| Question | Answer |
| 4 Primary Threats to IS Security | • Accidents and Natural Disasters
• Employees and Consultants
• Links to Outside Business Contacts
• Outsiders |
| Information Systems Security | Precautions taken to keep all aspects of IS safe unauthorised use of access |
| Information Modification | Someone changes the information in some way |
| Unauthorised Access | People who are not given permission to see, modify or use data whether it be physical or digital data |
| Viruses | Destructive code that corrupt and destroy data |
| Worms | Like viruses, but tend to spread faster due to their replication nature |
| Denial of Service | Attack when electronic intruders deliberately attempt to prevent legitmate users from accessing services. Zombie computers are usually used to implement this. |
| Spyware | Software that secretly gathers information about a computer user without their knowledge. Adware is spyware that targets the user with banner advertisements |
| Spam | Junk email, sometimes containing worms and viruses |
| Spam Filters | Prevent Spam |
| Phishing | Attempts to trick bank account holders into giving away personal information for illegitimate use |
| CAPTCHA | A image displaying a code that a user has to input into an electronic form before submitting it |
| Cookies | Message passed to web browsers on a user's computer by a web server. Generally necessary for many sites, but can be used as spyware or other forms of malware |
| Risk analysis | Process in which you assess the value of the assets being protected over being compromised and the costs associated with it being compromised. |
| 3 Reactions for Risk Analysis | • Risk Reduction
• Risk Acceptance
• Risk Transference |
| Authentication | Passwords, photo ID's etc |
| Biometrics | Authentication using fingerprints, eye retinal patterns etc |
| Access-control Software | Software that keeps data secure from use or access depending on the user's permissions |
| Wireless LAN Control | Security control for Wireless networks |
| Drive-by Hacking | An outside attacker hacks the network for illegitimate use without entering the business premises |
| Firewalls | System designed to detect intrusion and prevent unauthorised access |
| Virtual Private Network (VPN) | Secure tunnel network for transferring data that is constructed dynamically within an existing network. |
| Encryption | Process of encoding messages which allows for authentication, privacy/confidentiality, integrity and non repudiation (ID of sender) |
| 5 Virus Prevention Measures | • Install Antivirus software
• Avoid using flashdrives from unknown sources
• Delete suspicious email
• Treat all email with caution
• Report suspicious activity immediately |
| Audit-control Software | Keeps track of computer activity so auditors can spot it and take action |
| Facilities | A place that is secure from human intervention as well as from the elements for IS |
| 3 Technological Safeguards | • Data Backups
• CCTV
• UPS (Uninterruptible power supply) |
| 3 Non-technical Safeguards | • Management of people's use of IS
• Trustworthy Employees
• Well-treated employees |
| 5 Step IS Security Plan | • Risk Analysis
• Policies and Procedures for security breach
• Implementation
• Training of personnel
• Auditing |
| Hierarchy of IS controls (Figure 10.27) | • Policies and Procedures
• Management and Supervision
• Technology and Applications |
| 3 Types of IS controls | • Preventative
• Detective
• Corrective |
| Sarbanes-Oxley Act | A reaction to large-scale accounting scandals primarily addressing the accounting sector that includes the use of IS controls in compliance reviews |
