Scribd Logo
Upload

Welcome to Scribd!

  • System Information and Technology Weekly Assignment: Chapter 8 Summary Securing Information Systems (Aileen Irmina P. 19/440371/EK/22297)

    Uploaded by

    Aileen Irmina Putri
    19 views3 pages

    Original Title

    SIT chapter 8

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    19 views3 pages

    System Information and Technology Weekly Assignment: Chapter 8 Summary Securing Information Systems (Aileen Irmina P. 19/440371/EK/22297)

    Uploaded by

    Aileen Irmina Putri

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    System Information and Technology

    Weekly Assignment: Chapter 8 Summary


    Securing Information Systems
    (Aileen Irmina P. 19/440371/EK/22297)

    Security is policies, procedures, and technical measures used to prevent


    unauthorized access, alteration, theft, or physical damage to information systems. Controls
    is methods, policies, and organizational procedures that ensure the safety of the
    organization’s assets, the accuracy and reliability of its records, and operational adherence
    to management standards. Systems may vulnerable because accessibility of networks,
    hardware problems, software problems, disasters, use of networks or outside of firm’s
    control, loss and theft of portable devices.
    Internet vulnerabilities is depend on how much the networks open to anyone. size of
    the internet means abuses can have wide impact. Vulnerability has also increased from
    widespread use of e-mail, instant messaging, and peer-to-peer (P2P) file-sharing program.
    Wireless security challenges is depends on how vigilant we are, because radio
    frequency bands is easy to scan. Wi-Fi transmission technology was designed to make it
    easy for stations to find and hear one another with SSIDs (the service set identifiers). It used
    to identify access points, broadcast multiple times, can be identified by sniffer programs,
    and war driving (eavesdroppers drive by buildings or park outside and try to intercept
    wireless networks traffic).
    Types of malware (malicious software):
     Computer virus: rogue software program that attaches itself to other
    software programs or data files to be executed, usually without user
    knowledge or permission.
     Worms: independent programs that copy themselves from one computer to
    other computers over a network
     Trojan horse: software program that appears to be benign but then does
    something other than expected.
     SQL injection attacks: hackers submit data to Web forms that exploits site’s
    unprotected software and sends rogue SQL query to database
     Spyware: small programs that install themselves surreptitious on computers
    to monitor user web-surfing activity and serve up advertising
     Keyloggers: record every keystroke made on a computer to steal serial
    numbers for software
    Hacker is an individual who intends to gain unauthorized access to computer system.
    Their activity include: system intrusion, system damage, cyber-vandalism (intentional
    disruption, defacement, destruction of Web site or corporate information).
    Spoofing is misrepresenting oneself by using fake e-mail addresses or masquerading
    as someone else. This may also involve redirecting a web link to an address different from
    the intended one. Sniffer is a type of eavesdropping program that monitors information
    traveling over a network.
    Denial-of-service (DoS) attack is when hackers flood a network server or web server
    with many thousands of false communications or requests for services to crash the network.
    Distributed denial-of-service (DDoS) attack uses numerous computers to inundate and
    overwhelm the network from numerous launch points. Botnet is place used to organize PCs
    infected with malicious software.
    Computer crime define as any violations of criminal law that involve a knowledge of
    computer technology for their perpetration, investigation, or prosecution. Computer may be
    the target of crime or may be the instrument of crime.
    Identity theft is a crime in which a imposter obtains key pieces of personal
    information (security numbers, driver’s licence numbers, or credit card numbers). Phishing
    is setting up fake Web sites or sending e-mail messages that look like legitimate businesses
    to ask users for confidential personal data. Evil twins is wireless networks that pretend to
    offer trustworthy Wi-Fi connections to the Internet. Pharming redirects users to a bogus
    web page, even when the individual types the correct web page address into his or her
    browser.
    Click fraud occurs when an individual or computer program fraudulently clicks an
    online ad without any intention of learning more about the advertiser or making a purchase.
    Cyberwarfare is state-sponsored activity designed to cripple and defeat another state or
    nation by penetrating its computers or networks to cause damage and disruption.
    Internal threats – employees is security threats from inside an organization because
    of sloppy security procedures and social engineering (tricking employees to reveal
    passwords, etc). software vulnerability is commercial software contains flaws that create
    security vulnerabilities.
    Legal and regulatory requirements for electronic records management: HIPAA,
    Gramm-Leach-Bliley Act, Sarbanes-Oxley Act. Electronics evidence and computer forensics is
    scientific collection, examination, authentication, preservation, and analysis of data from
    computer storage media for use as evidence in court law.
    Information systems controls are both manual-automated controls and general-
    application controls. Types of general controls: software, hardware, computer operations,
    data security, implementation, and administrative controls. Risk assessment determines
    level of risk to firm if specific activity or process is not properly controlled. Security policy
    ranks information risks, identifies acceptable security goals, and identifies mechanism for
    achieving these goals. Disaster recovery planning devises plans for restoration of disrupted
    services. Business continuity planning focuses on restoring business operations after
    disaster. Information systems audit examines the firm’s overall security environment as well
    as controls governing individual information systems.
    Identify management software automates keeping track of all users and privileges.
    Authentication refers to the ability to know that a person is who he or she claims to be.
    Smart card is a device about the size of a credit card that contains a chip formatted with
    access permission and other data. Biometric authentications uses systems that read and
    interpret individual human traits (fingerprints, irises, and voices) to grant or deny access.
    Two-factor authentication increases security by validating users through a multistep
    process.
    Firewall prevent unauthorized users from accessing private networks. Intrusion
    detection systems feature full-time monitoring tools placed at the most vulnerable point to
    detect and deter intruders continually.
    Wired Equivalent Privacy (WEP) security can provide some security for Wi-Fi.
    Encryption transforming text/data into cipher text that can’t be read by unintended
    recipients. Ensuring system availability by online transaction processing, fault-tolerant
    computer systems. Controlling network traffic using deep packet inspection (DPI). Security
    issues: security in the cloud, securing mobile platforms.

    You might also like