Common Security Threats to E-Business
160 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which type of hacker is primarily motivated by causing damage or disruption, rather than financial gain?

  • Black-hat hacker
  • Cracker
  • Cyberterrorist (correct)
  • White-hat hacker
  • What type of malware is designed to allow advertisers to display ads without the user's consent?

  • Malware
  • Virus
  • Adware (correct)
  • Worm
  • Which type of hacker is hired by a system owner to find and fix vulnerabilities in their system?

  • Cyberterrorist
  • White-hat hacker (correct)
  • Cracker
  • Black-hat hacker
  • Which type of malware is capable of spreading itself from file to file, and from computer to computer?

    <p>Worm</p> Signup and view all the answers

    What is the primary goal of a cyberterrorist when attacking a computer system?

    <p>Disrupt or destroy critical systems or information</p> Signup and view all the answers

    Which of the following is the MOST effective way for an organization to protect its intellectual assets?

    <p>Enforce a comprehensive information security program</p> Signup and view all the answers

    Which of the following is the BIGGEST risk to an organization that fails to monitor its employees' activities?

    <p>Employees will engage in unauthorized access or data breaches</p> Signup and view all the answers

    Which of the following is the MOST effective way to prevent employees from denying their online actions?

    <p>Require employees to agree to a nonrepudiation clause</p> Signup and view all the answers

    Which of the following is the BIGGEST threat to an organization's intellectual assets?

    <p>Ransomware attacks</p> Signup and view all the answers

    Which of the following is the MOST effective way to protect against hoaxes and misinformation on social media?

    <p>Educate employees on identifying and reporting suspicious online content</p> Signup and view all the answers

    What type of malware infects a computer and demands money from the user?

    <p>Ransomware</p> Signup and view all the answers

    Which security threat grants unauthorized rights and can be a danger to eBusiness?

    <p>Elevation of privilege</p> Signup and view all the answers

    What does a sniffer do in relation to network data?

    <p>Monitors data traveling over a network</p> Signup and view all the answers

    In the context of email security, what does spoofing involve?

    <p>Forging the return address to appear different from the actual sender</p> Signup and view all the answers

    Which kind of malware tracks online movements and mines information on a computer without permission?

    <p>Spyware</p> Signup and view all the answers

    What type of privilege escalation attack occurs when an attacker assumes the identity of another user with the same access level?

    <p>Horizontal privilege escalation</p> Signup and view all the answers

    Which of the following technologies is used to scramble information into an alternative form that requires a key or password to decrypt?

    <p>Encryption</p> Signup and view all the answers

    Which type of attack allows an attacker to gain a higher access level, such as administrator privileges?

    <p>Vertical privilege escalation</p> Signup and view all the answers

    Which technology uses full-time monitoring tools that search for patterns in network traffic to identify intruders?

    <p>Intrusion detection software</p> Signup and view all the answers

    Which type of attack involves an attacker sending false or misleading information to trick users into revealing sensitive information or performing actions that compromise security?

    <p>Hoax attack</p> Signup and view all the answers

    What is a common technique used by spammers to confirm if an email address is active?

    <p>Including fake 'remove' instructions in spam messages</p> Signup and view all the answers

    What is a recommended strategy to prevent email addresses from being harvested by spammers' robots?

    <p>Using a web-based mail form instead of displaying email addresses on website pages</p> Signup and view all the answers

    What is the purpose of obscuring an email address when posting on web forums or newsgroups?

    <p>To prevent spammers from detecting the email address and adding it to their mailing lists</p> Signup and view all the answers

    What kind of attack is often associated with fake 'remove' instructions in spam messages?

    <p>Hoax attack</p> Signup and view all the answers

    Which technique is commonly used by spammers to impersonate legitimate senders?

    <p>Spoofing</p> Signup and view all the answers

    Which of the following is a form of malicious software that blocks access to data or systems until a ransom is paid?

    <p>Ransomware</p> Signup and view all the answers

    What is the process of exploiting a bug or vulnerability to gain elevated access to resources that are normally protected?

    <p>Elevation of privilege</p> Signup and view all the answers

    Which of the following is a deliberate attempt to deceive or mislead users into believing something false or non-existent?

