Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
164 Cards in this Set
- Front
- Back
|
audit committee |
a subgroup of the board of directors thatprovides assistance to the board in fulfilling its responsibilities withrespect to the oversight of the quality and integrity of the organization’saccounting and reporting practices and controls including: financial statementsand reports; the organization’s compliance with legal and regulatoryrequirements; the qualifications, independence, and performance of thecompany’s independent auditor; and the performance of the company’s internalaudit team |
|
|
Body of Knowledge |
it outlines the agreed-upon sets of skills and abilities that all licensed professionals must possess |
|
|
breach of contract |
when one party fails to meet the terms of a contract |
|
|
breach of the duty of care |
the failure to act as a responsible person would act |
|
|
bribery |
providing money, property, or favors to someone in business or government to obtain a business advantage |
|
|
Business Software Alliance (BSA) |
a trade group that represents the world's largest software and hardware manufacturers; its mission is to stop the unauthorized copying of software produced by its members |
|
|
certification |
indicates that a professional possesses a particular set of skills, knowledge, or abilities, in the opinion of the certifying organization |
|
|
compliance |
to be in accordance with established policies, guidelines, specifications, or legislation |
|
|
conflict of interest |
a conflict between the IT worker's (or the IT firm's) self-interest and the interests of the client |
|
|
duty of care |
an obligation to protect people against any unreasonable harm or risk |
|
|
firewall |
a hardware or software that serves as a barrier between an organization's network and the Internet and limits access to the company's network based on the organization's Internet-usage policy |
|
|
Foreign Corrupt Practices Act (FCPA) |
a federal law that makes it a crime to bribe a foreign official, a foreign political party official, or a candidate for foreign political office |
|
|
fraud |
the crime of obtaining goods, services, or property through deception or trickery |
|
|
government license |
a government-issued permission to engage in an activity or to operate a business |
|
|
IT user |
the person who uses a hardware or software product |
|
|
material breach of contract |
when a party fails to perform certain express or implied obligations which impairs or destroys the essence of the contract |
|
|
misrepresentation |
misstatement or incomplete statement of a material fact |
|
|
negligence |
not doing something that a reasonable person would do, or doing something that a responsible person would not do |
|
|
profession |
a calling that requires specialized knowledge and often long and intensive academic preparation |
|
|
professional code of ethics |
states the principals and core values that are essential to the work of a particular occupational group |
|
|
professional malpractice |
professionals who breach the duty of car are liable for injuries that their negligence causes |
|
|
reasonable person standard |
a standard by which the courts decide whether a party owes a duty of care, by determining how an objective, careful, and conscientious person would have acted in the same circumstances |
|
|
reasonable professional standard |
analogous to a reasonable personal standard, but applied to defendants who have particular expertise or competence |
|
|
resume inflation |
lying on a resume by, for example, claiming competence in an IT skill that is in high demand |
|
|
trade secret |
information, generally unknown to the public, that a company has taken strong measures to keep confidential; it represents something of economic value that has required effort or cost to develop and that has some degree of uniqueness or novelty |
|
|
whistle-blowing |
an effort by an employee to attract attention to a negligent, illegal, unethical, abusive, or dangerous act by a company that threatens the public interest |
|
|
antivirus software |
scans a computer's memory and disk drives regularly for viruses |
|
|
botnet |
large group of computers controlled from one or more remote locations by hackers, without the knowledge or consent of their owners |
|
|
bring your own device (BYOD) |
business policy that permits, and in some cases encourages, employees to use their own mobile devices (smartphones, tablets, or laptops) to access company computing resources and applications, including email, corporate databases, the corporate intranet, and the Internet |
|
|
CAPTCHA |
software that generates and grades tests that humans can pass but all but the most sophisticated computer programs cannot |
|
|
cloud computing |
an environment in which software and data storage are services provided via the internet (the cloud); the services are run on another organization's computer hardware and are accessed by a Web browser |
|
|
collusion |
fraud committed by an employee in cooperation with a person outside of the organization |
|
|
competitive intelligence |
legally obtained information gathered usingsources available to the public; used to help a company gain an advantage overits rivals |
|
|
computer forensics |
discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a matter that preserves the integrity of the data gathered so it is admissible as evidence in a court of law |
|
|
Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act |
the act says that it is legal to spam, provided the messages meet a few basic requirements -- spammers cannot disguise their identity by using a false return address, the email must include a label specifying that it is an ad or a solicitation, and the email must include a way for recipients to indicate that they do not want future mass mailings |
