Podcast
Questions and Answers
Which type of hacker is primarily motivated by causing damage or disruption, rather than financial gain?
Which type of hacker is primarily motivated by causing damage or disruption, rather than financial gain?
- Black-hat hacker
- Cracker
- Cyberterrorist (correct)
- White-hat hacker
What type of malware is designed to allow advertisers to display ads without the user's consent?
What type of malware is designed to allow advertisers to display ads without the user's consent?
- Malware
- Virus
- Adware (correct)
- Worm
Which type of hacker is hired by a system owner to find and fix vulnerabilities in their system?
Which type of hacker is hired by a system owner to find and fix vulnerabilities in their system?
- Cyberterrorist
- White-hat hacker (correct)
- Cracker
- Black-hat hacker
Which type of malware is capable of spreading itself from file to file, and from computer to computer?
Which type of malware is capable of spreading itself from file to file, and from computer to computer?
What is the primary goal of a cyberterrorist when attacking a computer system?
What is the primary goal of a cyberterrorist when attacking a computer system?
Which of the following is the MOST effective way for an organization to protect its intellectual assets?
Which of the following is the MOST effective way for an organization to protect its intellectual assets?
Which of the following is the BIGGEST risk to an organization that fails to monitor its employees' activities?
Which of the following is the BIGGEST risk to an organization that fails to monitor its employees' activities?
Which of the following is the MOST effective way to prevent employees from denying their online actions?
Which of the following is the MOST effective way to prevent employees from denying their online actions?
Which of the following is the BIGGEST threat to an organization's intellectual assets?
Which of the following is the BIGGEST threat to an organization's intellectual assets?
Which of the following is the MOST effective way to protect against hoaxes and misinformation on social media?
Which of the following is the MOST effective way to protect against hoaxes and misinformation on social media?
What type of malware infects a computer and demands money from the user?
What type of malware infects a computer and demands money from the user?
Which security threat grants unauthorized rights and can be a danger to eBusiness?
Which security threat grants unauthorized rights and can be a danger to eBusiness?
What does a sniffer do in relation to network data?
What does a sniffer do in relation to network data?
In the context of email security, what does spoofing involve?
In the context of email security, what does spoofing involve?
Which kind of malware tracks online movements and mines information on a computer without permission?
Which kind of malware tracks online movements and mines information on a computer without permission?
What type of privilege escalation attack occurs when an attacker assumes the identity of another user with the same access level?
What type of privilege escalation attack occurs when an attacker assumes the identity of another user with the same access level?
Which of the following technologies is used to scramble information into an alternative form that requires a key or password to decrypt?
Which of the following technologies is used to scramble information into an alternative form that requires a key or password to decrypt?
Which type of attack allows an attacker to gain a higher access level, such as administrator privileges?
Which type of attack allows an attacker to gain a higher access level, such as administrator privileges?
Which technology uses full-time monitoring tools that search for patterns in network traffic to identify intruders?
Which technology uses full-time monitoring tools that search for patterns in network traffic to identify intruders?
Which type of attack involves an attacker sending false or misleading information to trick users into revealing sensitive information or performing actions that compromise security?
Which type of attack involves an attacker sending false or misleading information to trick users into revealing sensitive information or performing actions that compromise security?
What is a common technique used by spammers to confirm if an email address is active?
What is a common technique used by spammers to confirm if an email address is active?
What is a recommended strategy to prevent email addresses from being harvested by spammers' robots?
What is a recommended strategy to prevent email addresses from being harvested by spammers' robots?
What is the purpose of obscuring an email address when posting on web forums or newsgroups?
What is the purpose of obscuring an email address when posting on web forums or newsgroups?
What kind of attack is often associated with fake 'remove' instructions in spam messages?
What kind of attack is often associated with fake 'remove' instructions in spam messages?
Which technique is commonly used by spammers to impersonate legitimate senders?
Which technique is commonly used by spammers to impersonate legitimate senders?
Which of the following is a form of malicious software that blocks access to data or systems until a ransom is paid?