    <p>Hoax</p> Signup and view all the answers

    What is the practice of masquerading as another entity to gain unauthorized access or information?

    <p>Spoofing</p> Signup and view all the answers

    Which of the following is a type of malware that covertly monitors and collects information about a user's activities and data?

    <p>Spyware</p> Signup and view all the answers

    Which of the following is NOT a key aspect of information ethics according to the text?

    <p>Business strategy</p> Signup and view all the answers

    What is the primary purpose of an Ethical Computer Use Policy according to the text?

    <p>To ensure users are informed and consent to the rules of computer use</p> Signup and view all the answers

    Which of the following is NOT mentioned in the text as a tool to prevent information misuse?

    <p>Ransomware</p> Signup and view all the answers

    Which of the following is NOT identified in the text as a business issue related to information ethics?

    <p>Elevation of privilege</p> Signup and view all the answers

    Which of the following is NOT a key aspect of privacy?

    <p>The right to have your information shared with others without your knowledge</p> Signup and view all the answers

    Which of the following is NOT a key ethical issue related to information technology according to the text?

    <p>Data encryption</p> Signup and view all the answers

    What is the primary purpose of confidentiality in the context of information ethics?

    <p>To ensure information is only available to those authorized to view it</p> Signup and view all the answers

    Which of the following is NOT mentioned in the text as a tool to prevent information misuse?

    <p>Biometric authentication</p> Signup and view all the answers

    What is the key difference between information ethics and business issues related to information ethics?

    <p>Information ethics is concerned with the development and use of information technologies, while business issues are concerned with the creation and distribution of information</p> Signup and view all the answers

    Which of the following is NOT identified in the text as a key aspect of information ethics?

    <p>The legal and regulatory frameworks governing the use of information</p> Signup and view all the answers

    Phishing is a technique used to gain personal information for the purpose of fraud.

    <p>True</p> Signup and view all the answers

    Astroturfing is the practice of using a legitimate identity to artificially stimulate demand for a product.

    <p>False</p> Signup and view all the answers

    Tokens are small electronic devices that cannot change user passwords automatically.

    <p>False</p> Signup and view all the answers

    Biometrics, such as fingerprints or voice, fall under the category of 'Something the user knows' in authentication techniques.

    <p>False</p> Signup and view all the answers

    Data prevention and resistance is one of the three areas of information security according to the text.

    <p>False</p> Signup and view all the answers

    The email privacy policy details the extent to which social media accounts may be monitored by the organization.

    <p>False</p> Signup and view all the answers

    An Acceptable Use Policy (AUP) outlines the guidelines for proper internet usage within the organization.

    <p>True</p> Signup and view all the answers

    Nonrepudiation is a contractual stipulation that ensures ebusiness participants cannot deny their online actions.

    <p>True</p> Signup and view all the answers

    The Working Monitoring Policy states that some people believe monitoring employees is unethical due to the risks involved.

    <p>False</p> Signup and view all the answers

    Protecting intellectual assets refers to safeguarding information from both accidental and intentional misuse within and outside the organization.

    <p>True</p> Signup and view all the answers

    Scareware is a type of malware designed to trick victims into giving up personal information to purchase legitimate and beneficial software.

    <p>False</p> Signup and view all the answers

    The primary goal of the first line of defense in an organization is to enable employees, customers, and partners to access information electronically.

    <p>True</p> Signup and view all the answers

    The biggest issue surrounding information security is primarily a technical challenge rather than a people issue.

    <p>False</p> Signup and view all the answers

    Developing information security policies is the first step an organization should follow to combat insider threats effectively.

    <p>True</p> Signup and view all the answers

    A sniffer is a program that alters the return address on an email to make it appear to come from the actual sender.

    <p>False</p> Signup and view all the answers

    Content filtering is a technology mainly used to encrypt data for secure transmission.

    <p>False</p> Signup and view all the answers

    Firewalls are designed to guard a private network by analyzing incoming and outgoing information for the correct markings.

    <p>True</p> Signup and view all the answers

    Detection and response technologies come into play after prevention and resistance strategies have successfully prevented a security breach.

