8.9. Key Terms

Chapter 8

Access Control: To ensure that that the user can only access the information resources that are appropriate. It determines which users can authorized to read, modify, add, and/or delete information. (8.5)

Acceptable Use Policies (AUP): An acceptable usage policy or fair use policy, is a set of rules applied by the owner, creator or administrator of a network, website, or service, that restrict the ways in which the network, website or system may be used and sets guidelines as to how it should be used. (8.6)

ACL: Which identifies a list of users who have the capability to take specific actions with an information resource such as data files. Specific permissions are assigned to each user such as read, write, delete, or add. Only users with those permissions are allowed to perform those functions. (8.5)

Antivirus Programs: Are software that can be installed on a computer or network to detect and remove known malicious programs like viruses, and spyware. While antivirus programs provide some protection they are a reactive defense in that they must first understand what to look for. (8.5)

Authentication: Making sure a person is who they say they are. Three factor identification: Identifying someone: something they know, something they have, or something they are. (8.4)

Availability: That information can be accessed and modified by anyone authorized to do so in appropriate timeframe. (8.3)

Backup: The procedure for making extra copies of data in case the original is lost or damaged. (8.5)

Biometric Authentication: A type of system that relies on the unique biological characteristics of individuals to verify identity for secure access to electronic systems. Example, a fingerprint scan. (8.4)

Confidentiality: Protecting information, to be able to restrict access to only those who are allowed to see it. (8.3)

Cybercrime: (Also referred to as computer crime) is an illegal activity that is committed with the use of a computer, or where a computer is the object of the crime. (8.2)

Denial-of-Service (DoS): Attack does exactly what the term suggests: it prevents a web server from servicing authorized users. (8.2)

Employee Training: One of the most common ways thieves steal corporate information is the theft of employee laptops while employees are traveling. Employees should be trained to secure their equipment whenever they are away from the office. (8.6)

Encryption: The process of encoding data upon its transmission or storage so that only authorized individuals can read it. (8.5)

Environmental Monitoring: An organization’s servers and other high value equipment should always be kept in a room that is monitored for temperature, humidity, and airflow. The risk of a server failure rises when these factors exceed acceptable ranges.(8.6)

Firewall: A software program or hardware device that is used to increase security on its network by blocking unwanted messages/data. . (8.5)

Hacking: When someone accesses a computer without permission. (8.2)

Identity Theft: When a criminal gains access to your personal information and uses it without your knowledge. (8.2)

Integrity: The assurance that the information being accessed has not been altered and truly represents what is intended. (8.3)

Intrusion Detection System (IDS): Works to provide the functionality to identify if the network is being attacked. (8.6)

Locked doors: It may seem obvious, but all the security in the world is useless if an intruder can simply walk in and physically remove a computing device. High value information assets should be secured in a location with limited access. (8.6)

Multifactor authentication: A security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.

Phishing: Occurs when a user receives an e-mail that looks as if it is from a trusted source, such as their bank or employer. In the e-mail the user is asked to click a link and log in to a website that mimics the genuine website, then enter their ID and password. (8.2)

Physical Intrusion Detection: High value information assets should be monitored through the use of security cameras and other means to detect unauthorized access to the physical locations where they exist.(8.6)

Physical Security: The protection of the actual hardware and networking components that store and transmit information resources. (8.6)

Piracy: A crime that is committed with the use of a computer is software piracy, which is the illegal copying and distribution or use of software. (8.2)

Public Key Encryption: Two keys are used: a public key and a private key. To send an encrypted message, you obtain the public key, encode the message, and send it. The recipient then uses their private key to decode it. The public key can be given to anyone who wishes to send the recipient a message.. (8.5)

RBAC: Instead of giving specific users access rights to an information resource, users are assigned to roles and then those roles are assigned the access. This allows the administrators to manage users and roles separately, simplifying administration and, by extension, improving security. (8.5)

Secured Equipment: Devices should be locked down to prevent them from being stolen. One employee’s hard drive could contain all of your customer information, so it is essential that it be secured. (8.6)

Spoofing: A technique where culprits disguise their identities by modifying the address of the computer from which the scheme has been launched. Typically, the point is to make it look as if an incoming message has originated from an authorized source.(8.2)

Social Engineering: when criminals lure individuals into sending them personal, confidential data that can be used in crime. For example, someone phones you posing as a customer service representative asking for your banking log-on information. (8.2)

Symmetric Key Encryption: Where both parties share the encryption key. Encryption makes information secure as the message is sent in code and appears to those without the public key as a random series of letters and numbers.(8.5)

Universal Power Supply (UPS): A device that provides battery backup to critical components of the system, allowing they system to stay online longer and/or allowing the IT Staff to shut them down using proper procedures in order to prevent the data loss that might occur from power failure. (8.5)

VPN: A virtual private network allows user who are outside of a corporate network to take a detour around the firewall and access the internal network from the outside.

Adapted from Information Systems for Business and Beyond Glossary by Ruth Guthrie licensed under a CC-BY-3.0

License

Icon for the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Information Systems for Business and Beyond Copyright © 2022 by Shauna Roch; James Fowler; Barbara Smith; and David Bourgeois is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License, except where otherwise noted.

Share This Book