Professional Documents
Culture Documents
Threats to computerized information systems include hardware and software failure; user
errors; physical disasters such as fire or power failure; theft of data, services, and
equipment; unauthorized use of data; and telecommunications disruptions. On-line systems
and telecommunications are especially vulnerable because data and files can be
immediately and directly accessed through computer terminals or at points in the
telecommunications network.
Accessibility of networks
• Hardware problems (breakdowns, configuration errors, damage from improper use or crime)
Large public networks such as the Internet are more vulnerable than internal networks
because they are virtually open to anyone. The Internet is so huge that when abuses do
occur, they can have an enormously widespread impact. When the Internet becomes part of
the corporate network, the organization’s information systems are even more vulnerable to
actions from outsiders.
Computers that are constantly connected to the Internet by cable modems or Digital
Subscriber Line (DSL) are more open to penetration by outsiders because they use fixed
Internet addresses where they can be easily identified. (With dial-up service, a temporary
Internet address is assigned for each session.) A fixed Internet address creates a fixed
target for hackers.
Telephone service based on Internet technology (see Chapter 8) can be more
vulnerable than the switched voice network if it does not run over a secure private network.
Most Voice over IP (VoIP) traffic over the public Internet is not encrypted, so anyone linked
to a network can listen in on conversations. Hackers can intercept conversations to obtain
credit card and other confidential personal information or shut down voice service by
flooding servers supporting VoIP with bogus traffic.
Vulnerability has also increased from widespread use of e-mail and instant
messaging (IM). E-mail can contain attachments that serve as springboards for malicious
software or unauthorized access to internal corporate systems. Employees may use e-mail
messages to transmit valuable trade secrets, financial data, or confidential customer
information to unauthorized recipients. Popular instant messaging applications for
consumers do not use a secure layer for text messages, so they can be intercepted and
read by outsiders during transmission over the public Internet. IM activity over the Internet
can in some cases be used as a back door to an otherwise secure network. (IM systems
designed for corporations, such as IBM’s SameTime, include security features.
Wireless Security Challenges • Radio frequency bands easy to scan • S SI Ds (service set identifiers) –
Identify access points, broadcast multiple times, can be identified by sniffer programs • War driving –
Eavesdroppers drive by buildings and try to detect S SI D and gain access to network and resources –
Once access point is breached, intruder can gain access to networked drives and files • Rogue access
points.
Wireless networks using radio-based technology are even more vulnerable to penetration
because radio frequency bands are easy to scan. Although the range of Wireless Fidelity
(Wi- Fi) networks is only several hundred feet, it can be extended up to one-fourth of a mile
using external antennae. Local area networks (LANs) that use the 802.11b (Wi-Fi) standard
can be easily penetrated by outsiders armed with laptops, wireless cards, external
antennae, and freeware hacking software. Hackers use these tools to detect unprotected
networks, monitor network traffic, and in some cases, gain access to the Internet or to
corporate networks.
Wi-Fi transmission technology uses spread spectrum transmission in which a signal
is spread over a wide range of frequencies, and the particular version of spread spectrum
transmission used in the 802.11 standard was designed to make it easier for stations to find
and hear one another. The service set identifiers (SSID) identifying the access points in a
Wi-Fi network are broadcast multiple times and can be picked up fairly easily by intruders’
sniffer programs. Wireless networks in many locations do not have basic protections against
war driving, in which eavesdroppers drive by buildings or park outside and try to intercept
wireless network traffic.
Internal Threats: Employees • Security threats often originate inside an organization • Inside knowledge
• Sloppy security procedures – User lack of knowledge • Social engineering • Both end users and
information systems specialists are sources of risk
it is tend to think the security threats to a business originate outside the organization. In fact, the
largest financial threats to business institutions come from insiders. Some of the largest
disruptions to service, destruction of e-commerce sites, and diversion of customer credit data and
personal information have come from insiders—once trusted employees. Employees have access
to privileged information, and in the presence of sloppy internal security procedures, they are
often able to roam throughout an organization’s systems without leaving a trace.
Studies have found that users’ lack of knowledge is the single greatest cause of network
security breaches. Many employees forget their passwords to access computer systems or allow
other coworkers to use them, which compromises the system. Malicious intruders seeking system
access sometimes trick employees into revealing their passwords by pretending to be legitimate
members of the company in need of information. This practice is called social engineering.
Employees—both end users and information systems specialists—are also a major source
of errors introduced into an information system. Employees can introduce errors by entering
faulty data or by not following the proper instructions for processing data and using computer
equipment. Information systems specialists can also create software errors as they design and
develop new software or maintain existing programs.
Software Vulnerability
Software errors are also a threat to information systems and cause untold losses in
productivity. Hidden bugs or program code defects, unintentionally overlooked by
programmers working with thousands of line of programming code, can cause performance
issues and security vulnerabilities.
Software errors also pose a constant threat to information systems, causing untold losses in
productivity.
A major problem with software is the presence of hidden bugs, or program code
defects. Studies have shown that it is virtually impossible to eliminate all bugs from large
programs. The main source of bugs is the complexity of decision-making code. Important
programs within most corporations may contain tens of thousands or even millions of lines
of code, each with many alternative decision paths. Such complexity is difficult to document
and design—designers may document some reactions incorrectly or may fail to consider
some possibilities. Even after rigorous testing, developers do not know for sure that a piece
of software is dependable until the product proves itself after much operational use.
• Viruses
• Worms
• Mobile device malware
Trojan horse
Ransomware
Spyware
1. Ransomware
Ransomware is software that uses encryption to disable a target’s access to its data
until a ransom is paid. The victim organization is rendered partially or totally unable
to operate until it pays, but there is no guarantee that payment will result in the
necessary decryption key or that the decryption key provided will function properly.
2. Spyware
The use of spyware is not limited to the desktop browser: it can also operate in a
critical app or on a mobile phone.
3. Trojan
4. Worms
5. Virus
A virus is a piece of code that inserts itself into an application and executes when
the app is run. Once inside a network, a virus may be used to steal sensitive data,
launch DDoS attacks or conduct ransomware attacks.
6. Mobile Malware
Six reasons why information systems are so important for business today
include:
(1)Operational excellence
(2)New products, services, and business models
(3)Customer and supplier intimacy
(4)Improved decision making
(5)Competitive advantage
(6)Survival
Competitive advantage
When firms achieve one or more of these business objectives—operational excellence; new
products, services, and business models; customer/supplier intimacy; and improved decision
making—chances are they have already achieved a competitive advantage.
Survival
Business firms also invest in information systems and technologies because they are necessities
of doing business. Sometimes these “necessities” are driven by industry-level changes. For
instance, after Citibank introduced the first automated teller machines (ATMs) in the New York
region in 1977 to attract customers through higher service levels, its competitors rushed to
provide ATMs to their customers to keep up with Citibank. Today, virtually all banks in the
United States have regional ATMs and link to national and international ATM networks, such as
CIRRUS. Providing ATM services to retail banking customers is simply a requirement of being in
and surviving in the retail banking business.