    <p>False</p> Signup and view all the answers

    Intrusion detection software features full-time monitoring tools that search for patterns in network traffic to identify intruders.

    <p>True</p> Signup and view all the answers

    Privilege escalation involves attackers granting themselves lower access levels than they already have, such as basic user permissions.

    <p>False</p> Signup and view all the answers

    An Ethical Computer Use Policy contains specific guidelines to prevent all possible computer security breaches.

    <p>False</p> Signup and view all the answers

    Privacy refers to the right to control your personal possessions and to be observed without consent.

    <p>False</p> Signup and view all the answers

    Information Ethics mainly governs the ethical and moral issues arising from the creation and distribution of information.

    <p>True</p> Signup and view all the answers

    Protecting Intellectual Assets is not a major concern for organizations striving to build an ethical corporate culture.

    <p>False</p> Signup and view all the answers

    Financial Performance is a primary focus of an Ethical Computer Use Policy.

    <p>False</p> Signup and view all the answers

    A Black-hat hacker is someone who works at the request of a system owner to find system vulnerabilities and fix them.

    <p>False</p> Signup and view all the answers

    A worm is a type of virus that is designed to spread from file to file, but not from computer to computer.

    <p>False</p> Signup and view all the answers

    Malware is software intended to enhance the performance of computers and computer systems.

    <p>False</p> Signup and view all the answers

    Adware is a type of malware that allows internet advertisers to display ads with the consent of computer users.

    <p>False</p> Signup and view all the answers

    A Cyberterrorist aims to protect critical systems or information from destruction.

    <p>False</p> Signup and view all the answers

    Astroturfing is the practice of using a legitimate identity to artificially stimulate demand for a product.

    <p>True</p> Signup and view all the answers

    An Acceptable Use Policy (AUP) outlines the guidelines for proper internet usage within the organization.

    <p>True</p> Signup and view all the answers

    The email privacy policy details the extent to which social media accounts may be monitored by the organization.

    <p>False</p> Signup and view all the answers

    Data prevention and resistance is one of the three areas of information security according to the text.

    <p>False</p> Signup and view all the answers

    Nonrepudiation is a contractual stipulation that ensures e-business participants cannot deny their online actions.

    <p>True</p> Signup and view all the answers

    The primary purpose of an Ethical Computer Use Policy is to protect intellectual assets.

    <p>False</p> Signup and view all the answers

    Hoaxes and misinformation on social media can be effectively prevented by training employees on media literacy.

    <p>True</p> Signup and view all the answers

    An organization can effectively protect its intellectual assets by solely relying on legal agreements.

    <p>False</p> Signup and view all the answers

    The biggest risk to an organization that fails to monitor its employees' activities is financial loss due to data breaches.

    <p>True</p> Signup and view all the answers

    In the context of cybersecurity, a sniffer is used to corrupt network data and disrupt communications.

    <p>False</p> Signup and view all the answers

    Astroturfing is the practice of using a fake identity to artificially stimulate demand for a product.

    <p>False</p> Signup and view all the answers

    Financial Performance is a primary concern for organizations striving to build an ethical corporate culture.

    <p>True</p> Signup and view all the answers

    A Working Monitoring Policy focuses on monitoring employees' activities to maintain information security.

    <p>True</p> Signup and view all the answers

    Protecting Intellectual Assets is not a major concern for organizations.

    <p>False</p> Signup and view all the answers

    Data prevention and resistance is not one of the three areas of information security according to the text.

    <p>False</p> Signup and view all the answers

    The Working Monitoring Policy states that it is universally agreed that monitoring employees is ethical in the workplace.

    <p>False</p> Signup and view all the answers

    Financial Performance is a key focus area outlined in the Social Media Policy within organizations.

    <p>False</p> Signup and view all the answers

    According to the information provided, an Email Privacy Policy details the extent to which email messages may be monitored by others.

    <p>False</p> Signup and view all the answers

    Protecting Intellectual Assets primarily involves safeguarding information from accidental misuse by individuals outside the organization.

