click below
click below
Normal Size Small Size show me how
ISPP Chapter 10
Information Systems Security and Controls
Question | Answer |
---|---|
4 Primary Threats to IS Security | • Accidents and Natural Disasters • Employees and Consultants • Links to Outside Business Contacts • Outsiders |
Information Systems Security | Precautions taken to keep all aspects of IS safe unauthorised use of access |
Information Modification | Someone changes the information in some way |
Unauthorised Access | People who are not given permission to see, modify or use data whether it be physical or digital data |
Viruses | Destructive code that corrupt and destroy data |
Worms | Like viruses, but tend to spread faster due to their replication nature |
Denial of Service | Attack when electronic intruders deliberately attempt to prevent legitmate users from accessing services. Zombie computers are usually used to implement this. |
Spyware | Software that secretly gathers information about a computer user without their knowledge. Adware is spyware that targets the user with banner advertisements |
Spam | Junk email, sometimes containing worms and viruses |
Spam Filters | Prevent Spam |
Phishing | Attempts to trick bank account holders into giving away personal information for illegitimate use |
CAPTCHA | A image displaying a code that a user has to input into an electronic form before submitting it |
Cookies | Message passed to web browsers on a user's computer by a web server. Generally necessary for many sites, but can be used as spyware or other forms of malware |
Risk analysis | Process in which you assess the value of the assets being protected over being compromised and the costs associated with it being compromised. |
3 Reactions for Risk Analysis | • Risk Reduction • Risk Acceptance • Risk Transference |
Authentication | Passwords, photo ID's etc |
Biometrics | Authentication using fingerprints, eye retinal patterns etc |
Access-control Software | Software that keeps data secure from use or access depending on the user's permissions |
Wireless LAN Control | Security control for Wireless networks |
Drive-by Hacking | An outside attacker hacks the network for illegitimate use without entering the business premises |
Firewalls | System designed to detect intrusion and prevent unauthorised access |
Virtual Private Network (VPN) | Secure tunnel network for transferring data that is constructed dynamically within an existing network. |
Encryption | Process of encoding messages which allows for authentication, privacy/confidentiality, integrity and non repudiation (ID of sender) |
5 Virus Prevention Measures | • Install Antivirus software • Avoid using flashdrives from unknown sources • Delete suspicious email • Treat all email with caution • Report suspicious activity immediately |
Audit-control Software | Keeps track of computer activity so auditors can spot it and take action |
Facilities | A place that is secure from human intervention as well as from the elements for IS |
3 Technological Safeguards | • Data Backups • CCTV • UPS (Uninterruptible power supply) |
3 Non-technical Safeguards | • Management of people's use of IS • Trustworthy Employees • Well-treated employees |
5 Step IS Security Plan | • Risk Analysis • Policies and Procedures for security breach • Implementation • Training of personnel • Auditing |
Hierarchy of IS controls (Figure 10.27) | • Policies and Procedures • Management and Supervision • Technology and Applications |
3 Types of IS controls | • Preventative • Detective • Corrective |
Sarbanes-Oxley Act | A reaction to large-scale accounting scandals primarily addressing the accounting sector that includes the use of IS controls in compliance reviews |