Professional Documents
Culture Documents
Protecting information
resources
Risks and threats
Risks
associated ▪ IT can be misused:
▫ Invade users’ privacy
with IT ▫ Commit computer crimes
▪ Mitigate risks:
▫ Regular updating of operating system
▫ Anti-virus, anti-spyware
▫ E-mail security measures
▫ Etc.
Computer
and ▪ Critical for most organisations
▫ Hackers => Types of hackers
network ▫ Sensitive information on computers
security
▪ Comprehensive security system => 3 levels Protects
information in 3 different states:
▸ Transmission
▸ Storage
▸ Processing
Computer
and ▪ Critical for most organisations
▫ Hackers => Types of hackers bl. 61
network ▫ Sensitive information on computers
security
▪ Comprehensive security system => 3 levels p.63
▫ Protects information in 3 different states:
▸ Transaction
▸ Storage
▸ Processing
Types of
Cookies
risks
▪ Small text files with unique ID tags embedded in Web
browser and stored on user's hard drive
▪ Provides information about a user's location and
computer equipment = violation of privacy
Useful and
harmless =
remembers
personal info
Types of
Spyware
risks
▪ Software which secretly gathers information about users
while they are on the web
Adware
▪ Form of spyware which collects information from the
user in order to display advertisements in the Web
browser without the user's permission
Types of
Phishing
risks
▪ Sends fraudulent e-mails that seem to come from
legitimate sources
▪ Refers the user to false website to obtain personal
information
Types of
Keystroke loggers
risks
▪ Hardware and software devices that monitor keyboard
commands and keep record
▪ Steals passwords and bank details
▪ "Trade secrets"
Spoofing
▪ Attempt to gain access to network by appearing to be
an authorized user in order to gain access to sensitive
information.
Types of
Computer crime and fraud
risks
▪ Unauthorized use of computer data for personal gain
of security
Confidentiality Availability
3 Aspects 1. Confidentiality
of security ▪ System must prevent disclosing information to
unauthorised users
2. Integrity
▪ Accuracy of information resources within organisation
3. Availability
▪ Authorised users has access when needed
▪ Computers and network in working order
▪ Quick recovery in event of system failure or disaster
Classification
of threats
Unintentional Intentional
2. Passwords
▫ Combination of numbers, characters and
symbols that is entered to allow access to a
system
Data communication
controls
Virtual
private ▪ Provides a secure tunnel through the
network internet for transmitting data via a private
network