and online operations
Ensure compliance with policies and laws regarding security and privacy
Major goals of information security
time during which ISs or data are not available in the course of conducting business, has become a dreaded situation for almost every business worldwide
total losses of electrical power
voltage of the power decreases, or very short interruptions
occur in the flow of power
power can cause irreparable damage to hardware
Uninterruptible Power Supply (UPS)
systems which provide an alternative power supply for a short time, as soon as a power network fails
Keylogging
software that records individual keystrokes
telephoning an employee from a telephone company or the organization's own IT unit, and saying they must have the employee's password to fix a problem
allows for important information to be stolen
When a criminal has a person's identifying details, such as Social Security number, driver's license number, or credit-card number, they can pretend to be this person
bogus record in a networked database that neither employees nor buinsess partners would ever access for legitimate purposes
server that contains a mirrored copy of a production database (a database that is used for business operations), or one with invalid records
so named because they act on programs and data in a fashion similar to the way viruses act on living tissue
easily spread from computer to computer
spreads in a network without human intervention
attacks computers without the need to send e-mail or open any received files
readily available on the market from companies that specialize in developing this kind of software
Kaspersky, Symantec, McAfee
analogous to the destructive gift given
to the ancient Trojans, as described in Greek mythology
viruses disguised as legitimate software or useful software
software that is programmed to cause damage at a specified time to specific applications and data files
Lies dormant until a certain event takes place in the computer or until the computer's inner clock reaches the specified time; the event or time triggers the virus to start causing damage
occurs when a Web site receives an overwhelming number of information requests, such as merely logging on to a site
using some or all of the resources of a computer linked to a public network without the consent of its owner
constraints and other restrictions imposed on a user or a system, and they can be used to secure systems against the risks just discussed or to reduce damage caused to systems, applications, and data
automatic duplication of all data periodically to protect against loss of data
Redundant Arrays of Independent Disks
set of disks that is programmed to replicate stored data, providing a higher degree of reliability
measures taken to ensure that only those who are authorized have access to a computer or network, or to certain applications or data
unique physical, measurable characteristic of a human being that is used to identify a person
fingerprints, retinal scans, voiceprints
set of indivisible transactions; either all transactions are executed or none are--never only some
ensures that only full entry occurs in all the appropriate files
series of documented facts that help detect who recorded which transactions, at what time, and under whose approval
sometimes automatically created using data, such as the date and time of a transaction or the name or password of the user updating the file
Information Systems Auditor
Electronic
Data Processing Auditor
professional whose job it is to find erroneous or fraudulent cases and investigate them
hardware and software that blocks access to computing resources
Demilitarized Zone
approach to security that involves a network of computers that are connected to the company;s trusted network (such as an intranet) at one end and the untrusted network--the public
Internet--at the other end
represents another server for all information requests from resources inside the trusted network
Can also be placed between the Internet and the organization's trusted network when there is no DMZ
process of ensuring that the person who sends a message to or receives a message from you is indeed that person
can be accomplished by senders and receivers
exchanging codes known only to them
Coding a message into a form unreadable to an interceptor
when both the sender and recipient use the same secret key
requires that the recipient have the key before the encrypted text is received
key is referred to simply as a secret key or private key
comprising two keys: one is public, and
the other is private
it is clear why this type of encryption is also called "public-key" encryption
Transport Layer Security (TLS)
used for transactions on the Web
successor of Secure Socket Layer (SSL) and works following the same principles as SSL, with some additional improvements
a part of virtually all current Web browsers
secure version of HTTP
encrypts communication using SSL or TLS (all done by the browser)
way to authenticate online messages, analogous to a physical signature on a piece of paper, but implemented with public-key cryptography
authenticates the identity of the sender of a message and also guarantees that no one has altered the sent document; its as if the message were carried in an
electronically sealed envelope
akin to the unique fingerprint of a file
software uses private (secret) key to encrypt the message digest
the result is a digital signature for that specific file
computer files that serve as the equivalent of ID cards by associating one's identity with one's public key
Certificate Authority (CA)
organization that serves as a trusted third party that issues digital certificates
Single Sign-on
users are required to identify themselves only once before accessing several different systems
requires special software that interacts with all the systems in an organization, and the systems must be linked through a network
Disaster Recovery Plans, Business Resumption Plans, Business Continuity Plans
well-planned programs in place that prepare for mishaps, either natural or malicious
detail what should be done and by whom if critical systems go down
Obtain management's commitment to the plan Establish a planning committee Perform risk assessment and impact analysis Prioritize recovery needs Select a recovery plan Select vendors Develop and implement the plan Test the plan Continually test and evaluate
Nine Steps to Develop a Business Recovery Plan
Mission-Critical Applications
applications without which the business cannot conduct its operations
given highest priority
categorized into classes such as: critical, vital, sensitive, noncritical
alternative sites provided by companies
IBM, Hewlett-Packard, SunGard Availability Services
provide backup and operation facilities to which a client's employees can move and continue operations in case of a disaster