ch 10: Information Systems Security Flashcards
(39 cards)
what is the goal of information systems security
-it is really about trade offs btw security and freedom
(ex loss of freedom of choosing your own password in echnage for increased security as you are forced to create a stronger pw making it diffucult for hackers to crack)
also a trade off of what
cost and risk
what is a threat
a person/org that seeks to obtain or alter data or other info systems assets illegally without having the owners persmission and often without the owners knowledge
a vulnerability is
an opportunity for threats to gain access to individual/org assets
whats a safeguard
some measure that individuals/org take to block the threat from obtaining the asset
what is the target
the asset that is desired by the threat
what are the types of threats
-human error, computer crime, natural disasters
what are the types of losss
-unauthroized data disclosure
-incorrect data modification
-faulty service
-denial of service
-loss of infrastructure
unauthorized data disclosure
-social engineering
-pretexting
-phishing
-spoofing
- ip/email spoofing
-sniffing
-packet sniffer/analyzer
-natural disasters
-hacking
sniffing/packet sniffers
a technique for intercepting computer communications. with wired networks, sniffing requires a physical connection to the network. with wireless networks, no connection is required and wardrivers are used
war drivers
take computers with wireless connections through an area and search for unprotected wireless networks
hacking
activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks
incorrect data modification
-procedures incorreclt designed or not followed
-ex increasing customers discount or incorrectly modiying employees salary
-placing incorrect data on company web site
incorrect data modification cause
-improper internal controls systems
-system errors
-faulty recovery actions after a diseaster
faulty service
include problems that result bc of incorrect system operation
-incorrect DM
-procedural mistakes
-programming errors
-it installation errors
-usurpation
what is usurpation
when computer criminals invade a comp system and replace legitmate probles with their own, unauthorized ones that shut down legitimate applications and
substitute their own processing to spy, steal and manipulate data, or
achieve other purposes.
denial of service (DoS)
human error or lack of procedures
-humans inadvertently shut down a web server or corporate gateway router by starting a computationaly intensive application
dos attacks
-malicious hacker intentionally floods a web server with millions of bogus service requests
-computer worms create artifical traffic so legitimate traffic cannot get thru
loss of infrastructure
-human accidents
-theof/terrorist events
-disgruntled/terminated employee
-natural disasters
-advanced persistent threat (APT)
protective actions
-use antiservice software
-delete browser cookies
-make appropriate trade off to protect you and ur bsuiness
current highest computer crime
malicious code
how should you respond to security threats (5)
-create strong pw
-use multiple pw
-take security seriously
-send no valuable data via email or im
-use https at trusted, reputable vendors
how should organizations respond to security threats
senior management create company wide policies
-what sensitive data will be stored
-how will data be processed
-how will data be shared with other organizations
-how can employees and others request changes to inaccurate data
teachincal safegaurds on
-hardware and software
-firewalls
-identification and authorization
-malware
data safegaurds on data
-passwords
-encryption
-backup and recovery
