Page 359 -
P. 359
358 Part Two Information Technology Infrastructure
Key Terms
Acceptable use policy (AUP), 342 Identity theft, 332
Antivirus software, 348 Intrusion detection systems, 348
Application controls, 340 Keyloggers, 330
Authentication, 346 Malware, 328
Biometric authentication, 346 Managed security service providers (MSSPs), 352
Botnet, 331 MIS audit, 344
Bugs, 335 Online transaction processing, 351
Business continuity planning, 344 Password, 346
Click fraud, 334 Patches, 337
Computer crime, 332 Pharming, 333
Computer forensics, 339 Phishing, 333
Computer virus, 328 Public key encryption, 350
Controls, 325 Public key infrastructure (PKI), 350
Cybervandalism, 330 Recovery-oriented computing, 351
Cyberwarfare, 334 Risk assessment, 341
Deep packet inspection (DPI), 352 Sarbanes-Oxley Act, 339
Denial-of-service (DoS) attack, 331 Secure Hypertext Transfer Protocol (S-HTTP), 349
Digital certificates, 350 Secure Sockets Layer (SSL), 349
Disaster recovery planning, 344 Security, 325
Distributed denial-of-service (DDoS) attack, 331 Security policy, 342
Downtime, 351 Smart card, 346
Drive-by download, 328 Sniffer, 331
Encryption, 349 Social engineering, 335
Evil twin, 333 Spoofing, 331
Fault-tolerant computer systems, 351 Spyware, 330
Firewall, 347 SQL injection attack, 330
General controls, 340 Token, 346
Gramm-Leach-Bliley Act, 339 Trojan horse, 329
Hacker, 330 Unified threat management (UTM), 349
High-availability computing, 351 War driving, 327
HIPAA, 338 Worms, 328
Identity management, 342
Review Questions
1. Why are information systems vulnerable to • Explain how software defects affect system
destruction, error, and abuse? reliability and security.
• List and describe the most common threats 2. What is the business value of security and
against contemporary information systems. control?
• Define malware and distinguish among a • Explain how security and control provide
virus, a worm, and a Trojan horse. value for businesses.
• Define a hacker and explain how hackers • Describe the relationship between security
create security problems and damage systems. and control and recent U.S. government
regulatory requirements and computer
• Define computer crime. Provide two examples
forensics.
of crime in which computers are targets and
two examples in which computers are used as 3. What are the components of an organizational
instruments of crime. framework for security and control?
• Define identity theft and phishing and explain • Define general controls and describe each
why identity theft is such a big problem today. type of general control.
• Describe the security and system reliability • Define application controls and describe each
problems created by employees. type of application control.
MIS_13_Ch_08 Global.indd 358 1/17/2013 3:10:24 PM
