1.

Social engineering refers to the tricks and techniques perpetrators use to make people comply
with their wishes resulting in gaining the information needed to gain access to systems and obtain
sensitive data and information from people. There are many different methods and techniques of
social engineering some of which are skimming, which occurs when credit cards are double
swiped or are swiped in a card reader, thus enabling the predator to save the card’s information
and use it later on for personal and economical gain, retail outlet cashiers are usually caught
using this scheme as they have non-fishy access to the customer credit cards. Another social
engineering technique is dumpster diving which refers to the search for documents and important
records in places like the trash cans and city dumps to gain access to confidential information.
Usually competitors use this technique to be able to gain competitive advantage over and
confidential information of other competitors. Identity theft is a more common technique referring
to when the perpetrators pretend they are someone else, usually for economic gain by illegally
using confidential information, they gained such as the victim’s credit card number or bank
accounts. Posing is another technique, when posing, predators create a seemingly legit business,
in which they are able to collect customer’s confidential information when making the sale, then
never delivering the “ordered” products, this way they get all the required customer confidential
information easily. Another social engineering technique is carding. Carding is the process of
buying and selling stolen credit card numbers, but before selling them, they make small online
purchases to ensure the card is still valid and running . There are many underground “carding”
sites in which the stolen card numbers are traded. URL hijacking is also a different type of social
engineering method and occurs when similarly named websites are set up to redirect users
making typing errors when typing a website’s name to an alternative cyber-squatter site, these
sites usually spread malware and viruses.

3.AIS threats to organizations are continuously increasing for, depending on company size, the
information is widely spread and available to employees through many systems and networks,
making it hard to fully control and monitor as both employees and systems can be a threat. There
are 4 different types of threats to an organization's AIS; the threats faced from natural and
political disasters that may occur, such as floods, tsunamis and terrorist attacks. When occured,
natural disasters have a huge negative impact on the cities as it destroys buildings along with the
AI system within them. Another threat is faced from possible software errors and equipment
malfunctions. Malfunctions such as software errors and bugs may occur, sometimes operating
systems can crash too. A bug in the tax system could cause the government huge losses as it
makes them unable to collect tax. The third threat to AIS is the ununtentional acts that are caused
by human error. Employees might loose, destroy and or misplace data, they can also accidentally
arase files and programmes, the threat can also occur if the systems the organiztaion use are not
equipped to meet the organiatons needs and cannot handle the intended tasks. The UPS are
known to have mail get lost, and some mails contain sensitive, confidential information that could
harm the organiation if leaked. The last form of threat are the intentional acts including fraud,
computer crimes and sabotage and deliberatly causing harm to a system, like those committed by
cyber thieves and hackers.

INternal controls are the procedures implemented to provide reasonable assurance that control
objectives are being met, they try to ensure that assets are safe and accurately reported, that all
the information used in reports are accurate and reliable and that when prepared, the reports are
in-line with established criterias thus improving operational effecicnency. They also encourgae
following already set manegerial policies and regualtions. Internal controls have three functions;
the preventative funsctions, which deters problems before their occurrence and is achieved when
hiring professional qualified employees, and controlling physical access to the organization's
assets and information. The detective controls, because it is difficult to prevent the occurrence of
all problems, this function helps detect those un-prevented problems once occurred, by ensuring
all calculations are re-checked and reports and trial balances are reconciled and the last function
is the corrective controls, which identifies and corrects problems, it also recovers the errors
caused by the originally occurred errors through maintaining extra backup copies of files , and
re-submitting transactions for processing when data and entry errors are corrected.

2.Flowchart is a graphical description of a system, and is an analytical technique that clearly and
logically illustrates aspects of an IS using a standard group of symbols, it records how
orgnazitaion processes are preformed and how the datas and documents flow through the
organization. When flow charting, there are four standard catogories of symbols used; the input
and output symbols which show the input/output from and to a system, the processing symbols
that illustrate the data processing which can occur both manually and electronically, the flow and
miscellaneous symbols which indicate the flow of data, where the flowcharts begin and end,
where all the decisions are made, and how to add explanatory notes to already existing
flowcharts. The last group of symbols are the storage symbols which show where the data is
stored.

There are also four different types of flowcharts, the document flow charts which show the flow of
documents and information between departments with the organization, this kind of flowchart
traces a document from beginning to end, showing it purpose, disrtribution and deposition.
Internal controls flowchrt are controls used to describe, analyze and evaluate the organization’s
internal controls, they are used to identify a system’s strengths, weaknesses and inefficiencies.
System flowcharts is another type of flowchart that shows the relationship among the input,
processing and output in an IS and is used to describe data flows and procedures within an
AIS.the last type of flowchart is the prigramme flowchrt which illustrates the sequence of logical
operations a computer performs when executing a programme