    <p>False</p> Signup and view all the answers

    In the context of security, Nonrepudiation ensures that e-business participants have the right to deny their online actions if needed.

    <p>False</p> Signup and view all the answers

    Scareware is a type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software.

    <p>True</p> Signup and view all the answers

    The process of exploiting a bug or vulnerability to gain elevated access to resources that are normally protected is known as 'elevation of privilege'.

    <p>True</p> Signup and view all the answers

    A sniffer is a program or device that can monitor data traveling over a network.

    <p>True</p> Signup and view all the answers

    A worm is a type of virus designed to spread from file to file but not from computer to computer.

    <p>False</p> Signup and view all the answers

    Spyware is always clearly visible in the free downloadable software in which it comes hidden.

    <p>False</p> Signup and view all the answers

    Content filtering is a technology used to encrypt data for secure transmission.

    <p>False</p> Signup and view all the answers

    Phishing is a technique used to gain personal information for the purpose of fraud.

    <p>True</p> Signup and view all the answers

    Firewalls are designed to guard a private network by analyzing incoming and outgoing information for the correct markings.

    <p>False</p> Signup and view all the answers

    Adware is a type of malware that allows internet advertisers to display ads with the consent of computer users.

    <p>False</p> Signup and view all the answers

    Biometrics, such as fingerprints or voice, fall under the category of 'Something the user knows' in authentication techniques.

    <p>False</p> Signup and view all the answers

    A black-hat hacker steals, destroys, and does nothing with criminal intent.

    <p>False</p> Signup and view all the answers

    A worm is a type of virus that spreads from computer to computer.

    <p>True</p> Signup and view all the answers

    An Ethical Computer Use Policy primarily focuses on Financial Performance.

    <p>False</p> Signup and view all the answers

    The Working Monitoring Policy mainly involves monitoring customers and financial markets.

    <p>False</p> Signup and view all the answers

    The primary focus of an Ethical Computer Use Policy is to ensure that all users are informed of the rules by agreeing to the use of the system on the basis of consent to abide by the rules.

    <p>True</p> Signup and view all the answers

    Security threats caused by hackers and viruses do not pose a risk to intellectual assets.

    <p>False</p> Signup and view all the answers

    Social Media Policy is primarily concerned with protecting intellectual property and financial performance within the organization.

    <p>False</p> Signup and view all the answers

    A Working Monitoring Policy ensures that all employees are informed about how their activities are monitored within the organization and agree to be monitored.

    <p>True</p> Signup and view all the answers

    Protecting intellectual assets mainly involves safeguarding information related to digital rights management and digital privacy.

    <p>False</p> Signup and view all the answers

    Security in the context of information ethics refers to preventing unauthorized access to confidential information and ensuring data integrity and availability.

    <p>True</p> Signup and view all the answers

    It is recommended to reply to spam messages, even if it is to request to be removed from the mailing list.

    <p>False</p> Signup and view all the answers

    A Web-based mail form is a good alternative to displaying email addresses on a website to prevent them from being harvested by spammers' robots.

    <p>True</p> Signup and view all the answers

    Astroturfing involves using artificial identities to stimulate demand for a product.

    <p>True</p> Signup and view all the answers

    Financial performance is not a primary concern for organizations striving to build an ethical corporate culture.

    <p>False</p> Signup and view all the answers

    An Ethical Computer Use Policy typically contains guidelines that cover all possible computer security breaches.

    <p>False</p> Signup and view all the answers

    Protecting intellectual assets is not a major concern for organizations.

    <p>False</p> Signup and view all the answers

    Content filtering is primarily used for secure data transmission through encryption.

    <p>False</p> Signup and view all the answers

    An Acceptable Use Policy (AUP) outlines guidelines for proper internet usage within an organization.

    <p>True</p> Signup and view all the answers

    Nonrepudiation ensures that e-business participants can deny their online actions.

    <p>False</p> Signup and view all the answers

    'Hoaxes and misinformation on social media can be prevented effectively by training employees on media literacy' - this statement is true.

    <p>True</p> Signup and view all the answers

    A key aspect of a ___________ Policy is protecting intellectual property and financial performance within the organization.