|
|
cybercriminal |
a hacker that breaks into corporate computers and steals, often by transferring money from one account to another |
|
|
cyberterrorist |
a hacker that intimidates or coerces a government or organization to advance a political or social objective by launching computer-based attacks against other computers |
|
|
data breach |
the unintended release of sensitive data or the access of sensitive data by unauthorized individuals |
|
|
Department of Homeland Security |
leads the federal government's efforts in "securing civilian government computer systems, and works with industry and state, local, tribal, and territorial governments to secure critical infrastructure and information systems" |
|
|
distributed denial-of-service (DDoS) attack |
an attack in which a malicious hacker takes over a computer on the Internet and causes it to flood a target site with demands for data and other small tasks, causing the target system to be so busy responding to the stream of automated requests that legitimate users cannot use the target system |
|
|
exploit |
an attack on an information system that takes advantage of a particular system's vulnerability |
|
|
e-mail spam |
the abuse of e-mail systems to send unsolicited e-mail to large numbers of people |
|
|
hacker |
a computer programmer who tests the limitations of a system out of intellectual curiosity |
|
|
hacktivism |
a combination of the words hack and activism, is hacking to achieve a political or social goal |
|
|
industrial espionage |
involves using illegal means to obtain information that is not available to the public |
|
|
industrial spy |
insider in an organization who uses illegal means to obtain trade secrets from competitors of his or her firm |
|
|
intrusion detection system (IDS) |
monitors system and network resources and activities, and then notifies the proper authority when it identifies possible intrusions |
|
|
lamer |
a derogatory term for a hacker with poor skills, used by hackers with better skills |
|
|
logic bomb |
a type of Trojan horse that executes under specific conditions, such as a change in a particular file, or a particular combination of keystrokes |
|
|
malicious insider |
an ever-present and extremely dangerous adversary |
|
|
negligent insider |
a poorly trained and inadequately managed employee who means well but who has the potential to cause much damage |
|
|
phishing |
the act of using e-mail fraudulently to try to get the recipient to reveal personal data |
|
|
ransomware |
malware that disables a computer or smartphone until the victim pays a fee, or ransom |
|
|
reasonable assurance |
a concept that recognizes that managers must use their judgment to ensure that the cost of control does not exceed the system's benefits or the risks involved |
|
|
risk assessment |
an organization's review of potential threats to its computers and network and the probability of those threats occurring |
|
|
rootkit |
set of programs that enables its user to gain administrator level access to a computer without the end user's consent or knowledge |
|
|
script kiddy |
a derogatory term for a hacker with poor skills, used by hackers with better skills |
|
|
security audit |
evaluates whether an organization has a well-considered security policy in place and if it is being followed |
|
|
security policy |
defines an organization's security requirements and the controls and sanctions needed to meet those requirements |
|
|
smart card |
a credit card that contains a memory chip that is updated with encrypted data every time the card is used |
|
|
smishing |
a variation of phishing in which victims receive a legitimate-looking SMS text message on their phone telling them to call a specific phone number or to log on to a Web site |
|
|
spam |
abuse of e-mail systems to send unsolicited e-mail to large numbers of people |
|
|
spear-phishing |
a variation of phishing in which the phisher sends fraudulent e-mails to a certain organization's employees |
|
|
Trojan horse |
a program that a hacker secretly installs on a computer |
|
|
trustworthy computing |
a method of computing that delivers secure, private, and reliable computing experiences based on sound business practices |
|
|
United States Computer Emergency Readiness Team (US-CERT) |
a partnership between the Department of Homeland Security and the public and private sectors -- established in 2003 to protect the nation's Internet infrastructure against cyberattacks |
|
|
virtual machine |
machine that performs as if it is a separate computer, completing required tasks for the users and applications assigned to that virtual machine |
|
|
virtual private network (VPN) |
uses the Internet to relay communications and maintains privacy through security procedures and tunneling protocols, which encrypt data at the sending end and decrypt it at the receiving end |
|
|
virtualization software |
a software program that emulates computer hardware by enabling multiple operating systems to run on one computer host |
|
|
virus |
a piece of programming code, usually disguised as something else, that causes some unexpected and usually undesirable event |
|
|
virus signature |
a specific sequence of bytes indicative of a virus |
|
|
vishing |
a variation of phishing in which victims receive a voicemail telling them to call a specific phone number or log on to access a specific Web site |
|
|
worm |
harmful programs that reside in the active memory of a computer and duplicate themselves |
|
|
zero-day attack |
an attack that takes place before the security community or a software developer knows about a vulnerability or has been able to repair it |
|
|
zombie |
a machine uses to launch a denial-of-service attack |