Which of the following is a form of malicious software that blocks access to data or systems until a ransom is paid?
What is the process of exploiting a bug or vulnerability to gain elevated access to resources that are normally protected?
What is the process of exploiting a bug or vulnerability to gain elevated access to resources that are normally protected?
Which of the following is a deliberate attempt to deceive or mislead users into believing something false or non-existent?
Which of the following is a deliberate attempt to deceive or mislead users into believing something false or non-existent?
What is the practice of masquerading as another entity to gain unauthorized access or information?
What is the practice of masquerading as another entity to gain unauthorized access or information?
Which of the following is a type of malware that covertly monitors and collects information about a user's activities and data?
Which of the following is a type of malware that covertly monitors and collects information about a user's activities and data?
Which of the following is NOT a key aspect of information ethics according to the text?
Which of the following is NOT a key aspect of information ethics according to the text?
What is the primary purpose of an Ethical Computer Use Policy according to the text?
What is the primary purpose of an Ethical Computer Use Policy according to the text?
Which of the following is NOT mentioned in the text as a tool to prevent information misuse?
Which of the following is NOT mentioned in the text as a tool to prevent information misuse?
Which of the following is NOT identified in the text as a business issue related to information ethics?
Which of the following is NOT identified in the text as a business issue related to information ethics?
Which of the following is NOT a key aspect of privacy?
Which of the following is NOT a key aspect of privacy?
Which of the following is NOT a key ethical issue related to information technology according to the text?
Which of the following is NOT a key ethical issue related to information technology according to the text?
What is the primary purpose of confidentiality in the context of information ethics?
What is the primary purpose of confidentiality in the context of information ethics?
Which of the following is NOT mentioned in the text as a tool to prevent information misuse?
Which of the following is NOT mentioned in the text as a tool to prevent information misuse?
What is the key difference between information ethics and business issues related to information ethics?
What is the key difference between information ethics and business issues related to information ethics?
Which of the following is NOT identified in the text as a key aspect of information ethics?
Which of the following is NOT identified in the text as a key aspect of information ethics?
Phishing is a technique used to gain personal information for the purpose of fraud.
Phishing is a technique used to gain personal information for the purpose of fraud.
Astroturfing is the practice of using a legitimate identity to artificially stimulate demand for a product.
Astroturfing is the practice of using a legitimate identity to artificially stimulate demand for a product.
Tokens are small electronic devices that cannot change user passwords automatically.
Tokens are small electronic devices that cannot change user passwords automatically.
Biometrics, such as fingerprints or voice, fall under the category of 'Something the user knows' in authentication techniques.
Biometrics, such as fingerprints or voice, fall under the category of 'Something the user knows' in authentication techniques.
Data prevention and resistance is one of the three areas of information security according to the text.
Data prevention and resistance is one of the three areas of information security according to the text.
The email privacy policy details the extent to which social media accounts may be monitored by the organization.
The email privacy policy details the extent to which social media accounts may be monitored by the organization.
An Acceptable Use Policy (AUP) outlines the guidelines for proper internet usage within the organization.
An Acceptable Use Policy (AUP) outlines the guidelines for proper internet usage within the organization.
Nonrepudiation is a contractual stipulation that ensures ebusiness participants cannot deny their online actions.
Nonrepudiation is a contractual stipulation that ensures ebusiness participants cannot deny their online actions.
The Working Monitoring Policy states that some people believe monitoring employees is unethical due to the risks involved.
The Working Monitoring Policy states that some people believe monitoring employees is unethical due to the risks involved.
Protecting intellectual assets refers to safeguarding information from both accidental and intentional misuse within and outside the organization.
Protecting intellectual assets refers to safeguarding information from both accidental and intentional misuse within and outside the organization.
Scareware is a type of malware designed to trick victims into giving up personal information to purchase legitimate and beneficial software.
Scareware is a type of malware designed to trick victims into giving up personal information to purchase legitimate and beneficial software.
The primary goal of the first line of defense in an organization is to enable employees, customers, and partners to access information electronically.
