Term
|
Definition
| A collection of team-based development processes that expects requirements changes, delivers frequent working versions of a product, works closely with customers, and designs and tests “on the fly.” |
|
|
Term
|
Definition
| Encryption that uses two different keys: one to encrypt, one to decrypt. |
|
|
Term
|
Definition
| The process whereby an information system approves (validates) a user by checking the user’s password. |
|
|
Term
|
Definition
| Uses personal physical characteristics such as fingerprints, facial features, and retinal scans to authenticate users. |
|
|
Term
|
Definition
| Someone who is well versed in the Porter models, organizational strategy, and systems alignment theory such as COBIT, and who also understands the proper role for technology. |
|
|
Term
| Business process management (BPM) |
|
Definition
| A systematic process of modeling, creating, implementing, and assessing business processes. |
|
|
Term
| Continuous improvement process (CIP) |
|
Definition
| An ongoing cycle of process improvement through evaluation, remodeling, implementation, and monitoring. |
|
|
Term
|
Definition
| Small files that your browser stores on your computer when you visit Web sites. |
|
|
Term
| Cross-site scripting (XSS) |
|
Definition
| A type of code injection attack common on discussion boards and forums to inject Web page scripting into servers or into user’s computers. |
|
|
Term
|
Definition
| A form of problem or attack that makes a server and/or network so resource-starved that it cannot serve legitimate requests. |
|
|
Term
|
Definition
| People who drive around while their computer scans for unprotected wireless networks. |
|
|
Term
|
Definition
| A process for transforming text into unintelligible text for secure communication and/or storage. |
|
|
Term
|
Definition
| A wireless access point that is spoofing an access point with a similar name, then eavesdrops on communications. |
|
|
Term
|
Definition
| A computing device that prevents unauthorized access to parts of a network. |
|
|
Term
|
Definition
| Passed by Congress in 1999, it protects consumer financial data stored by financial institutions, which are defined as banks, securities firms, insurance companies, and organizations that provide financial advice, prepare tax returns, and provide similar financial services. |
|
|
Term
|
Definition
| Gaining unauthorized access to a computer system. |
|
|
Term
|
Definition
| A secure form of Hypertext Transport Protocol that uses public/private key and synchronous encryption to secure Internet communications. |
|
|
Term
|
Definition
| Restrict access to digital assets to only those users who have authorization and require users to follow authorized procedures for system use and recovery. |
|
|
Term
|
Definition
The process by which a user is identified on a network.
Information systems security – the process of protecting information systems vulnerabilities from threats by creating appropriate safeguards. |
|
|
Term
|
Definition
| Occurs when a hacker/intruder uses a legitimate IP address to mask his or her own. |
|
|
Term
|
Definition
| A number used to encrypt data in an encryption algorithm. |
|
|
Term
|
Definition
| A safety procedure by which encryption keys are kept and safeguarded by a trusted third-party. |
|
|
Term
|
Definition
| Work performed after system installation that either fixes problems or adds system enhancements. |
|
|
Term
|
Definition
| An installation technique in which the new system and the old system are run at the same time, side-by-side, for a period of time to ensure the new system is working properly and yields comparable results to the old system. |
|
|
Term
|
Definition
| An installation technique in which a system is installed/implemented in phases across an organization. This does not work for some systems. |
|
|
Term
|
Definition
| An individual responsible for conducting a phishing scam. |
|
|
Term
|
Definition
| The malicious use of email or a Web site to attempt to acquire an individual’s personal information by masquerading as a legitimate business or organization. |
|
|
Term
|
Definition
| The organization implements the entire system/business processes on a limited portion of the business. |
|
|
Term
|
Definition
| Refers to an installation process by which the old system is turned off and the new system is turn on. This form of installation process is generally discouraged as being too risky. |
|
|
Term
|
Definition
| A form of social engineering (malicious attack) by which someone deceives by pretending to be someone else. |
|
|
Term
|
Definition
| A key pair that is used for encryption. The public key is shared with anyone who wishes to send the private key holder an encrypted message. A public key is used to encrypt, while a private key is used to decrypt. |
|
|
Term
|
Definition
| Measure that individuals or organizations take to block the threat from obtaining the asset. |
|
|
Term
|
Definition
| A plastic card similar to a credit card that contains a microchip. |
|
|
Term
|
Definition
| A technique for intercepting electronic communications on a network. |
|
|
Term
|
Definition
| A category of threats that involve manipulating a person or group to unknowingly release confidential information. |
|
|
Term
|
Definition
| A social engineering term that describes the act of pretending to be someone else. |
|
|
Term
|
Definition
| The insertion of SQL into a URL that is unknowingly processed by a Web page to compromise a database. |
|
|
Term
|
Definition
| A 15-minute meeting in which each team member states: 1) what he or she has done in the past day; 2) what he or she will do in the coming day; and 3) any factors that are blocking his or her progress. |
|
|
Term
|
Definition
| A form of encryption wherein the same key is used to both encrypt and decrypt a message. |
|
|
Term
|
Definition
| The process of switching from an old system and/or processes to a new system and/or processes. |
|
|
Term
|
Definition
| The process of creating and maintaining an information system. |
|
|
Term
| Systems development life cycle (SDLC) |
|
Definition
| A structured process for developing an information system that consists of five steps: system definition, requirements determination, system design, system development/testing/implementation, and system maintenance. |
|
|
Term
|
Definition
| The asset that is desired by a threat. |
|
|
Term
|
Definition
| Security safeguards that specifically address (and may be incorporated into) the hardware, software, and data components of an information system. |
|
|
Term
|
Definition
| A formal description of the system’s response to use and misuse scenarios. It is used to test a system prior to implementation. |
|
|
Term
|
Definition
| A person or organization that seeks to obtain or alter data or other assets illegally, without the owner’s permission, and often without the owner’s knowledge. |
|
|
Term
|
Definition
| Weakness in the IS that provides an opportunity for threats to gain access to individual or organizational assets. |
|
|
