ITM Ch8.docx

4 Pages

Information Technology Management
Course Code
ITM 100
Vikraman Baskaran

This preview shows page 1. Sign up to view the full 4 pages of the document.
Security – Policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems. Controls – All of the methods, policies, and procedures that ensure protection of the organization’s assets, accuracy, and reliability of its records, and operational adherence to management standards. War Driving – Technique in which eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic. Malware – Malicious software programs such as computer viruses, worms and Trojan horses. Computer virus – Vogue software program that attaches itself to other software programs or data files in order to be executed, often causing hardware and software malfunctions. Worms – Independent software programs that propagate themselves to disrupt the operation of computer networks or destroy data and other programs. Trojan horse – A software program that appears legitimate but contains a second hidden function that may cause damage. Spyware – Technology that aids in gathering information about a person or organization without their knowledge. Key logger – Spyware that records every keystroke made on a computer to steal personal information or passwords or to launch Internet attacks. Hacker – A person who gains unauthorized access to a computer network for profit, criminal mischief, or personal pleasure. Cyber vandalism – Intentional disruption, defacement, or destruction of a Web site or corporate information system. Spoofing – Attempts by hackers to hide their true identities by using fake e-mail addresses or masquerading as someone else; may involve redirecting a Web link to an address different from the intended one, with the site masquerading as the intended destination. Sniffer – Type of eavesdropping program that monitors information travelling over a network. Denial-of-service (DoS) attack – Flooding a network server or Web server with false communications requests for services in order to crash the network. Distributed denial-of-service (DDoS) – Numerous computers inundating and overwhelming a network from numerous launch points. Botnet – A group of computers that have been infected with bot malware without users’ knowledge, enabling a hacker to use the amassed resources of the computers to launch distributed denial-of-service attacks, phishing campaigns, or spam. Computer crime- The commission of illegal acts through the use of a computer or against a computer system. Identity theft – Theft of key pieces of personal information, such as credit card or social insurance numbers, in order to obtain merchandise and services in the name of the victim or to obtain false credentials. Phishing- Form of spoofing involving setting up fake websites or sending e-mail messages that resemble those of legitimate businesses that ask users for confidential personal data. Evil twin – Wireless network that pretends to be legitimate or entice participants to log on and reveal passwords or credit card numbers. Pharming – Phising technique that redirects users to a bogus Web page, even when an individual enters the correct Web page address. Click fraud – Fraudently clicking on an online pay-per-click advertising to generate an improper charge per click. Social engineering – Tricking people into revealing their passwords or other information by pretending to be legitimate users or member of a company in need of information. Bugs – Software program code defects. Patches – Small pieces of software that repair software flaws without disturbing the proper operation of the software. C-SOX – Act passed by parliament that imposes the responsibility on companies and their managements to safeguard the accuracy and integrity of financial information that is used internally and released externally. Computer forensics – The scientific collection, examination, authentication, preservation, and analysis of data held on or retrieved from computer storage media in such a way that the information can be used as evidence in a court of law. General controls – Overall control environment governing the design, security, and use of computer programs and the security of data files in general throughout the organization’s information technology infrastructure. Application controls – Specific controls unique to each computerized application that ensure that only authorized da
More Less
Unlock Document

Only page 1 are available for preview. Some parts have been intentionally blurred.

Unlock Document
You're Reading a Preview

Unlock to view full version

Unlock Document

Log In


Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.