The primary goal of the first line of defense in an organization is to enable employees, customers, and partners to access information electronically.
The biggest issue surrounding information security is primarily a technical challenge rather than a people issue.
The biggest issue surrounding information security is primarily a technical challenge rather than a people issue.
Developing information security policies is the first step an organization should follow to combat insider threats effectively.
Developing information security policies is the first step an organization should follow to combat insider threats effectively.
A sniffer is a program that alters the return address on an email to make it appear to come from the actual sender.
A sniffer is a program that alters the return address on an email to make it appear to come from the actual sender.
Content filtering is a technology mainly used to encrypt data for secure transmission.
Content filtering is a technology mainly used to encrypt data for secure transmission.
Firewalls are designed to guard a private network by analyzing incoming and outgoing information for the correct markings.
Firewalls are designed to guard a private network by analyzing incoming and outgoing information for the correct markings.
Detection and response technologies come into play after prevention and resistance strategies have successfully prevented a security breach.
Detection and response technologies come into play after prevention and resistance strategies have successfully prevented a security breach.
Intrusion detection software features full-time monitoring tools that search for patterns in network traffic to identify intruders.
Intrusion detection software features full-time monitoring tools that search for patterns in network traffic to identify intruders.
Privilege escalation involves attackers granting themselves lower access levels than they already have, such as basic user permissions.
Privilege escalation involves attackers granting themselves lower access levels than they already have, such as basic user permissions.
An Ethical Computer Use Policy contains specific guidelines to prevent all possible computer security breaches.
An Ethical Computer Use Policy contains specific guidelines to prevent all possible computer security breaches.
Privacy refers to the right to control your personal possessions and to be observed without consent.
Privacy refers to the right to control your personal possessions and to be observed without consent.
Information Ethics mainly governs the ethical and moral issues arising from the creation and distribution of information.
Information Ethics mainly governs the ethical and moral issues arising from the creation and distribution of information.
Protecting Intellectual Assets is not a major concern for organizations striving to build an ethical corporate culture.
Protecting Intellectual Assets is not a major concern for organizations striving to build an ethical corporate culture.
Financial Performance is a primary focus of an Ethical Computer Use Policy.
Financial Performance is a primary focus of an Ethical Computer Use Policy.
A Black-hat hacker is someone who works at the request of a system owner to find system vulnerabilities and fix them.
A Black-hat hacker is someone who works at the request of a system owner to find system vulnerabilities and fix them.
A worm is a type of virus that is designed to spread from file to file, but not from computer to computer.
A worm is a type of virus that is designed to spread from file to file, but not from computer to computer.
Malware is software intended to enhance the performance of computers and computer systems.
Malware is software intended to enhance the performance of computers and computer systems.
Adware is a type of malware that allows internet advertisers to display ads with the consent of computer users.
Adware is a type of malware that allows internet advertisers to display ads with the consent of computer users.
A Cyberterrorist aims to protect critical systems or information from destruction.
A Cyberterrorist aims to protect critical systems or information from destruction.
Astroturfing is the practice of using a legitimate identity to artificially stimulate demand for a product.
Astroturfing is the practice of using a legitimate identity to artificially stimulate demand for a product.
An Acceptable Use Policy (AUP) outlines the guidelines for proper internet usage within the organization.
An Acceptable Use Policy (AUP) outlines the guidelines for proper internet usage within the organization.
The email privacy policy details the extent to which social media accounts may be monitored by the organization.
The email privacy policy details the extent to which social media accounts may be monitored by the organization.
Data prevention and resistance is one of the three areas of information security according to the text.
Data prevention and resistance is one of the three areas of information security according to the text.
Nonrepudiation is a contractual stipulation that ensures e-business participants cannot deny their online actions.
Nonrepudiation is a contractual stipulation that ensures e-business participants cannot deny their online actions.
The primary purpose of an Ethical Computer Use Policy is to protect intellectual assets.
The primary purpose of an Ethical Computer Use Policy is to protect intellectual assets.
Hoaxes and misinformation on social media can be effectively prevented by training employees on media literacy.
