Professional Documents
Culture Documents
Information Systems
System Vulnerability and Abuse
• Security: Policies, procedures, and technical measures used to prevent
unauthorized access, alteration, theft, or physical damage to Information
Systems
• Controls: Methods, policies, and organizational procedures that ensure the
safety of the organization’s assets; the accuracy and reliability of its records;
and operational adherence to management standards
• The terms hacker and cracker are used interchangeably in the public press
• Hacker activities include system intrusion (theft of information), system
damage, and cyber vandalism (intentional disruption, defacement, or
destruction of a website or corporate information system)
Hackers and Computer Crime (cont.)
• Spoofing: Misrepresenting oneself by using fake e-mail addresses or
pretending to be someone else
• Sniffer: Spy program that monitors information travelling over a network
• Denial-of-Service (DoS) Attacks: Flooding a server with thousands of
false requests to crash the network
• Distributed Denial-of-Service (DDoS) Attacks: Use of numerous
computers to launch a DoS
• Botnet: Networks of “zombie” PCs infiltrated by bot malware
Hackers and Computer Crime (cont.)
• Computer Crime: Any violations of criminal law that involve a knowledge
of computer technology
• Patches
Vendors release small pieces of software to repair flaws
Release of patches requires the identification of bugs first
Framework for Security and Control
• Information Systems Controls
Information systems controls are both manual and automated and
consist of both general controls and application controls
General controls govern the design, security, and use of computer
programs and the security of data files in general throughout the
organization’s IT infrastructure. Can be classified as software controls,
hardware controls, computer operations controls, data security controls,
implementation controls, and administrative controls.
Application controls are specific controls unique to each computerized
application. Can be classified as input controls, processing controls, and
output controls
Framework for Security and Control
• Identity Management
Business processes and tools to identify valid users of system and control
access
Identifies and authorizes different categories of users
Specifies which portion of system users can access
Captures access rules for different levels of users