    <p>Social Media</p> Signup and view all the answers

    Organizations strive to build an ethical corporate culture by safeguarding their ___________ and ensuring data integrity and availability.

    <p>Financial Performance</p> Signup and view all the answers

    A ___________ Policy ensures that all employees are informed about how their activities are monitored within the organization and agree to be monitored.

    <p>Working Monitoring</p> Signup and view all the answers

    Protecting ___________ involves safeguarding information related to digital rights management and digital privacy.

    <p>Intellectual Assets</p> Signup and view all the answers

    Security in the context of information ethics refers to preventing unauthorized access to confidential information and ensuring data integrity and ___________.

    <p>Availability</p> Signup and view all the answers

    A Web-based mail form is a good alternative to displaying email addresses on a website to prevent them from being harvested by ______' robots.

    <p>spammers'</p> Signup and view all the answers

    Protecting intellectual assets mainly involves safeguarding information related to digital rights management and ______ privacy.

    <p>digital</p> Signup and view all the answers

    Content filtering is a technology mainly used to encrypt data for secure ______.

    <p>transmission</p> Signup and view all the answers

    Financial Performance is a primary concern for organizations striving to build an ethical corporate ______.

    <p>culture</p> Signup and view all the answers

    A Working Monitoring Policy ensures that all employees are informed about how their activities are monitored within the organization and agree to be ______.

    <p>monitored</p> Signup and view all the answers

    ______ filtering is the use of software that filters content to prevent the transmission of unauthorized information.

    <p>Content</p> Signup and view all the answers

    _________ is a type of malware that allows internet advertisers to display ads with the consent of computer users.

    <p>Adware</p> Signup and view all the answers

    The Working Monitoring Policy focuses on monitoring employees' activities to maintain information ________.

    <p>security</p> Signup and view all the answers

    Protecting ________ assets is a major concern for organizations to safeguard digital rights management and digital privacy.

    <p>intellectual</p> Signup and view all the answers

    _______ Performance is a primary focus area outlined in the Social Media Policy within organizations.

    <p>Financial</p> Signup and view all the answers

    The Email Privacy Policy details the extent to which email messages may be read by others

    <p>organization</p> Signup and view all the answers

    The dilemma surrounding employee monitoring in the workplace is that an organization places itself at risk if it fails to monitor its employees. However, some people feel that monitoring employees is ________.

    <p>unethical</p> Signup and view all the answers

    Organizational information is intellectual capital - it must be ________.

    <p>protected</p> Signup and view all the answers

    Information security involves the protection of information from accidental or intentional misuse by persons inside or outside the ________.

    <p>organization</p> Signup and view all the answers

    Financial Performance is a primary concern for organizations striving to build an ethical corporate ________.

    <p>culture</p> Signup and view all the answers

    Astroturfing is the practice of using a fake identity to artificially stimulate demand for a ______.

    <p>product</p> Signup and view all the answers

    Financial Performance is a primary concern for organizations striving to build an ethical corporate ______.

    <p>culture</p> Signup and view all the answers

    The Working Monitoring Policy mainly involves monitoring customers and financial ______.

    <p>markets</p> Signup and view all the answers

    A key aspect of a _______ Policy is protecting intellectual property and financial performance within the organization.

    <p>Social Media</p> Signup and view all the answers

    Intrusion detection software features full-time monitoring tools that search for patterns in network traffic to identify ______.

    <p>intruders</p> Signup and view all the answers

    _______ is a key focus area outlined in the Social Media Policy within organizations.

    <p>Financial Performance</p> Signup and view all the answers

    According to the information provided, an Email Privacy Policy details the extent to which email messages may be monitored by ______.

    <p>others</p> Signup and view all the answers

    Protecting intellectual assets refers to safeguarding information from both accidental and intentional misuse within and outside the ______.

    <p>organization</p> Signup and view all the answers

    The Working Monitoring Policy states that some people believe monitoring employees is unethical due to the risks involved in maintaining employee ______.

    <p>privacy</p> Signup and view all the answers

    Security threats caused by hackers and viruses pose a risk to ______ assets.

