CIS Chapter 4

a) Intellectual property: intangible creative work that is embodied in physical form. b) Copyright: the legal protection afforded an expression of an idea, such as a song, video game, and some types of proprietary documents. c) Fair use doctrine: In certain situations, it is legal to use copyrighted material.

a) An acceptable use policy is a policy that a user must agree to follow in order to be provided access to a network or to the Internet. b) An e-mail privacy policy details the extent to which e-mail messages may be read by others. c) An Internet use policy contains general principles to guide the proper use of the Internet. d) An anti-spam policy simply states that e-mail users will not send unsolicited e-mails (or spam).

-None. The organization that owns the e-mail system can operate the system as openly or as privately as it wishes.

-It gives e-mail users fair warning that any information sent/received is subject to being read by others.

a) Employee absenteeism is on the rise, almost doubling in 2004 to 21%. The lesson here might be that more employees are missing work to take care of personal business. Perhaps losing a few minutes here or there—or even a couple of hours—is cheaper than losing entire days b) Studies indicate that electronic monitoring results in lower job satisfaction, in part because people begin to believe the quantity f their work is more important than the quality. c) Electronic monitoring also induces what psychologists call “psychological reactance”: the tendency to rebel against constraints. If you tell your employees they cannot shop, they cannot use corporate networks for personal business, and they cannot make personal phone calls, then their desire to do all these things will likely increase.

-to increase productivity and efficiency at the workplace

-Primarily it’s a people problem

-Social engineering is using one’s social skills to trick people into revealing access credentials or other information valuable to the attacker. Dumpster diving, or looking through people’s trash, is another way social engineering hackers obtain information

-Information security policies identify the rules required to maintain information security. -An information security plan details how an organization will implement the information security policies.

-38% of respondents indicated security incidents originated within the enterprise. Insiders are legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident. Most information security breaches result from people misusing an organization’s information either advertently or inadvertently.

-Authentication is a method for confirming users’ identities. Once a system determines the authentication of a user, it can then determine the access privileges (or authorization) for that user.

-Authorization is the process of giving someone permission to do or have something. In multiple-user computer systems, user access or authorization determines such things as file access, hours of access, and amount of allocated storage. Authentication and authorization techniques are broken down into three categories, and the most secure type involves a combination of all three: a) Something the user knows such as a user ID and password. b) Something the user has such as a smart card or token. c) Something that is part of the user such as a fingerprint or voice signature.

-Prevention and resistance technologies stop intruders from accessing intellectual capital.

-If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage. The most common type of defense within detection and response technologies is antivirus software.

a) Content filtering occurs when organizations use software that filters content to prevent the transmission of unauthorized information. b) Spam-filtering is solely the filtering of emails.