Hoaxes and misinformation on social media can be effectively prevented by training employees on media literacy.
An organization can effectively protect its intellectual assets by solely relying on legal agreements.
An organization can effectively protect its intellectual assets by solely relying on legal agreements.
The biggest risk to an organization that fails to monitor its employees' activities is financial loss due to data breaches.
The biggest risk to an organization that fails to monitor its employees' activities is financial loss due to data breaches.
In the context of cybersecurity, a sniffer is used to corrupt network data and disrupt communications.
In the context of cybersecurity, a sniffer is used to corrupt network data and disrupt communications.
Astroturfing is the practice of using a fake identity to artificially stimulate demand for a product.
Astroturfing is the practice of using a fake identity to artificially stimulate demand for a product.
Financial Performance is a primary concern for organizations striving to build an ethical corporate culture.
Financial Performance is a primary concern for organizations striving to build an ethical corporate culture.
A Working Monitoring Policy focuses on monitoring employees' activities to maintain information security.
A Working Monitoring Policy focuses on monitoring employees' activities to maintain information security.
Protecting Intellectual Assets is not a major concern for organizations.
Protecting Intellectual Assets is not a major concern for organizations.
Data prevention and resistance is not one of the three areas of information security according to the text.
Data prevention and resistance is not one of the three areas of information security according to the text.
The Working Monitoring Policy states that it is universally agreed that monitoring employees is ethical in the workplace.
The Working Monitoring Policy states that it is universally agreed that monitoring employees is ethical in the workplace.
Financial Performance is a key focus area outlined in the Social Media Policy within organizations.
Financial Performance is a key focus area outlined in the Social Media Policy within organizations.
According to the information provided, an Email Privacy Policy details the extent to which email messages may be monitored by others.
According to the information provided, an Email Privacy Policy details the extent to which email messages may be monitored by others.
Protecting Intellectual Assets primarily involves safeguarding information from accidental misuse by individuals outside the organization.
Protecting Intellectual Assets primarily involves safeguarding information from accidental misuse by individuals outside the organization.
In the context of security, Nonrepudiation ensures that e-business participants have the right to deny their online actions if needed.
In the context of security, Nonrepudiation ensures that e-business participants have the right to deny their online actions if needed.
Scareware is a type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software.
Scareware is a type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software.
The process of exploiting a bug or vulnerability to gain elevated access to resources that are normally protected is known as 'elevation of privilege'.
The process of exploiting a bug or vulnerability to gain elevated access to resources that are normally protected is known as 'elevation of privilege'.
A sniffer is a program or device that can monitor data traveling over a network.
A sniffer is a program or device that can monitor data traveling over a network.
A worm is a type of virus designed to spread from file to file but not from computer to computer.
A worm is a type of virus designed to spread from file to file but not from computer to computer.
Spyware is always clearly visible in the free downloadable software in which it comes hidden.
Spyware is always clearly visible in the free downloadable software in which it comes hidden.
Content filtering is a technology used to encrypt data for secure transmission.
Content filtering is a technology used to encrypt data for secure transmission.
Phishing is a technique used to gain personal information for the purpose of fraud.
Phishing is a technique used to gain personal information for the purpose of fraud.
Firewalls are designed to guard a private network by analyzing incoming and outgoing information for the correct markings.
Firewalls are designed to guard a private network by analyzing incoming and outgoing information for the correct markings.
Adware is a type of malware that allows internet advertisers to display ads with the consent of computer users.
Adware is a type of malware that allows internet advertisers to display ads with the consent of computer users.
Biometrics, such as fingerprints or voice, fall under the category of 'Something the user knows' in authentication techniques.
Biometrics, such as fingerprints or voice, fall under the category of 'Something the user knows' in authentication techniques.
A black-hat hacker steals, destroys, and does nothing with criminal intent.
A black-hat hacker steals, destroys, and does nothing with criminal intent.
A worm is a type of virus that spreads from computer to computer.
A worm is a type of virus that spreads from computer to computer.
An Ethical Computer Use Policy primarily focuses on Financial Performance.