    <p>intellectual</p> Signup and view all the answers

    The primary goal of a cyberterrorist when attacking a computer system is to ______

    <p>cause harm</p> Signup and view all the answers

    Content filtering is a technology mainly used to ______ data for secure transmission.

    <p>encrypt</p> Signup and view all the answers

    Astroturfing is the practice of using a ______ identity to artificially stimulate demand for a product.

    <p>fake</p> Signup and view all the answers

    Financial Performance is a primary concern for organizations striving to build an ethical corporate ______.

    <p>culture</p> Signup and view all the answers

    Tokens are small electronic devices that can change user passwords ______.

    <p>automatically</p> Signup and view all the answers

    It is recommended to reply to spam messages, even if it is to request to be ______ from the mailing list.

    <p>removed</p> Signup and view all the answers

    The process of exploiting a bug or vulnerability to gain elevated access to resources that are normally protected is known as '______ of privilege'.

    <p>elevation</p> Signup and view all the answers

    Malware is software intended to ______ the performance of computers and computer systems.

    <p>enhance</p> Signup and view all the answers

    Which type of hacker is primarily motivated by causing damage or disruption, rather than financial ______?

    <p>gain</p> Signup and view all the answers

    Biometrics, such as fingerprints or voice, fall under the category of 'Something the user ______' in authentication techniques.

    <p>knows</p> Signup and view all the answers

    Study Notes

    Financial Impacts of Downtime

    • The cost of downtime includes revenue recognition, cash flow, payment guarantees, credit rating, and stock price
    • Revenue loss includes direct loss, compensatory payments, lost future revenue, billing losses, investment losses, and lost productivity
    • Damaged reputation affects customers, suppliers, financial markets, banks, and business partners
    • Other expenses include temporary employees, equipment details, overtime costs, extra shipping charges, travel expenses, and legal obligations

    Security Threats Caused by Hackers and Viruses

    • Hacker: experts in technology who use their knowledge to break into computers and computer networks
      • Types of hackers:
        • Black-hat hacker: steals, destroys, or does nothing
        • Cracker: with criminal intent
        • Cyberterrorist: destroys critical systems or information
        • White-hat hacker: works at the request of system owner to find system vulnerabilities and fix them
    • Virus: software written with malicious intent to cause annoyance or damage
      • Types of viruses:
        • Worm: spreads itself from file to file and computer to computer
        • Malware: intended to damage or disable computers and computer systems
        • Adware: allows internet advertisers to display advertisements without consent

    Information Privacy Policy

    • Contains general principles regarding information privacy
    • Acceptable Use Policy (AUP): requires user to agree to follow to access corporate email, information systems, and the internet
    • Nonrepudiation: ensures ebusiness participants do not deny their online actions
    • Internet Use Policy: guides proper use of the internet
    • Email Privacy Policy: details extent of email message reading by others
    • Social Media Policy: outlines corporate guidelines for employee online communications
    • Working Monitoring Policy: explicitly states how, when, and where the company monitors its employees

    Information Ethics

    • Ethics: principles and standards guiding behavior toward others
    • Information Ethics: governs ethical and moral issues arising from development and use of information technologies
    • Business issues related to information ethics:
      • Intellectual property
      • Copyright
      • Pirated software
      • Counterfeit software
      • Digital rights management
    • Privacy: right to be left alone, control personal possessions, and not be observed without consent
    • Confidentiality: assurance that messages and information are available only to authorized viewers

    Protection of Intellectual Assets

    • Organizational information is intellectual capital that must be protected

    • Information security: protection of information from accidental or intentional misuse

    • Downtime: period of time when a system is unavailable

    • Security threats to ebusiness include:

      • Elevation of privilege
      • Hoaxes
      • Sniffer
      • Spoofing
      • Spyware
      • Ransomware
      • Scareware
    • First line of defense: people

    • Information security policies and plan: essential to combat insider issues### Information Security

    • Prevention and resistance technologies stop intruders from accessing and reading data.

    • Privilege escalation is a network intrusion attack that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.

      • Vertical privilege escalation: attackers grant themselves a higher access level, such as administrator.
      • Horizontal privilege escalation: attackers grant themselves the same levels that they already have but assume the identity of another user.

