Professional Documents
Culture Documents
Anthony’s College
San Jose, Antique
ENGINEERING AND TECHNOLOGY DEPARTMENT
-An information security management system (ISMS) is a set of policies and procedures for
systematically managing an organization's sensitive data. The goal of an ISMS is to minimize
risk and ensure business continuity by proactively limiting the impact of a security breach. An
ISMS typically addresses employee behavior and processes as well as data and technology. It
can be targeted toward a particular type of data, such as customer data, or it can be implemented
in a comprehensive way that becomes part of the company's culture.
The goal of an ISMS isn't necessarily to maximize information security, but rather to
reach an organization's desired level of information security. Depending on the specific needs of
St. Anthony’s College
San Jose, Antique
ENGINEERING AND TECHNOLOGY DEPARTMENT
the industry, these levels of control may vary. For example, since healthcare is a highly regulated
field, a healthcare organization may develop a system to ensure sensitive patient data is fully
protected.
2. Give at least five (5) types of Cyber Security Threats and explain each.
1. Malware
-Malware (short for “malicious software”) is a file or code, typically delivered over a network,
that infects, explores, steals or conducts virtually any behavior an attacker wants. And because
malware comes in so many variants, there are numerous methods to infect computer systems.
Though varied in type and capabilities, malware usually has one of the following objectives:
Provide remote control for an attacker to use an infected machine.
Send spam from the infected machine to unsuspecting targets.
Investigate the infected user’s local network.
Steal sensitive data.
2. Ransomware
-Ransomware prevents or limits users from accessing their system via malware. Ransomware
asks you to pay a ransom using online payment methods to regain access to your system or data.
Online payment methods usually include virtual currencies such as bitcoins. Ransomware is one
of the most widely used methods of attacks Ransomware enters computer networks and encrypts
files using public-key encryption. Unlike other malware, this encryption key stays on the cyber
criminal’s server. Cyber criminals will request ransom for this private key. Cyber criminals are
using encryption as a weapon to hold the data hostage. Ransomware is hard to detect before it’s
too late, and ransomware techniques continue to evolve. Because of this, your institution should
focus on prevention efforts. Prevention efforts include training for employees and strong
information security controls.
Many businesses are vulnerable to a CATO attack. Institutions with weak computer safeguards
and minimal controls over online banking systems are easy targets. This form of cyber crime can
result in large losses. Cyber criminals use malware to infect a computer through e-mail, websites,
or malware disguised as software.