Chapter 4 – Ethics and Information Security: MIS Business Concerns

copyright
the legal protection afforded an expression of an idea
intellectual property
intangible creative work that is embodies in physical form and includes copyrights, trademarks and patents
patent
an exclusive right to make, use and sell and invention and is granted by a government to the inventor
ethics
the principles and standards that guid our behavior toward other people
privacy
the right to be left alone when you want to be, to have control over your personal possessions and not to be observed without your consent
confidentiality
the assurance that messages and information remain available only to those authorized to use them
information ethics
govern the ethical and moral issues arising from the development and use of technologies, as well as creation, collection, duplication, distribution and processing of information itself
pirated software
unauthorized use, duplication, distribution or sale of copyrighted software
counterfeit software
software that is manufactured to look like the real thing and sold as such
digital rights management
technological solution that allows publishers to control their digital media to discourage, limit or prevent illegal copying and distribution
information management
examines the organizational resource of information and regulates its definitions, uses, value and distribution ensuring it had the types of data/information required to function and grow effectively
information governance
a method or system of government for information management or control
information compliance
the act of conforming, acquiescing or yielding information
information property
an ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged
ediscovery (electronic discovery)
refers to the ability of a company to identify, search, gather, seize or export digital information in responding to a litigation, audit, investigation or information inquiry
child online protection act
passed to protect minors from accessing inappropriate material on the internet
epolicies
policies and procedures that address information management along with the ethical use of computers and the internet in the business environment
cyberbulling
includes threats, negative remarks or defamatory comments transmitted via the internet or posted on the website
threat
is an act or object that poses a danger to assets
click-fraud
the abuse of pay-per-click, pay-per-call and pay-per-conversion revenue models by repeatedly clicking on a link to increase charges or costs for the advertiser
competitive click-fraud
a computer crime where and competitor or disgruntled employee increases a company’s search advertising costs by repeatedly clicking on the advertisers link
ethical computer use policy
contains general principles to guid computer user behavior
information privacy policy
contains general principles regarding information privacy
acceptable use policy (AUP)
requires a user to agree to follow it to be provided access to corporate email, information systems and the internet
nonrepudiation
a contractual stipulation to ensure that ebusiness participants do not deny their online actions
internet use policy
contains general principles to guid the proper use of the internet
cybervandalism
the electronic defacing of an existing website
typosquatting
a problem that occurs when someone registers purposely misspelled variations of well-known domain names
website name stealing
a theft of a websites name that occurs when someone, posing as a site’s administrator, changes the ownership of the domain name assigned to the website to another website owner
internet censorship
governments attempt to control internet traffic, thus preventing some material from being viewed by a country’s citizens
email privacy policy
details the extent to which email messages may be read by others
mail bomb
sends a massive amount of email to a specific person or system that can cause that users server to stop functioning
spam
unsolicited email
anti-spam policy
simply states that email users will not send spam emails
opt out
choosing to deny permission to incoming emails
teergrubing
an anti-spamming approach where the receiving computer launches an return attack against the spammer, sending email messages back to the computer that sent the original spam
social media policy
outlines the corporate guidelines or principles governing employee online communications
physical security
tangible protection such as alarms, guards, fireproof doors, fences and vaults
workplace MIS monitoring
tracks peoples activities by such measures as number of keystrokes, error rate and number of transactions processed
employee monitoring policy
stating explicitly how, when and where the company monitors its employees
downtime
refers to a period of time when a system is unavailable
information security
a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization
hackers
experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge
drive-by hacking
a computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services and/or sends attack instructions without entering the office or organization that owns the network
virus
software written with malicious intent to cause annoyance or damage
adware
software that, purporting to serve some useful function and often fulfilling that function, also allows internet advertises to display advertisements without the consent of the computer user
spyware
a special class of adware that collects data about the user and transmits it over the internet without the users knowledge or permission
insiders
legitimate users who purposefully or accidentally misuse their access to the environment and cause some kind of business affecting incident
social engineering
hackers use their social skills to trick people into revealing access credentials or other valuable information
dumpster diving
looking through peoples trash
information security policies
identify the rules required to maintain information security
information security plan
details how an organization will implement the information security policies
destructive agents
malicious against designed by spammers and other internet attackers to farm email addresses off websites or deposit spyware on machines
identity theft
the forging of someones identity for the purpose of fraud
information secrecy
category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity
phishing
a technique to gain personal information for the purpose of identity theft
phishing expedition
masquerade attack that combines spam with spoofing
spear phishing
a phishing expedition in which the emails are carefully designed to target a specific person or organization
vishing (voice phishing)
a phone scam that attempts to defraud people by asking them to call a bogus telephone number to confirm their account information
pharming
reroutes requests for legitimate websites to false websites
zombie
a program that secretly takes over another computer for the purpose of launching attacks on other computers
zombie farm
group of computers on which a hacker has planted zombie programs
pharming attack
uses a zombie farm to launch a massive phishing attack
authentication
a method for confirming user identities
authorization
the process of providing a user with permission including access levels and abilities such as file access, hours of access and amount of allocated storage space
tokens
small electronic devices that change user passwords automatically
smart card
device about the size of a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing
biometrics
the identification of a user based on some physical characteristic
time bombs
computer viruses that wait for a specific date before executing their instructions
content filtering
occurs when organizations use software that filters content to prevent the accidental or malicious transmission of unauthorized information
encryption
scrambles information into an alternative form that requires a key or password to decrypt
decrypt
decode
cryptography
science that studies encryption
advanced encryption standard (AES)
designed to keep government information secure
public key encryption (PKE)
uses two keys: a public key that everyone can have and a private key that only the recipient has
certificate authority
trusted third party that validates user identities by means of digital certificates
digital certificate
a data file that identifies individuals or organizations online and is comparable to a digital signature
firewall
is hardware and/or software that guard a private network by analyzing incoming and outgoing information for the correct markings
anti-virus software
scans and searches hard drives to prevent, detect and remove viruses, spyware and adware
cyberwar
an organized attempt by a countries military to disrupt or destroy information and communications systems for another country
cyberterrorism
the use of computer and networking technologies against persons or property to intimidate or coerce governments, individuals or any segment of society to attain political, religious or ideological goals
intrusion detection software (IDS)
feature full time monitoring tools that search for patterns in network traffic to identify intruders