ITM102 Chapter 8 – Securing Information System.docx

7 Pages
Unlock Document

Information Technology Management
ITM 102
Sam Lampropoulos

Chapter 8 – Securing Information System 8.1 System Vulnerability and Abuse Why Systems Are Vulnerable  When large amounts of data are stored in electronic form, they are vulnerable to many more kinds of threats  Security refers to the policies, procedures, and technical measures used to prevent unauthorized  Controls are methods, policies, and organizational procedures that ensure that safety of the organization’s assets, the accuracy and reliability of its records, and operational adherence to management standards  Possible to access data flowing over networks, steal valuable data during transmission, or alter messages without authorization  System malfunction if computer hardware breaks down, is into configured properly, or is damaged by improper use or criminal acts  Power failures, floods, fires can disrupt computer systems  Domestic or offshore partnering with another company adds to system vulnerability if valuable information resides on networks and computers outside the organization’s control Internet Vulnerabilities  Large public networks are more vulnerable than internal networks because they are virtually open to anyone.  When abuses do occur, they can have an enormously widespread impact  Telephone service based on Internet technology is more vulnerable than the switched voice network if it does not run over a secure private network  IM activity over the Internet can in some cases be used as a back door to an otherwise secure network Wireless Security Challenges  Both Bluetooth and Wi-Fi networks are susceptible to cracking by eavesdroppers  Hackers can use laptops, wireless cards, external antennae and hacking software to detect unprotected networks  The Interactive Sessions on Organizations describes how poor wireless security may have enabled criminals to break into the corporate systems of TJX companies and other major retailers.  The service set identifiers (SSIDS) indentifying the access point in a Wi-Fi network are broadcast multiple times and can be picked up fairly easily by intruders  War Driving which eavesdroppers drive by building or park outside and try to intercept wireless network traffic  An intruder who has associated with an access point by using the correct SSID is capable of accessing other resources on the network Malicious Software: Viruses, Worms, Trojan Horses and Spyware  Malware includes a variety of threats, such as computer viruses, worms and Trojan horses.  Computer virus is a rogue software program that attaches itself to other software programs or data files in order to be executed  Worms which are independent computer programs that copy themselves from one computer to other computer over a network  Worms and viruses spread over the Internet from files of downloaded software, from files attached to e-mail transmissions  More than 200 viruses and worms targeting mobile phones, such as CABIR, com warrior and Frontal A  Trojan horse is a software program that appears to benign but then does something other than expected  Spyware also acts as a malicious software  Small programs install themselves surreptitiously on computer to monitor user Web surfing activity and serve KeyPacket filtering  s record every keystroke made on a computer to steal serial numbers for software, to launch Internet attacks Hackers and Computer Crime  Hacker is an individual who intends to gain unauthorized access to a computer system o Cracker is typically used to denote a hacker with criminal intent although in the press hacker and cracker are used interchangeably  Cybervandalism the intentional disruption, defacement or even destruction of a Web site or corporate information system Spoofing and Sniffing  Spoofing involves redirecting a Web link to an address different from the intended one, with the site masquerading as the intended destination.  Sniffer is a type of eavesdropping program that monitors information traveling over a network.  Sniffers help identify potential network trouble spots or criminal activity when used legitimately  Enable hackers to steal proprietary information from anywhere on a network Denial-of-Service Attacks (pg. 247)  Denial-of-service attack hackers flood a network server or Web server with many thousands of false communications or requests for service to crash the network  Distributed denial-of-service attack uses numerous computer to inundate and overwhelm the network for numerous launch points  Hackers create botnets by infecting other people’s computers with boy malware that opens a back door through which an attracker can give instructions Computer Crime  Computer Crime is defined by the Investigative Bureau of the Ontario Provincial as “any criminal activity involving the copy of, use of, removal of, interference with, access to, manipulation of computer systems  Nearly 500 companies in the annual loss from computer crime and security attacks was $428,000 Identity Theft  A crime in which impostors obtains key pieces of personal information, such as social insurance numbers, driver’s licence numbers or credit card numbers  Pharming redirects users to a bogus Web page, even when the individual types the correct web page address into his or her browser  Criminal Law Amendment Act makes it illegal to access a computer system without authorization Click Fraud  Occurs when an individual or computer program fraudulently clicks on an online ad without any intention of learning more about the ad or making purchase  Some companies hire third parties to fraudulently click on a competitor’s ads to weaken them by driving up their marketing costs Global Threats: Cyberterrorism and Cyberwarfare  37% of the malware is identified in early 2008 originated the U.S.  27% came from China  9% from Russia  Vulnerabilities of the Internet or other networks make digital networks easy target for digital attacks by terrorists, foreign intelligence services or other groups seeking to create widespread disruption and harm Internal Threats: Employees  Malicious intruders seeking system access sometimes trick employees into revealing their pasawords by pretending to be legitimate members of the company in need of information – social engineer Software Vulnerability (pg. 251)  Bugs or program defects a
More Less

Related notes for ITM 102

Log In


Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.