An Ethical Computer Use Policy primarily focuses on Financial Performance.
The Working Monitoring Policy mainly involves monitoring customers and financial markets.
The Working Monitoring Policy mainly involves monitoring customers and financial markets.
The primary focus of an Ethical Computer Use Policy is to ensure that all users are informed of the rules by agreeing to the use of the system on the basis of consent to abide by the rules.
The primary focus of an Ethical Computer Use Policy is to ensure that all users are informed of the rules by agreeing to the use of the system on the basis of consent to abide by the rules.
Security threats caused by hackers and viruses do not pose a risk to intellectual assets.
Security threats caused by hackers and viruses do not pose a risk to intellectual assets.
Social Media Policy is primarily concerned with protecting intellectual property and financial performance within the organization.
Social Media Policy is primarily concerned with protecting intellectual property and financial performance within the organization.
A Working Monitoring Policy ensures that all employees are informed about how their activities are monitored within the organization and agree to be monitored.
A Working Monitoring Policy ensures that all employees are informed about how their activities are monitored within the organization and agree to be monitored.
Protecting intellectual assets mainly involves safeguarding information related to digital rights management and digital privacy.
Protecting intellectual assets mainly involves safeguarding information related to digital rights management and digital privacy.
Security in the context of information ethics refers to preventing unauthorized access to confidential information and ensuring data integrity and availability.
Security in the context of information ethics refers to preventing unauthorized access to confidential information and ensuring data integrity and availability.
It is recommended to reply to spam messages, even if it is to request to be removed from the mailing list.
It is recommended to reply to spam messages, even if it is to request to be removed from the mailing list.
A Web-based mail form is a good alternative to displaying email addresses on a website to prevent them from being harvested by spammers' robots.
A Web-based mail form is a good alternative to displaying email addresses on a website to prevent them from being harvested by spammers' robots.
Astroturfing involves using artificial identities to stimulate demand for a product.
Astroturfing involves using artificial identities to stimulate demand for a product.
Financial performance is not a primary concern for organizations striving to build an ethical corporate culture.
Financial performance is not a primary concern for organizations striving to build an ethical corporate culture.
An Ethical Computer Use Policy typically contains guidelines that cover all possible computer security breaches.
An Ethical Computer Use Policy typically contains guidelines that cover all possible computer security breaches.
Protecting intellectual assets is not a major concern for organizations.
Protecting intellectual assets is not a major concern for organizations.
Content filtering is primarily used for secure data transmission through encryption.
Content filtering is primarily used for secure data transmission through encryption.
An Acceptable Use Policy (AUP) outlines guidelines for proper internet usage within an organization.
An Acceptable Use Policy (AUP) outlines guidelines for proper internet usage within an organization.
Nonrepudiation ensures that e-business participants can deny their online actions.
Nonrepudiation ensures that e-business participants can deny their online actions.
'Hoaxes and misinformation on social media can be prevented effectively by training employees on media literacy' - this statement is true.
'Hoaxes and misinformation on social media can be prevented effectively by training employees on media literacy' - this statement is true.
A key aspect of a ___________ Policy is protecting intellectual property and financial performance within the organization.
A key aspect of a ___________ Policy is protecting intellectual property and financial performance within the organization.
Organizations strive to build an ethical corporate culture by safeguarding their ___________ and ensuring data integrity and availability.
Organizations strive to build an ethical corporate culture by safeguarding their ___________ and ensuring data integrity and availability.
A ___________ Policy ensures that all employees are informed about how their activities are monitored within the organization and agree to be monitored.
A ___________ Policy ensures that all employees are informed about how their activities are monitored within the organization and agree to be monitored.
Protecting ___________ involves safeguarding information related to digital rights management and digital privacy.
Protecting ___________ involves safeguarding information related to digital rights management and digital privacy.
Security in the context of information ethics refers to preventing unauthorized access to confidential information and ensuring data integrity and ___________.
Security in the context of information ethics refers to preventing unauthorized access to confidential information and ensuring data integrity and ___________.
