The use of a false identity to artificially stimulate demand for a product, brand, or service

the principles and standards that guide our behavior toward other people

govern the ethical and moral issues arising from the development and use of information technologies as well as the creation, collection, duplication, distribution, and processing of information itself (with or without the aid of computer technologies)

right to be left alone when you want to be, to have control over your personal possessions, and not to be observed without your consent

assurance that messages and information remain available only to those authorized to view them

legal protection afforded an expression of an idea, such as a song, book, or video game

software that is manufactured to look like the real thing and sold as such

technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution

digital rights management

exclusive right to make, use, and sell an invention and is granted by a government to the inventor

unauthorized use, duplication, distribution, or sale of copyrighted software

intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents

part of the US federal rules of criminal procedure that covers the search and seizure of physical and digital evidence; investigator to get remote access to a digital device suspected in a crime even if it is outside of the geographic jurisdiction; prevent criminals from hiding the location of a computing device

measure of consumer, partner, and employee confidence in an organization’s ability to protect and secure data and the privacy of individuals

ability if a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or information inquiry

ediscovery (electronic discovery)

passed to protect minors from accessing inappropriate material online

child online protection act

ethical guidelines for information management

category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity

method or system of government for information management or control

examines the organizational resource of information and regulates its definitions, uses, value, and distribution, ensuring that it has the types of data/information required to function and grow effectively

act of conforming, acquiescing, or yielding information

ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged

policies and procedures that address information management along with the ethical use of computers and the internet in the business environment

contains general principles to guide computer user behavior

ethical computer use policy

abuse of pay-per-click, pay-per-call, and pay-per-conversion revenue models by repeatedly clicking a link to increase charges or costs for the advertiser

computer crime in which a competitor or disgruntled employee increases a company’s search advertising costs by repeatedly clicking the advertiser’s link

threats, negative remarks, or defamatory comments transmitted through the internet or posted on the website

act or object that poses a danger to assets

allows employees to use their personal mobile devices and computers to access enterprise data and applications

bring your own device (BYOD)

process of extracting large amounts of data from a website and saving it to a spreadsheet or computer; efficient

data scraping
web scraping

contains general principles regarding information privacy

information privacy policy

set of standards governing the collection and use of personal data and addressing issues of privacy and accuracy

fair information practices (FIP)

legal framework that sets guidelines for the collection and processing of personal information of individuals within the european union

general data protection regulation

requires a user to agree to follow it to be provided access to corporate email, information systems, and the internet

acceptable use policy (AUP)

contractual stipulation to ensure that é business participants do not deny their online actions

contains general principles to guide the proper use of the internet

electronic defacing of an existing website

problem that occurs when someone registers purposely misspelled variations of well-known domain names

theft of a website’s name that occurs when someone, posing as a site’s administrator, changes the ownership of the domain name assigned to the website to another website owner

government attempts to control internet traffic, thus preventing some material from being viewed by a country’s citizens

details the extent to which email messages may be read by others

sends a massive amount of email to a specific person or system that can cause that user’s server to stop functioning

states that email users will not send unsolicited emails

anti-spamming approach by which the receiving computer launches a return attack against the spammer, sending email messages back to the computer that originated the suspected spam

outlining the corporate guidelines or principles governing employee online communications

allowing individuals to request to have all content that violates their privacy removed

process of monitoring and responding to what is being said about a company, individual, product, or brand

person within the organization who is trusted to monitor, contribute, filter, and guide the social media presence of a company, individual, product, or brand

tangible protection such as alarms, guards, fireproof doors, fences, and vaults

tracks people’s activities by such measures as number of keystrokes, error rate, and number of transactions processed

stating explicitly how, when, and where the company monitors its employees

employee monitoring policy

period of time when a system is unavailable

malicious attempts to access or damage a computer system

prevention, detection, and response to cyberattacks that can have wide-ranging effects on the individual, organizations, community, and at the national level

encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization

builds the national capacity to defend against cyberattacks and works with federal government to provide cyber security tools, incident response services, and assessment capabilities to safeguard the ‘.gov’ networks that support the essential operations of partner departments and agencies

cyber security and infrastructure security agency (CISA)

experts in technology who use their knowledge to break into computers and computer networks, either for profit or simply for the challenge

computer attack by which an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network

crowdsourcing initiative that rewards individuals for discovering and reporting software bugs

software written with malicious intent to cause annoyance or damage

software that is intended to damage or disable computers and computer systems

malware that causes a collection of connected devices to be controlled by a hacker; perform distributed denial-of-service attacks, steal data, send spam, and allow the hacker to access devices without the owner’s knowledge

spreads itself not only from file to file but also from computer to computer; do not need to attach to anything to spread and can tunnel into computers

software that, although purporting to serve some useful function and often fulfilling that function, also allows internet advertisers to display advertisements without the consent of the computer user

special class of adware that collects data about the user and transmits it over the internet without the user’s knowledge or permission

form of malicious software that infects your computer and asks for money

type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software

legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident

hackers use their social skills to trick people into revealing access credentials or other valuable information

looking through people’s trash

form of social engineering in which one individual lies to obtain confidential data about another

