Information Systems Security

Access Control: To ensure that that the user can only access the appropriate information resources. It determines which users can be authorized to read, modify, add, and/or delete information.
Authentication: Making sure a person is who they say they are. Three-factor identifications: Identifying someone: something they know, something they have, or something they are.
Availability: That information can be accessed and modified by anyone authorized to do so in an appropriate timeframe.
Backup: The procedure for making extra copies of data in case the original is lost or damaged.
Biometric Authentication: A type of system that relies on the unique biological characteristics of individuals to verify identity for secure access to electronic systems. For example, a fingerprint scan.
Confidentiality: Protecting information, to be able to restrict access to only those who are allowed to see it.
Encryption: The process of encoding data upon its transmission or storage so that only authorized individuals can read it.
FERPA: Family Educational Rights and Privacy Act. This act restricts who has access to student information.
Firewall: A software program or hardware device that is used to increase security on its network by blocking unwanted messages/data.
HIPPA: Health Insurance Portability and Accountability Act. Health care organizations are obligated to follow several regulations regarding people’s medical data, particularly patient privacy.
Integrity: The assurance that the information being accessed has not been altered and truly represents what is intended.
Integrity: The assurance that the information being accessed has not been altered and truly represents what is intended.
Intrusion Detection System (IDS): Works to provide the functionality to identify if the network is being attacked.
Multifactor Authentication:  A security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.
Physical Security:  The protection of the actual hardware and networking components that store and transmit information resources.
Universal Power Supply (UPS):   A device that provides battery backup to critical components of the system, allowing the system to stay online longer and/or allowing the IT Staff to shut them down using proper procedures to prevent the data loss that might occur from power failure.
VPN:   A virtual private network allows the user who is outside of a corporate network to take a detour around the firewall and access the internal network from the outside.

Ethical and Legal Implications of Information Systems

Acceptable Use Policies (AUP): An acceptable usage policy or fair use policy, is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict how the network, website, or system may be used and sets guidelines as to how it should be used.
Children’s Online Privacy Protection Act (COPPA): Regulates collecting information from children under the age of thirteen. Enforced by the Federal Trade Commission.
Code of Ethics or Professional Conduct: This is a document that outlines a set of acceptable behaviors for a professional or social group; generally, it is agreed to by all members of the group.
Copyright: The protection given to songs, computer programs, books, and other creative works. Any work that has an “author” can be copyrighted.
Creative Commons:  A nonprofit organization that provides legal tools for artists and authors. The tools offered to make it simple to license artistic or literary work for others to use or distribute in a manner consistent with the author’s intentions. Creative Commons copyrights allow for less restrictive rules than traditional copyright.
Digital Millennium Copyright Act (DMCA): extended copyright law to take into consideration digital technologies. Two of the best-known provisions from the DMCA are the anti-circumvention provision and the “safe harbor” provision.
Digital Rights Management (DRM):  A systematic approach to copyright protection for digital media. The purpose of DRM is to prevent unauthorized redistribution of digital media and restrict the ways consumers can copy content they’ve purchased.
Ethical System:  A set of moral principles” or “the principles of conduct governing an individual or a group.
Fair Use:  A limitation on copyright law that allows for the use of protected works without prior authorization in specific cases.
Family Educational Rights and Privacy Act (FERPA): Restricts access to student records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
Intellectual Property (IP): An idea, invention, or process that derives from the work of the mind or intellect is assigned to designated owners by law.
Non-Obvious Relationship Awareness (NORA): A process of collecting large quantities of a variety of information and then combining it to create profiles of individuals.
Patent: Set of exclusive rights granted by a sovereign state to an inventor or assignee for a limited time in exchange for detailed public disclosure of an invention.
Privacy: The ability to control information about oneself.