A Web-based mail form is a good alternative to displaying email addresses on a website to prevent them from being harvested by ______' robots.
A Web-based mail form is a good alternative to displaying email addresses on a website to prevent them from being harvested by ______' robots.
Protecting intellectual assets mainly involves safeguarding information related to digital rights management and ______ privacy.
Protecting intellectual assets mainly involves safeguarding information related to digital rights management and ______ privacy.
Content filtering is a technology mainly used to encrypt data for secure ______.
Content filtering is a technology mainly used to encrypt data for secure ______.
Financial Performance is a primary concern for organizations striving to build an ethical corporate ______.
Financial Performance is a primary concern for organizations striving to build an ethical corporate ______.
A Working Monitoring Policy ensures that all employees are informed about how their activities are monitored within the organization and agree to be ______.
A Working Monitoring Policy ensures that all employees are informed about how their activities are monitored within the organization and agree to be ______.
______ filtering is the use of software that filters content to prevent the transmission of unauthorized information.
______ filtering is the use of software that filters content to prevent the transmission of unauthorized information.
_________ is a type of malware that allows internet advertisers to display ads with the consent of computer users.
_________ is a type of malware that allows internet advertisers to display ads with the consent of computer users.
The Working Monitoring Policy focuses on monitoring employees' activities to maintain information ________.
The Working Monitoring Policy focuses on monitoring employees' activities to maintain information ________.
Protecting ________ assets is a major concern for organizations to safeguard digital rights management and digital privacy.
Protecting ________ assets is a major concern for organizations to safeguard digital rights management and digital privacy.
_______ Performance is a primary focus area outlined in the Social Media Policy within organizations.
_______ Performance is a primary focus area outlined in the Social Media Policy within organizations.
The Email Privacy Policy details the extent to which email messages may be read by others
The Email Privacy Policy details the extent to which email messages may be read by others
The dilemma surrounding employee monitoring in the workplace is that an organization places itself at risk if it fails to monitor its employees. However, some people feel that monitoring employees is ________.
The dilemma surrounding employee monitoring in the workplace is that an organization places itself at risk if it fails to monitor its employees. However, some people feel that monitoring employees is ________.
Organizational information is intellectual capital - it must be ________.
Organizational information is intellectual capital - it must be ________.
Information security involves the protection of information from accidental or intentional misuse by persons inside or outside the ________.
Information security involves the protection of information from accidental or intentional misuse by persons inside or outside the ________.
Financial Performance is a primary concern for organizations striving to build an ethical corporate ________.
Financial Performance is a primary concern for organizations striving to build an ethical corporate ________.
Astroturfing is the practice of using a fake identity to artificially stimulate demand for a ______.
Astroturfing is the practice of using a fake identity to artificially stimulate demand for a ______.
Financial Performance is a primary concern for organizations striving to build an ethical corporate ______.
Financial Performance is a primary concern for organizations striving to build an ethical corporate ______.
The Working Monitoring Policy mainly involves monitoring customers and financial ______.
The Working Monitoring Policy mainly involves monitoring customers and financial ______.
A key aspect of a _______ Policy is protecting intellectual property and financial performance within the organization.
A key aspect of a _______ Policy is protecting intellectual property and financial performance within the organization.
Intrusion detection software features full-time monitoring tools that search for patterns in network traffic to identify ______.
Intrusion detection software features full-time monitoring tools that search for patterns in network traffic to identify ______.
_______ is a key focus area outlined in the Social Media Policy within organizations.
_______ is a key focus area outlined in the Social Media Policy within organizations.
According to the information provided, an Email Privacy Policy details the extent to which email messages may be monitored by ______.
According to the information provided, an Email Privacy Policy details the extent to which email messages may be monitored by ______.
Protecting intellectual assets refers to safeguarding information from both accidental and intentional misuse within and outside the ______.
Protecting intellectual assets refers to safeguarding information from both accidental and intentional misuse within and outside the ______.
The Working Monitoring Policy states that some people believe monitoring employees is unethical due to the risks involved in maintaining employee ______.
