Question | Answer |
4 Primary Threats to IS Security | • Accidents and Natural Disasters
• Employees and Consultants
• Links to Outside Business Contacts
• Outsiders |
Information Systems Security | Precautions taken to keep all aspects of IS safe unauthorised use of access |
Information Modification | Someone changes the information in some way |
Unauthorised Access | People who are not given permission to see, modify or use data whether it be physical or digital data |
Viruses | Destructive code that corrupt and destroy data |
Worms | Like viruses, but tend to spread faster due to their replication nature |
Denial of Service | Attack when electronic intruders deliberately attempt to prevent legitmate users from accessing services. Zombie computers are usually used to implement this. |
Spyware | Software that secretly gathers information about a computer user without their knowledge. Adware is spyware that targets the user with banner advertisements |
Spam | Junk email, sometimes containing worms and viruses |
Spam Filters | Prevent Spam |
Phishing | Attempts to trick bank account holders into giving away personal information for illegitimate use |
CAPTCHA | A image displaying a code that a user has to input into an electronic form before submitting it |
Cookies | Message passed to web browsers on a user's computer by a web server. Generally necessary for many sites, but can be used as spyware or other forms of malware |
Risk analysis | Process in which you assess the value of the assets being protected over being compromised and the costs associated with it being compromised. |
3 Reactions for Risk Analysis | • Risk Reduction
• Risk Acceptance
• Risk Transference |
Authentication | Passwords, photo ID's etc |
Biometrics | Authentication using fingerprints, eye retinal patterns etc |
Access-control Software | Software that keeps data secure from use or access depending on the user's permissions |
Wireless LAN Control | Security control for Wireless networks |
Drive-by Hacking | An outside attacker hacks the network for illegitimate use without entering the business premises |
Firewalls | System designed to detect intrusion and prevent unauthorised access |
Virtual Private Network (VPN) | Secure tunnel network for transferring data that is constructed dynamically within an existing network. |
Encryption | Process of encoding messages which allows for authentication, privacy/confidentiality, integrity and non repudiation (ID of sender) |
5 Virus Prevention Measures | • Install Antivirus software
• Avoid using flashdrives from unknown sources
• Delete suspicious email
• Treat all email with caution
• Report suspicious activity immediately |
Audit-control Software | Keeps track of computer activity so auditors can spot it and take action |
Facilities | A place that is secure from human intervention as well as from the elements for IS |
3 Technological Safeguards | • Data Backups
• CCTV
• UPS (Uninterruptible power supply) |
3 Non-technical Safeguards | • Management of people's use of IS
• Trustworthy Employees
• Well-treated employees |
5 Step IS Security Plan | • Risk Analysis
• Policies and Procedures for security breach
• Implementation
• Training of personnel
• Auditing |
Hierarchy of IS controls (Figure 10.27) | • Policies and Procedures
• Management and Supervision
• Technology and Applications |
3 Types of IS controls | • Preventative
• Detective
• Corrective |
Sarbanes-Oxley Act | A reaction to large-scale accounting scandals primarily addressing the accounting sector that includes the use of IS controls in compliance reviews |