Securing Information Systems (Aileen Irmina P. 19/440371/EK/22297)
Security is policies, procedures, and technical measures used to prevent
unauthorized access, alteration, theft, or physical damage to information systems. Controls is methods, policies, and organizational procedures that ensure the safety of the organization’s assets, the accuracy and reliability of its records, and operational adherence to management standards. Systems may vulnerable because accessibility of networks, hardware problems, software problems, disasters, use of networks or outside of firm’s control, loss and theft of portable devices. Internet vulnerabilities is depend on how much the networks open to anyone. size of the internet means abuses can have wide impact. Vulnerability has also increased from widespread use of e-mail, instant messaging, and peer-to-peer (P2P) file-sharing program. Wireless security challenges is depends on how vigilant we are, because radio frequency bands is easy to scan. Wi-Fi transmission technology was designed to make it easy for stations to find and hear one another with SSIDs (the service set identifiers). It used to identify access points, broadcast multiple times, can be identified by sniffer programs, and war driving (eavesdroppers drive by buildings or park outside and try to intercept wireless networks traffic). Types of malware (malicious software): Computer virus: rogue software program that attaches itself to other software programs or data files to be executed, usually without user knowledge or permission. Worms: independent programs that copy themselves from one computer to other computers over a network Trojan horse: software program that appears to be benign but then does something other than expected. SQL injection attacks: hackers submit data to Web forms that exploits site’s unprotected software and sends rogue SQL query to database Spyware: small programs that install themselves surreptitious on computers to monitor user web-surfing activity and serve up advertising Keyloggers: record every keystroke made on a computer to steal serial numbers for software Hacker is an individual who intends to gain unauthorized access to computer system. Their activity include: system intrusion, system damage, cyber-vandalism (intentional disruption, defacement, destruction of Web site or corporate information). Spoofing is misrepresenting oneself by using fake e-mail addresses or masquerading as someone else. This may also involve redirecting a web link to an address different from the intended one. Sniffer is a type of eavesdropping program that monitors information traveling over a network. Denial-of-service (DoS) attack is when hackers flood a network server or web server with many thousands of false communications or requests for services to crash the network. Distributed denial-of-service (DDoS) attack uses numerous computers to inundate and overwhelm the network from numerous launch points. Botnet is place used to organize PCs infected with malicious software. Computer crime define as any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution. Computer may be the target of crime or may be the instrument of crime. Identity theft is a crime in which a imposter obtains key pieces of personal information (security numbers, driver’s licence numbers, or credit card numbers). Phishing is setting up fake Web sites or sending e-mail messages that look like legitimate businesses to ask users for confidential personal data. Evil twins is wireless networks that pretend to offer trustworthy Wi-Fi connections to the Internet. Pharming redirects users to a bogus web page, even when the individual types the correct web page address into his or her browser. Click fraud occurs when an individual or computer program fraudulently clicks an online ad without any intention of learning more about the advertiser or making a purchase. Cyberwarfare is state-sponsored activity designed to cripple and defeat another state or nation by penetrating its computers or networks to cause damage and disruption. Internal threats – employees is security threats from inside an organization because of sloppy security procedures and social engineering (tricking employees to reveal passwords, etc). software vulnerability is commercial software contains flaws that create security vulnerabilities. Legal and regulatory requirements for electronic records management: HIPAA, Gramm-Leach-Bliley Act, Sarbanes-Oxley Act. Electronics evidence and computer forensics is scientific collection, examination, authentication, preservation, and analysis of data from computer storage media for use as evidence in court law. Information systems controls are both manual-automated controls and general- application controls. Types of general controls: software, hardware, computer operations, data security, implementation, and administrative controls. Risk assessment determines level of risk to firm if specific activity or process is not properly controlled. Security policy ranks information risks, identifies acceptable security goals, and identifies mechanism for achieving these goals. Disaster recovery planning devises plans for restoration of disrupted services. Business continuity planning focuses on restoring business operations after disaster. Information systems audit examines the firm’s overall security environment as well as controls governing individual information systems. Identify management software automates keeping track of all users and privileges. Authentication refers to the ability to know that a person is who he or she claims to be. Smart card is a device about the size of a credit card that contains a chip formatted with access permission and other data. Biometric authentications uses systems that read and interpret individual human traits (fingerprints, irises, and voices) to grant or deny access. Two-factor authentication increases security by validating users through a multistep process. Firewall prevent unauthorized users from accessing private networks. Intrusion detection systems feature full-time monitoring tools placed at the most vulnerable point to detect and deter intruders continually. Wired Equivalent Privacy (WEP) security can provide some security for Wi-Fi. Encryption transforming text/data into cipher text that can’t be read by unintended recipients. Ensuring system availability by online transaction processing, fault-tolerant computer systems. Controlling network traffic using deep packet inspection (DPI). Security issues: security in the cloud, securing mobile platforms.
ChatGPT Money Machine 2024 - The Ultimate Chatbot Cheat Sheet to Go From Clueless Noob to Prompt Prodigy Fast! Complete AI Beginner’s Course to Catch the GPT Gold Rush Before It Leaves You Behind
ChatGPT Side Hustles 2024 - Unlock the Digital Goldmine and Get AI Working for You Fast with More Than 85 Side Hustle Ideas to Boost Passive Income, Create New Cash Flow, and Get Ahead of the Curve
ChatGPT Millionaire 2024 - Bot-Driven Side Hustles, Prompt Engineering Shortcut Secrets, and Automated Income Streams that Print Money While You Sleep. The Ultimate Beginner’s Guide for AI Business