identify the rules required to maintain information security

information security policies

details how an organization will implement the information security policies

information security plan

malicious agents designed by spammers and other internet attackers to farm email addresses off website or deposit spyware on machines

category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity

forging someone’s identity for the purpose of fraud; financial

technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses

masquerading attack that combined spam with spoofing

phishing expedition in which the emails are carefully designed to target a particular person or organization

phone scam that attempts to defraud people by asking them to call a bogus telephone number to confirm their account information

reroutes requests for legitimate websites to false websites

program that secretly takes over another computer for the purpose of launching attacks on other computers

group of computers on which a hacker has planted zombie programs

uses a zombie farm, often by an organized crime association, to launch a massive phishing attack

use of a false identity to artificially stimulate demand for a product, brand, or service

practice of artificially stimulating online conversation and positive reviews about a product, service, or brand

method for confirming users’ identities

process of providing a user with permission, including access levels and abilities such as file access, hours of access, and amount of allocated storage space

small electronic devices that change user passwords automatically; authentication

device about the size of a credit card containing embedded technologies that can store information and small amounts of software to perform some limited processing

identification of a user based on a physical characteristic, such as fingerprint, iris, face, voice, or handwriting

set of measurable characteristics of a human voice that uniquely identifies an individual

traditional security process, which requires a user name and password

single-factor authentication

requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token)

two-factor authentication

requires more than 2 means of authentication, such as what the user knows (password), what the user has (security token), and what the user is (biometric verification)

multifactor authentication

actions, processes, devices, or systems that can prevent, or mitigate the effects of, threats to a computer, server, or network

network intrusion attack that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications; vertical privilege and horizontal privilege

attackers grant themselves a higher access level such as administrator, allowing the attacker to perform illegal actions such as running unauthorized code or deleting data

vertical privilege escalation

attackers grant themselves the same access levels they already have but assume the identity of another user

horizontal privilege escalation

computer viruses that wait for a specific date before executing their instructions

occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission of unauthorized information

scrambles information into an alternative form that requires a key or password to decrypt

science that studies encryption

keep government information secure

advanced encryption standard (AES)

any data that could potentially identify a specific individual; nonsensitive and sensitive

personally identifiable information

information transmitted without encryption and includes information collected from public records, phone books, corporate directories, websites, etc; information that does not harm an individual

information transmitted with encryption and, when disclosed, results in a breach of an individual’s privacy and can potentially cause individual harm

ensures national standards for securing patient data that is stored or transferred electronically

uses two keys: public key that everyone can have and a private key for only the recipient

trusted third party that validates use identities by means of digital certificates

data file that identifies individuals or organizations online and is comparable to a digital signature

hardware and/or software that guard a private network by analyzing incoming and outgoing information for the correct markings

scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware

gathers an organization’s computer network traffic patterns to identify unusual or suspicious operations

network behavior analysis

organized attempt by a country’s military to disrupt or destroy information and communication systems of another country

use of computer and networking technologies against persons or property to intimidate or coerce governments, individuals, or any segment of society to attain political, religious, or ideological goals

includes governments that are after some form of information about other governments

include individuals that seek notoriety or want to make a social or political point

features full-time monitoring tools that search for patterns in network traffic to identify intruders

intrusion detection software (IDS)

the extent of detail within the data; fine and detailed or coarse and abstract

levels, formats, and granularities of organizational data

primary traits that help determine the value of data

encompasses all of the data contained within a single business process or unit of work, and it’s primary purpose is to support daily operational tasks

encompasses all organizational data, and it’s primary purpose is to support the performance of managerial analysis tasks

immediate, up-to-date data

provide real-time data in response to requests

when the same data element has different values

when a system produces incorrect, inconsistent, or duplicate data

characteristics of high-quality data

occurs when a company examines its data to determine if it can meet business expectations, while identifying possible data gaps or where missing data may exist

management and oversight of an organization’s data assets to help provide business users with high-quality data that is easily accessible in a consistent manner

responsible for ensuring the policies and procedures are implemented across the organization and acts as a liaison between the MIS department and business

overall management of the availability, usability, integrity, and security of company data

practice of gathering data and ensuring that is is uniform, accurate, consistent, and complete,

includes the tests and evaluations used to determine compliance with data governance policies to ensure correctness of data

maintains data about various types of objects (inventory), events (transactions), people (employees), and places (warehouses)

creates, reads, updates, and deletes data in a database while controlling access and security

database management system

helps users graphically design the answer to a question against a database

asks users to write lines of code to answer questions against a data base

structured query language

smallest or basic unit of data; EX: name, address, email

data element (data field)

logical data structures that detail the relationships among data elements by using graphics or pictures

provides details about data

compiles all of the metadata about the data elements in the data model

stores data in the form of logically related two-dimensional tables

relational database model

allows users to create, read, update, and delete data in a relational database

relational database management system

stores data about a person, place, thing, transaction, or event; table

data elements associated with an entity; columns or fields

collection of related data elements

What is the use of a false identity to artificially stimulate demand for a product brand or service?

What includes any data that could potentially identify a specific individual?

What includes any data that could potentially identify a specific individual quizlet?

What is the software called that allows Internet advertisers to display advertisements without the consent of the computer user?