|
|
American Recovery and Reinvestment Act |
a wide-ranging act passed in 2009 that authorized $787 billion in spending and tax cuts over a 10-year period; Title XIII, Subtitle D of this act (known as the Health Information Technology for Economic and Clinical Health Act, or HITECH) included strong privacy provisions for electronic health records, including banning the sale of health information, promoting the use of audit trails and encryption, and providing rights of access for patients |
|
|
Bill of Rights |
after the Constitution went into effect in 1789, several amendments were proposed that would spell out additional rights of individuals; ten of these proposed amendments were ultimately ratified and became known as the Bill of Rights |
|
|
Children's Online Privacy Protection Act (COPPA) |
law that requires any Web site that caters to children to offer comprehensive privacy policies, notify parents or guardians about its data collection practices, and receive parental consent before collecting any personal information from children under 13 years of age |
|
|
cookie |
text file that can be downloaded to the hard drives of users who visit a Web site, so that the Web site is able to identify visitors on subsequent visits |
|
|
Communications Act of 1934 |
law that established the Federal Communications Commission and gave it responsibility for regulating all non-federal-government use of radio and television broadcasting and all interstate telecommunications as well as all international communications that originate or terminate in the United States; the act also restricted the government's ability to secretly intercept communications |
|
|
Communications Assistance for Law Enforcement Act (CALEA) |
law that required the telecommunications industry to build tools into its products that federal investigators could use -- after obtaining a court order -- to eavesdrop on conversations and intercept electronic communications |
|
|
Electronic Communications Privacy Act of (ECPA) |
a law focusing on three main issues: (1) the protection of communications while in transfer from sender to receiver; (2) the protection of communications held in electronic storage; and (3) the prohibition of devices from recording, dialing, routing, addressing, and signaling information without a search warrant. |
|
|
electronic discovery (e-discovery) |
the collection, preparation, review, and production of electronically stored information for use in criminal and civil actions and proceedings |
|
|
electronically stored information (ESI) |
any form of digital information, including emails, drawings, graphs, Web pages, photographs, word-processing files, sound recordings, and databases stored on any form of electronic storage device, including hard drives, CDs and flash drives |
|
|
European Data Protection Regulation |
law that enforces a single set of rules for data processing across the EU |
|
|
European Union Data Protection Directive |
law that requires any company doing business within the borders of the countries comprising the European Union to implement a set of privacy directives on the fair and appropriate use of information
|
|
|
fair and accurate credit transactions act |
an amendment passed in 2003 to the fair credit reporting act that allows consumers to request and obtain a free credit report once each year from each of the three primary consumer credit reporting companies (Equifax, Experian, and TransUnion) |
|
|
Fair Credit Reporting Act |
regulates the operations of credit-reporting bureaus, including how they collect, store, and use credit information |
|
|
Fair information practices |
a term for a set of guidelines that govern the collection and use of personal data |
|
|
Family Educational Rights and Privacy Act (FERPA) |
a federal law that assigns certain rights to parents regarding their children's educational records; these rights transfer to the student once the student reaches the age of 18 or if he or she attends a school beyond the high school level |
|
|
foreign intelligence |
information relating to the capabilities, intentions, or activities of foreign governments or agents of foreign governments or foreign organizations |
|
|
foreign intelligence surveillance act (FISA) |
law that describes procedures for the electronic surveillance and collection of foreign intelligence information in communications between foreign powers and the agents of foreign powers |
|
|
Foreign Intelligence Surveillance Act Amendments Act |
law granted the NSA expanded authority to collect, without court-approves warrants, international commubnications as they flow through U.S. telecom network equipment and facilities |
|
|
foreign intelligence surveillance act court |
meets in secret to hear applications for orders approving electronic surveillance anywhere within the United States |
|
|
Fourth Amendment |
the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized |
|
|
Freedom of Information Act (FOIA) |
grants citizens the right to access certain information and records to the federal, state, and local governments upon request |
|
|
Gramm-Leach-Bliley Act (GLBA) |
a bank deregulation law that enabled financial entities to merge; it also included key rules that affect personal privacy |
|
|
Health Insurance Portability and Accountability Act (HIPAA) |
law designed to improve the portability and continuity of health insurance coverage; to reduce fraud, waste, and abuse in health insurance and healthcare delivery; and to simplify the administration of health insurance |
|
|
information privacy |
