CMIS 342
CMIS 342 - Chapter 4 Exam
The degree of protection against criminal activity, danger, damage, or loss
security
Processes and policies designed to protect and defend an organization's information and
information systems from unauthorized access, use, disclosure, disruption, modification,
or destruction
information security
Any danger to which information may be exposed; a malicious or negative event that
takes advantage of a vulnerability
threat
The harm, loss, or damage that can result if a threat compromises an information
resource; a known incident in which the vulnerability was acted upon
exposure
The possibility that an information resource will be harmed by a threat; the likelihood
that the harm will occur if the threat happens; a weakness in a system - something that
has the potential for being exploited
vulnerability
The likelihood that a threat will occur; the potential for loss and damage when the threat
does occur
risk
What are the five key factors that are contributing to the increasing vulnerability of
organizational
1. Today's interconnected, interdependent, wirelessly networked business environment
2. Smaller, faster, cheaper computers and storage devices
3. Decreasing skills necessary to be a computer hacker
4. International organized crime taking over cybercrime
5. Lack of management support
CMIS 342
, CMIS 342
Illegal activities executed on the Internet
cybercrime
Inside threats vs. outside threats
Inside threats: employees and other insiders, systems software, hardware threats
Outside threats: man-made disasters, natural disasters, malware, denial of service,
unauthorized users
Acts performed without malicious intent that nevertheless represent a serious threat to
information security; i.e. human errors and social engineering
unintentional acts
Carelessness with computing devices, opening questionable e-mails, careless internet
surfing, poor password selection and use, carelessness with one's workspace, carelessness
using unmanaged devices, carelessness with discard equipment, careless monitoring of
environmental hazards
examples of human errors
Getting around security systems by using social stills to trick legitimate computer users
inside a company into revealing confidential sensitive information or gaining
unauthorized access privileges (tailgating)
social engineering
Acts performed with malicious intent that represent a serious threat to information
security
intentional acts
Type of deliberate threat that occurs when an unauthorized individual attempts to gain
illegal access to organizational information
espionage/trespass
What is the difference between competitive intelligence and industrial espionage?
Competitive intelligence consists of legal information-gathering techniques, while
industrial espionage crosses the legal boundary
CMIS 342
CMIS 342 - Chapter 4 Exam
The degree of protection against criminal activity, danger, damage, or loss
security
Processes and policies designed to protect and defend an organization's information and
information systems from unauthorized access, use, disclosure, disruption, modification,
or destruction
information security
Any danger to which information may be exposed; a malicious or negative event that
takes advantage of a vulnerability
threat
The harm, loss, or damage that can result if a threat compromises an information
resource; a known incident in which the vulnerability was acted upon
exposure
The possibility that an information resource will be harmed by a threat; the likelihood
that the harm will occur if the threat happens; a weakness in a system - something that
has the potential for being exploited
vulnerability
The likelihood that a threat will occur; the potential for loss and damage when the threat
does occur
risk
What are the five key factors that are contributing to the increasing vulnerability of
organizational
1. Today's interconnected, interdependent, wirelessly networked business environment
2. Smaller, faster, cheaper computers and storage devices
3. Decreasing skills necessary to be a computer hacker
4. International organized crime taking over cybercrime
5. Lack of management support
CMIS 342
, CMIS 342
Illegal activities executed on the Internet
cybercrime
Inside threats vs. outside threats
Inside threats: employees and other insiders, systems software, hardware threats
Outside threats: man-made disasters, natural disasters, malware, denial of service,
unauthorized users
Acts performed without malicious intent that nevertheless represent a serious threat to
information security; i.e. human errors and social engineering
unintentional acts
Carelessness with computing devices, opening questionable e-mails, careless internet
surfing, poor password selection and use, carelessness with one's workspace, carelessness
using unmanaged devices, carelessness with discard equipment, careless monitoring of
environmental hazards
examples of human errors
Getting around security systems by using social stills to trick legitimate computer users
inside a company into revealing confidential sensitive information or gaining
unauthorized access privileges (tailgating)
social engineering
Acts performed with malicious intent that represent a serious threat to information
security
intentional acts
Type of deliberate threat that occurs when an unauthorized individual attempts to gain
illegal access to organizational information
espionage/trespass
What is the difference between competitive intelligence and industrial espionage?
Competitive intelligence consists of legal information-gathering techniques, while
industrial espionage crosses the legal boundary
CMIS 342