    Technologies for Prevention and Resistance

    • Content filtering: use of software that filters content to prevent the transmission of unauthorized information.
    • Encryption: scrambles information into an alternative form that requires a key or password to decrypt.
    • Firewalls: hardware and/or software that guard a private network by analyzing incoming and outgoing information for the correct markings.

    Detection and Response

    • Intrusion detection software: features full-time monitoring tools that search for patterns in network traffic to identify intruders.

    Three Areas of Information Security

    • People: authentication and authorization
    • Data: prevention and resistance
    • Attacks: detection and response

    Authentication and Authorization

    • Identity theft: the forging of someone’s identity for the purpose of fraud.
      • Phishing: technique to gain personal information for the purpose of identity theft.
      • Pharming: reroutes requests for legitimate websites to false websites.
      • Sock puppet marketing: the use of a false identity to artificially stimulate demand for a product, brand, or service.
      • Astroturfing: the practice of artificially stimulating online conversation and positive reviews about a product, service, or brand.
    • Authentication: a method for confirming users’ identities.
    • Authorization: the process of giving someone permission to do or have something.
      • Three categories of authentication techniques:
        • Something the user knows (e.g. user ID and password)
        • Something the user has (e.g. smart card or token)
        • Something that is part of the user (e.g. fingerprints or voice - biometrics)

    Policies

    • Information Privacy Policy: contains general principles regarding information privacy.
    • Acceptable Use Policy (AUP): requires a user to agree to follow it to be provided access to corporate email, information systems, and the internet.
    • Nonrepudiation: a contractual stipulation to ensure that ebusiness participants do not deny their online actions.
    • Internet Use Policy: contains general principles to guide the proper use of the internet.
    • Email Privacy Policy: details the extent to which email messages may be read by others.
    • Social Media Policy: outlines the corporate guidelines or principles governing employee online communications.
    • Working Monitoring Policy: explicitly states how, when, and where the company monitors its employees.

    Protecting Intellectual Assets

    • Organizational information is intellectual capital - it must be protected.
    • Information security: the protection of information from accidental or intentional misuse by persons inside or outside the organization.
    • Downtime: a period of time when a system is unavailable.
    • Cost of downtime:
      • Financial performance
      • Revenue
      • Damaged reputation
      • Other expenses

    Ethics

    • Ethics: the principles and standards that guide our behavior toward other people.
    • Information Ethics: govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself.
    • Business issues related to information ethics:
      • Intellectual property
      • Copyright
      • Pirated software
      • Counterfeit software
      • Digital rights management
    • Privacy: the right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent.
    • Confidentiality: the assurance that messages and information are available only to those who are authorized to view them.

    Security Threats

    • Hacker: experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge.
      • Black-hat hacker: steal, destroy or do nothing.
      • Cracker: with criminal intent.
      • Cyberterrorist: destroy critical systems or information.
      • White-hat hacker: work at the request of system owner to find system vulnerabilities and fix them.
    • Virus: software written with malicious intent to cause annoyance or damage.
      • Worm: a type of virus that spreads itself from file to file, but also from computer to computer.
      • Malware: software that is intended to damage or disable computers and computer systems.
      • Adware: allows the internet advertisers to display advertisements without the consent of the computer users.

    Spam Management

    • Tips from Information Week:
      • Obscure your email address by inserting something obvious into it.
      • Don't reply to spam messages.
      • Remove your email address from your Website's pages and offer a Web-based mail form instead.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Description

    Learn about common security threats to e-business such as spyware, ransomware, scareware, elevation of privilege, and hoaxes. Understand how these threats can impact businesses and how to protect against them.

    More Like This

    Information Security Management Quiz
    5 questions

    Information Security Management Quiz

    ToughWatermelonTourmaline1939 avatar
    ToughWatermelonTourmaline1939
    Security Threats Overview
    15 questions
    Overview of Security Threats
    21 questions

    Overview of Security Threats

    SupportedTechnetium avatar
    SupportedTechnetium
    Use Quizgecko on...
    Browser
    Browser