The Working Monitoring Policy states that some people believe monitoring employees is unethical due to the risks involved in maintaining employee ______.
Security threats caused by hackers and viruses pose a risk to ______ assets.
Security threats caused by hackers and viruses pose a risk to ______ assets.
The primary goal of a cyberterrorist when attacking a computer system is to ______
The primary goal of a cyberterrorist when attacking a computer system is to ______
Content filtering is a technology mainly used to ______ data for secure transmission.
Content filtering is a technology mainly used to ______ data for secure transmission.
Astroturfing is the practice of using a ______ identity to artificially stimulate demand for a product.
Astroturfing is the practice of using a ______ identity to artificially stimulate demand for a product.
Financial Performance is a primary concern for organizations striving to build an ethical corporate ______.
Financial Performance is a primary concern for organizations striving to build an ethical corporate ______.
Tokens are small electronic devices that can change user passwords ______.
Tokens are small electronic devices that can change user passwords ______.
It is recommended to reply to spam messages, even if it is to request to be ______ from the mailing list.
It is recommended to reply to spam messages, even if it is to request to be ______ from the mailing list.
The process of exploiting a bug or vulnerability to gain elevated access to resources that are normally protected is known as '______ of privilege'.
The process of exploiting a bug or vulnerability to gain elevated access to resources that are normally protected is known as '______ of privilege'.
Malware is software intended to ______ the performance of computers and computer systems.
Malware is software intended to ______ the performance of computers and computer systems.
Which type of hacker is primarily motivated by causing damage or disruption, rather than financial ______?
Which type of hacker is primarily motivated by causing damage or disruption, rather than financial ______?
Biometrics, such as fingerprints or voice, fall under the category of 'Something the user ______' in authentication techniques.
Biometrics, such as fingerprints or voice, fall under the category of 'Something the user ______' in authentication techniques.
Study Notes
Financial Impacts of Downtime
- The cost of downtime includes revenue recognition, cash flow, payment guarantees, credit rating, and stock price
- Revenue loss includes direct loss, compensatory payments, lost future revenue, billing losses, investment losses, and lost productivity
- Damaged reputation affects customers, suppliers, financial markets, banks, and business partners
- Other expenses include temporary employees, equipment details, overtime costs, extra shipping charges, travel expenses, and legal obligations
Security Threats Caused by Hackers and Viruses
- Hacker: experts in technology who use their knowledge to break into computers and computer networks
- Types of hackers:
- Black-hat hacker: steals, destroys, or does nothing
- Cracker: with criminal intent
- Cyberterrorist: destroys critical systems or information
- White-hat hacker: works at the request of system owner to find system vulnerabilities and fix them
- Types of hackers:
- Virus: software written with malicious intent to cause annoyance or damage
- Types of viruses:
- Worm: spreads itself from file to file and computer to computer
- Malware: intended to damage or disable computers and computer systems
- Adware: allows internet advertisers to display advertisements without consent
- Types of viruses:
Information Privacy Policy
- Contains general principles regarding information privacy
- Acceptable Use Policy (AUP): requires user to agree to follow to access corporate email, information systems, and the internet
- Nonrepudiation: ensures ebusiness participants do not deny their online actions
- Internet Use Policy: guides proper use of the internet
- Email Privacy Policy: details extent of email message reading by others
- Social Media Policy: outlines corporate guidelines for employee online communications
- Working Monitoring Policy: explicitly states how, when, and where the company monitors its employees
Information Ethics
- Ethics: principles and standards guiding behavior toward others
- Information Ethics: governs ethical and moral issues arising from development and use of information technologies
- Business issues related to information ethics:
- Intellectual property
- Copyright
- Pirated software
- Counterfeit software
- Digital rights management
- Privacy: right to be left alone, control personal possessions, and not be observed without consent
- Confidentiality: assurance that messages and information are available only to authorized viewers
Protection of Intellectual Assets
-
Organizational information is intellectual capital that must be protected
-
Information security: protection of information from accidental or intentional misuse
-
Downtime: period of time when a system is unavailable
-
Security threats to ebusiness include:
- Elevation of privilege
- Hoaxes
- Sniffer
- Spoofing
- Spyware
- Ransomware
- Scareware
-
First line of defense: people
-
Information security policies and plan: essential to combat insider issues### Information Security
-
Prevention and resistance technologies stop intruders from accessing and reading data.
