INFS1602 Lecture Notes - Lecture 11: Extraordinary Measures, Key Escrow, Intrusion Detection System

Information systems security is a trade-off between cost and risk. The target is the asset that is desired by the threat. Human errors and mistakes include accidental problems caused by both employees and non-employees. This category also includes poorly written application programs and poorly designed procedures. Computer crime includes employees and former employees who intentionally destroy data or other system components. It includes hackers who break into a system and virus and worm writers who infect computer systems. It also includes terrorists who break into a system and steal for financial gain. This includes fires, floods, hurricanes, earthquakes and other acts of nature. Problems include initial loss of capability and service, and losses stemming from actions to recover from them. Unauthorised data disclosure occurs when a threat obtains data that is supposed to be protected: human error: someone inadvertently releases data in violation of a policy; wikileaks. Computer crime: pretexting occurs when someone deceives by pretending to be someone else.