the combination of communications privacy (the ability to communicate with others without those communications being monitored by other persons or organizations) and data privacy (the ability to limit access to one's personal data by other individuals and other organizations in order to exercise a substantial degree of control over that data and its use) |
|
|
national security letter (NSL) |
compels holders of personal records to turn them over to the government; an NSL is not subject to judicial review or oversight |
|
|
NSL gag provision |
a law which prohibits NSL recipients from informing anyone, even the person who is the subject of the NSL request, that the government has secretly requested his or her records |
|
|
opt in |
to give a financial institution the right to share personal data |
|
|
opt out |
to refuse to give financial institutions the right to collect and share personal data with unaffiliated parties |
|
|
pen register |
a device that records electronic impulses to identify the numbers dialed for outgoing calls |
|
|
privacy act |
prohibits U.S. government agencies from concealing the existence of any personal data record-keeping system |
|
|
Right of Privacy |
it is the right to be left alone, the most comprehensive of rights, and the right most valued by a free people |
|
|
right to financial privacy act |
an act that protects the records of financial institution customers from unauthorized scrutiny by the federal government |
|
|
stalking app |
cell phone spy software that can be loaded onto someone's cellphone or smartphone within minutes, making it possible for the user to perform location tracking, record calls, view every text message or picture sent or received, and record the URLs of any Web site visited on the phone |
|
|
Title III of the Omnibus Crime Control and Safe Streets Act |
law that regulates the interception of wire (telephone) and oral communications; it allows state and federal law enforcement officials to use wiretapping and electronic eavesdropping but only under strict limitations |
|
|
transborder data flow |
the flow of personal data across national boundaries |
|
|
trap and trace |
a device that records the originating number of incoming calls for a particular phone number |
|
|
USA PATRIOT Act |
law that gave new powers both to domestic law enforcement and U.S. international intelligence agencies, including increasing the ability of law enforcement agencies to search telephone, email, medical, financial, and other records; it also eased restrictions on foreign intelligence gathering in the United States |
|
|
vehicle event data recorder (EDR) |
a device that records vehicle and occupant data for a few seconds before, during, and after any vehicle crash that is severe enough to deploy the vehicle's airbags |
|
|
Wiretap Act |
regulates the interception of wire (telephone) and oral communications; it allows state and federal law enforcement officials to use wiretapping and electronic eavesdropping, but only under strict limitations |
|
|
Anonymous expression |
the expression of opinions by people who do not reveal their identity |
|
|
anonymous remailer service |
a service, which uses a computer program to strop the originating header and/or IP number from the message, and then forwards the message to its intended recipient |
|
|
Anti-SLAPP laws |
designed to reduce frivolous SLAPPs; most of it are designed to quickly identify if there are any merits to the lawsuit and to keep lawyer fees to a minimum |
|
|
Child Online Protection Act (COPA) |
states that "whoever knowingly and with knowledge of the character of the material, in interstate or foreign commerce by means of the World Wide Web, makes any communication for commercial purposes that is available to any minor and that includes any material that is harmful to minors shall be fined not more than $50,000, imprisoned not more than 6 months, or both" |
|
|
Children's Internet Protection Act (CIPA) |
an act passed in 2000, which requires federally financed schools and libraries to use some form of technological protection (such as an Internet filter) to block computer access to obscene material, pornography, and anything else considered harmful to minors. |
|
|
Communications Decency Act (CDA) |
title V of the telecommunications act of 1996, aimed at protecting children from pornography |
|
|
Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act |
specifies requirements that commercial emailers must follow when sending messages that have a primary purpose to advertise or promote a commercial product or service |
|
|
defamation |
an oral or a written statement of alleged fact that is false and that harms another person |
|
|
doxing |
it involves the examination of Internet records in an attempt to reveal the identity of an anonymous poster |
|
|
First Amendment |
an amendment that protects Americans' rights to freedom of religion and expression |
|
|
hate speech |
persistent or malicious harassment aimed at a specific person, which can be persecuted under the law |
|
|
Internet censorship |
the control or suppression of the publishing or accessing of information on the Internet |
|
|
Internet filter |
software that can be used to block certain Web sites that contain material deemed inappropriate or offensive |
|
|
John Doe lawsuit |
a lawsuit in which the identity of the defendant is temporarily unknown because he or she is communicating anonymously or using a pseudonym |
|
|
libel |
a written defamatory statement |
|
|
Section 230 of the CDA |
it provides immunity to an Internet service provider (ISP) that publishes user-generated content, as long as its actions do not rise to the level of a content provider |
|
|
sexting |
sending sexual messages, nude or semi-nude photos, or sexually explicit videos over a cell phone |
|
|
slander |
an oral defamatory statement |
|
|
Strategic lawsuit against public participation (SLAPP) |