-
Privilege escalation is a network intrusion attack that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.
- Vertical privilege escalation: attackers grant themselves a higher access level, such as administrator.
- Horizontal privilege escalation: attackers grant themselves the same levels that they already have but assume the identity of another user.
Technologies for Prevention and Resistance
- Content filtering: use of software that filters content to prevent the transmission of unauthorized information.
- Encryption: scrambles information into an alternative form that requires a key or password to decrypt.
- Firewalls: hardware and/or software that guard a private network by analyzing incoming and outgoing information for the correct markings.
Detection and Response
- Intrusion detection software: features full-time monitoring tools that search for patterns in network traffic to identify intruders.
Three Areas of Information Security
- People: authentication and authorization
- Data: prevention and resistance
- Attacks: detection and response
Authentication and Authorization
- Identity theft: the forging of someone’s identity for the purpose of fraud.
- Phishing: technique to gain personal information for the purpose of identity theft.
- Pharming: reroutes requests for legitimate websites to false websites.
- Sock puppet marketing: the use of a false identity to artificially stimulate demand for a product, brand, or service.
- Astroturfing: the practice of artificially stimulating online conversation and positive reviews about a product, service, or brand.
- Authentication: a method for confirming users’ identities.
- Authorization: the process of giving someone permission to do or have something.
- Three categories of authentication techniques:
- Something the user knows (e.g. user ID and password)
- Something the user has (e.g. smart card or token)
- Something that is part of the user (e.g. fingerprints or voice - biometrics)
- Three categories of authentication techniques:
Policies
- Information Privacy Policy: contains general principles regarding information privacy.
- Acceptable Use Policy (AUP): requires a user to agree to follow it to be provided access to corporate email, information systems, and the internet.
- Nonrepudiation: a contractual stipulation to ensure that ebusiness participants do not deny their online actions.
- Internet Use Policy: contains general principles to guide the proper use of the internet.
- Email Privacy Policy: details the extent to which email messages may be read by others.
- Social Media Policy: outlines the corporate guidelines or principles governing employee online communications.
- Working Monitoring Policy: explicitly states how, when, and where the company monitors its employees.
Protecting Intellectual Assets
- Organizational information is intellectual capital - it must be protected.
- Information security: the protection of information from accidental or intentional misuse by persons inside or outside the organization.
- Downtime: a period of time when a system is unavailable.
- Cost of downtime:
- Financial performance
- Revenue
- Damaged reputation
- Other expenses
Ethics
- Ethics: the principles and standards that guide our behavior toward other people.
- Information Ethics: govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself.
- Business issues related to information ethics:
- Intellectual property
- Copyright
- Pirated software
- Counterfeit software
- Digital rights management
- Privacy: the right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent.
- Confidentiality: the assurance that messages and information are available only to those who are authorized to view them.
Security Threats
- Hacker: experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge.
- Black-hat hacker: steal, destroy or do nothing.
- Cracker: with criminal intent.
- Cyberterrorist: destroy critical systems or information.
- White-hat hacker: work at the request of system owner to find system vulnerabilities and fix them.
- Virus: software written with malicious intent to cause annoyance or damage.
- Worm: a type of virus that spreads itself from file to file, but also from computer to computer.
- Malware: software that is intended to damage or disable computers and computer systems.
- Adware: allows the internet advertisers to display advertisements without the consent of the computer users.
Spam Management
- Tips from Information Week:
- Obscure your email address by inserting something obvious into it.
- Don't reply to spam messages.
- Remove your email address from your Website's pages and offer a Web-based mail form instead.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Learn about common security threats to e-business such as spyware, ransomware, scareware, elevation of privilege, and hoaxes. Understand how these threats can impact businesses and how to protect against them.
