Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
HIT 63
CHAPTER 17
| Question | Answer |
|---|---|
| Safeguarding 维护 Information | refers to protecting electronic information from unwanted access, sometimes known as a breach 违反 |
| Confidentiality | is the act of limiting disclosure of private matters |
| Information privacy | The right of an individual to keep information about themselves from being disclosed to anyone. |
| Data Security | protecting data from unauthorized (accidental or intentional) modification, destruction (the act of destroying 销毁), or disclosure (exposure 披露). |
| Data integrity | means that data should be complete, accurate, consistent, and up-to-date. |
| Physical (Safeguard 保障) | definition: Measure taken to (1) prevent loss through use of locks, burglar proofing, guards, etc., and (2) prevent disaster through access control, alarms, fireproof vaults, fire-suppression (sprinkler) system, power backup, etc. |
| Administration Safeguards | are documented, formal practices to manage data security measures throughout the organization. policies and procedures should be written and formalized in a policy manual. |
| Access Control | means being able to identify which employees should have access to what data. |
| Administrative controls | include policies and procedures that address the management of computer resources. |
| Examples of administrative controls | one such policy might direct users to log-off the computer system when they are not using it. Another policy might prohibit employees from accessing the Internet for purposes that are not work-related |
| Application Controls | contained in the application software or computer programs, which include: password management, edit check, audit trail, and etc. Application controls are important because they are automatic checks that help preserve data confidentiality & integrity 诚信 |
| Audit trail | is a software program that tracks every single access to data in the computer system. It logs the name of the individual who accessed the data, the date and time, and the action (modifying, reading, or deleting data) |
| Business continuity plan (BCP) | is for handle an unexpected computer shutdown caused by an intentional or unintentional event or during a natural disaster. |
| Business continuity Plan (BCP) | also called contingency 应急 and disaster planning |
| Hacker 黑客 | a microcomputer user who attempts to gain unauthorized access to proprietary 专有computer systems. |
| Security breach | An act from outside an organization that bypasses or contravenes 违反 security policies, practices, or procedures. A similar internal act is called security violation. |
| contravene | to contravene the law |
| breach | the violation of the law. To break or act contrary 相反 to (a law, promise, etc.). 违反 |
| mitigate 减轻 | to make less severe: to mitigate a punishment. to lessen in force or intensity, as wrath, grief, harshness, or pain; moderate. |
| Edit checks | help to ensure data integrity by allowing only reasonable and predetermined values to be entered into the computer |
| Types of application controls | password management, edit checks, and audit trail |
| Security | Means to control access and protect information from accidental or intentional disclosure to unauthorized persons and from alteration, destruction, or loss. |
| 1 of 5 Security threats caused by people | Unintentional mistakes: Employees who 1 of 5, Threats from insiders who make unintentional mistakes: accidentally make a typographical error, inadvertently delete files on a computer disk, or unknowingly give out confidential information. |
| 2 of 5 Security threats caused by people | Threats from insiders who abuse their access privileges to information: Such threats could be employees who knowingly disclose information about a patient to individuals who do not have proper authorization. |
| 3 of 5 Security threats caused by people | Threats from intruders who attempt to access information or steal physical resources: Individuals may physically come onto th eorganizatin's progperty to access information or steal equipment such as laptop computers or printers. |
| 4 of 5 Security threats caused by people | Threats form insiders who access information or computer systems for spite or profit: Generally, such employees seek information for the purpose of committing fraud or theft. |
| 5 of 5 Security threats caused by people | Threats from vengeful employees or outsiders who mount attacks on the organization's information systems: Disgruntled employees might destroy computer hardware or software. delete or change data, or enter data incorrectly into the computer system. |
| Categories of people-oriented security threats | 1. innocent mistakes. 2. abuse privileges. 3. access or alter data for spite or profit. 4. steal or otherwise harm systems. 5. vengeful employees or outsiders who mount attacks. |
| Vengeful | inflicting or taking revenge 复仇: with vengeful blows. |
| disgruntled | grouchy 不高兴, testy, sullen 忧郁, grumpy 性情乖戾的, dissatisfied. 不满 |
| Data availability | means making sure the organization can depend on the information system to perform exactly as expected, without error, and to provide information when and where it is needed. |
| Technical Safeguards | consist of: Access controls, Audit controls, Data integrity 诚信, person or entity authentication, and Transmission security |
| encryption (to put (computer data) into a coded form ). To put (a message) into code | is a process that encodes textual material, converting it to scrambled data that must be decoded in order to be understood. The message is a jumble of unreadable characters and symbols as it is transmitted through the telecommunication network. 加密 |
| HIPAA's Security Rule | HIPAA's Security Rule divides its protections into three "safeguard" categories: physical (discussed here), administrative and technical. Each safeguard category includes various standards and implementation specifications. |
| Security incident | A security incident is an alert to the possibility that a breach of security may be taking, or may have taken, place. |
Created by:
Lilyn Ta
Popular Surgery sets