Term
|
Definition
Sensitive Information (know how shortcuts) can't be encrypted
Protects information only in specific situations-laptop stolen able or read information
Physical Access controls need to be strong-defense in depth, access controls, and training |
|
|
Term
| Information Rights Management |
|
Definition
| provides an additional layer of protection to specific information resources, limits access to specific files but also limit actions (read, copy, print) |
|
|
Term
| Data Loss Prevention Software |
|
Definition
| works like antivirus programs in reverse, blocking outgoing messages that contain key words or phrases associated with the intellectual property or other sensitive data the organization wants to protect. PREVENTIVE MEASURE |
|
|
Term
|
Definition
| supplement data loss prevention software- detective control that enables an organization to identity confidential information that has been disclosed. |
|
|
Term
| What is the most important control for protecting confidentiality? |
|
Definition
| Training- need to know what information they can share, what needs to be protected, how to protect data, logging out at workstations, code reports, don't leave sensitive information in plain view |
|
|
Term
|
Definition
| programs that replace customers personal information with fake values = because programmers should test with real data for security reasons |
|
|
Term
|
Definition
| unsolicited email that contains advertising or offensive content |
|
|
Term
|
Definition
| unauthorized use of someone's personal information for perpetrator's benefit |
|
|
Term
|
Definition
| text file created by a web site and stored on a visitor's hard disk, store information about what user has done on website |
|
|
Term
| What does GAPP include/show? |
|
Definition
| protecting privacy of customers' personal information requires implementing policies, procedures, and technology then training everyone in the organization to follow it and monitor compliance. So managerial issue not just IT |
|
|
Term
|
Definition
| process of transforming normal content, called plaintext into unreadable cipher text |
|
|
Term
|
Definition
| reverses process transformating cipher text into plaintext |
|
|
Term
| What do both encryption and decryption involve? |
|
Definition
| use of key and an algorithm; key is string of binary numbers |
|
|
Term
| 3 factors that influence encryption strength |
|
Definition
| Key length, encryption algorithm, an polices for managing cryptographic keys |
|
|
Term
|
Definition
| involves making copies of all encryption keys used by employees and storing those copies securely |
|
|
Term
| Symmetric Encryption System |
|
Definition
| use the same key to both encrypt and decrypt. Benefits: Faster Problems: two party involvement makes it complete to exchange so need same method, also sep key needs to be made for each party |
|
|
Term
| Asymmetric Encryption System |
|
Definition
| use public key available to everyone and private key which is only known by the owner of that pair of keys |
|
|
Term
|
Definition
| process that takes plaintext of any length and transforms it into a short code called a hash |
|
|
Term
| How is hashing different from encryption? |
|
Definition
| encryption always produces cipher text similar in length to the original plaintext and hashing always produces a hash that is of a fixed short length. 2. encryption is reversible, hashing is not |
|
|
Term
| How can a business obtain same level of assurance about enforceability of a digital transaction that a signed photocopy provides? |
|
Definition
| Use Hashing and Asymmetric Encryption to create a digital signature |
|
|
Term
|
Definition
| hash of a document that is encrypted using the document creator's private key |
|
|
Term
| What do digital signatures provide proof of? |
|
Definition
| copy of a document or file has not been altered and who created the original version of digital document or file |
|
|
Term
| How do digital signatures provide assurance? |
|
Definition
| if two hashes are identical means two documents are identical because has reflects every bit in a document. 2. asymmetric encryption |
|
|
Term
| How can you really be sure of a party's identify with digital signatures? |
|
Definition
| digital certificates and public key infrastructure |
|
|
Term
|
Definition
| electronic document that contains an entity's public key and certifies the identity of the owner of that particular public key |
|
|
Term
| Public Key Infrastructure |
|
Definition
| system for issuing pairs of public and private keys and corresponding digital certificates |
|
|
Term
|
Definition
| privdes the functionality of privately owned secure network without the associated costs of leased telephone lines, satellites, and other communication equipment |
|
|
Term
| What two type soy VPN's do organizations use? |
|
Definition
| SSL and browser software to give employees remote access to the corporate network. 2. IPSec which is a version of the IP protocol that incorporates encryption to securely connect two offices |
|
|
Term
|
Definition
| text files that only store information and can't perform any actions |
|
|
Term
| What 3 controls can protect confidentiality and privacy? |
|
Definition
| encryption, access controls, and training |
|
|
Term
| Difference between US and Europe about collecting customer's personal information? |
|
Definition
| Europe=opt in, US=opt out |
|
|
Term
| One of the ten GAPP principles is concerned with relationship between security and privacy? |
|
Definition
| security is a necessary but not sufficient precondition to protect privacy. security alone is not enough |
|
|
Term
| Input Controls-Form Design |
|
Definition
| Forms should be renumbered and turnaround document |
|
|
Term
|
Definition
| form design, cancellation and storage of source documents, data entry controls, batch processing |
|
|
Term
| Types of Data Entry Controls |
|
Definition
| Field Check, sign check, limit check, range check |
|
|
Term
|
Definition
| tests whether a batch of input data is in the proper numerical or alphabetical sequence |
|
|
Term
|
Definition
| summarize important values for a batch of input records= financial total, hash total, and record count |
|
|
Term
|
Definition
| located at the beginning of each file and contains the file name, expiration date, exc. Part of the file labels |
|
|
Term
|
Definition
| located at the end of the file and contains the batch totals calculated during input. |
|
|
Term
| Recalculation batch totals with a transposition error |
|
Definition
| two adjacent digits were inadvertently reversed. total should be recomputed as each transactions record is processed and the total for the batch should then be compared to the values in the trailer record |
|
|
Term
| Cross footing balance test |
|
Definition
| compares the results produced by each method to verify accuracy |
|
|
Term
| Parity Bit and Parity Checking |
|
Definition
| extra digit added to the beginning of every character that can be used to check transmission accuracy. verify the integrity of data sent and received 2. which entails verifying that the proper number of bits are set tot he value 1 in each character received |
|
|
Term
|
Definition
| ability of a system to continue functioning in the event that a particular component fails |
|
|
Term
| Redundant Arrays of Independent Drives (RAID) |
|
Definition
| data is written to multiple disk drives simultaneously, one drive fails the data can be accessed from another |
|
|
Term
|
Definition
| represents the maximum amount of data that the organization is willing to potentially lose |
|
|
Term
|
Definition
| reprints the length of time that the organization is willing to attempt to function without its information system |
|
|
Term
|
Definition
| application control would detect and prevent entry of alphabetic characters as the price of an inventory item |
|
|
Term
|
Definition
| prevent entry of a nonexistent customer number in a sales transaction |
|
|
Term
|
Definition
| disaster recovery strategy invokes contracting for use of a physical site to which all necessary computing equipment will be delivered within 24 to 36 hours |
|
|
Term
| Incremental backups vs Differential Daily Backups |
|
Definition
| incremental faster but reservation is slower and more complex |
|
|
Term
|
Definition
| information that needs to be stored securely for 10+ years |
|
|