it is a strategy employed by corporations, government officials, and others against citizens and community groups who oppose them on matters of public interest |
|
|
Telecommunications Act |
its primary purpose was to allow freer competition among phone, cable, and TV companies |
|
|
Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) |
an agreement of the World Trade Organization that requires member governments to ensure that intellectual property rights can be enforced under their laws and that penalties for infringement are tough enough to deter further violations |
|
|
Copyright |
grants the creators of original works the exclusive right to distribute, display, perform, or reproduce the work in copies, or to prepare derivative work |
|
|
Copyright Infringement |
violation of the rights secured by the owner of a copyright, which occurs when someone copies a substantial and material part of another's copyrighted work without permission |
|
|
cybersquatter |
person or company that registers domain names for famous trademarks or company names to which they have no connection, with the hope that the trademark's owner will buy the domain name for a large sum of money |
|
|
Digital Millennium Copyright Act (DMCA) |
an act that implements two WIPO treaties in the United States. It also makes it illegal to circumvent a technical protection or develop and provide tools that allow others to access a technologically protected work. It also limits the liability of online service providers for copyright infringement by their subscribers or customers |
|
|
Economic Espionage Act (EEA) of 1996 |
imposes penalties of up to $10 million and 15 years in prison for the theft of trade secrets |
|
|
fair use doctrine |
established factors for courts to consider whether a particular use of copyrighted material is fair and can be allowed without penalty |
|
|
Industrial espionage |
the gathering of information not available to the public through illegal means |
|
|
Intellectual Property |
a tern used to describe works of the mind, such as art, books, films, formulas, inventions, music, and processes, that are distinct and "owned" or created by a single person or group |
|
|
Leahy-Smith America Invents Act |
under this law, the US patent system changed from a "first-to-invent" to a "first-inventor-to-file" system effective March 16, 2013 |
|
|
noncompete agreement |
an agreement that prohibits an employee not to work for any competitors for a period of time, often one or two years |
|
|
nondisclosure clause |
a clause in an employment contract that states that an employee cannot take copies of computer programs or reveal the details of software owned by the firm, even when they leave |
|
|
open source code |
any program whose source code is made available for use or modification as users or other developers see fit |
|
|
patent |
a grant of a property right to inventors, issued by the US Patent and Trademark Office |
|
|
patent infringement |
violation of the rights secured by the owner of a patent, which occurs when someone makes unauthorized use of another's patent |
|
|
plagiarism |
stealing someone's ideas or words and passing them off as one's own |
|
|
prior art |
the existing body of knowledge that is available to a person of ordinary skill in the art |
|
|
Prioritizing Resources and Organization for Intellectual Property (PRO-IP) Act of 2008 |
it increased trademark and copyright enforcement and substantially increased penalties for infringement |
|
|
reverse engineering |
the process of taking something apart in order to understand it, build a copy of it, or improve it |
|
|
trademark |
anything that enables a consumer to differentiate one company's products from another's |
|
|
avatar |
a character in the form of a human, animal, or mythical creature through which a visitor to a virtual world represents himself or herself |
|
|
cyberbullying |
the harassment, torment, humiliation, or threatening of one minor by another minor or group of minors via the Internet or cell phone |
|
|
Cyberstalking |
threatening behavior or unwanted advances directed at an adult using the Internet or other forms of online and electronic communications; it is the adult version of cyberbullying |
|
|
Massively multiplayer online game (MMOG) |
a multiplayer video game capable of supporting hundreds and even thousands of concurrent players |
|
|
Massive multiplayer online role-playing games (MMORPG) |
a subcategory of MMOG that provides a huge online world in which players take on the role of a character and control that character's action. Characters can interact with one another to compete in online games and challenges that unfold according to the online world's rules and storyline |
|
|
online virtual world |
a shared multimedia, computer-generated environment in which users, represented by avatars, can act, communicate, create, retain ownership of what they create, and exchange assets, including currency, with each other |
|
|
social network advertising |
the use of social networks to communicate and promote the benefits of products and services |
|
|
social networking Web site |
a site whose purpose if to create an online community of Internet users that enables members to break down barriers of time, distance, and cultural differences |
|
|
social shopping Web site |
brings shoppers and sellers together in a social networking environment in which participants can share information and make recommendations while shopping online |
|
|
viral marketing |
an approach to advertising that encourages individuals to pass along a marketing message to others, thus creating the potential for exponential growth in the message's exposure and influence as one person tells two people, each of those two people tell two or three more people, and so on. |
