chapter_12.docx

5 Pages
56 Views
Unlock Document

Department
Computer Science
Course
Computer Science 1032A/B
Professor
Diane Goldstein
Semester
Winter

Description
CHAPTER 12 Q1. What are the Sources and Types of Security Threats? - Three sources of security threats, a problem with security of info or data, are human error and mistakes, malicious human activity and natural events and disasters - Human errors and mistakes include accidental problems - Malicious human activity includes employees and former employees who intentionally destroy data and other system components. (includes hackers) - Malicious human activity also includes outside criminals who break into a system to steal for financial gains Unauthorized Data Disclosure - Unauthorized Data Disclosure can occur by human error when someone inadvertently release data in violation of policy - Pretexting occurs when someone deceives by pretending to be someone else - Phishing is a similar technique for obtaining unauthorized data that uses pretexting via email - Spoofing is another term for someone pretentding to be someone else - IP spoofing occurs when an intruder uses another site’s IP address - Email Spoofing is a synonym for phishing - Sniffing is a technique for intercepting computer communications - Drive by sniffers simply take computers with wireless connections through an area and search for unprotected wireless networks Incorrect Data Modification - Incorrect data modification can occur through human error when employees follow procedures incorrectly or when procedures have been incorrectly designed - Companies should ensure separation of duties and authorities and have multiple checks and balances in place -Another cause can be system errors caused by human error - Hacking occurs when a person gains unauthorized access to a computer system - Faulty recovery actions after a disaster can result in incorrect data changes Faulty Service - Faulty service includes problems that result because of incorrect system operation - Humans can inadvertently cause faulty service by making procedural mistakes - System developers can write programs incorrectly or make errors during installation - Usurpation occurs when unauthorized programs invade a computer system and replace legitimate programs Denial of Service - Human error in following procedures or a lack of procedures can result in denial of service (DOS), security problem in which users are not able to access an IS - Denial of service attacks can be launched maliciously Loss of Infrastructure - Loss of infrastructure can occur from construction, terrorist events, unsatisfied employee, natural disasters, etc Q2. WhatAre the Elements of a Security Program? - A security program has three components: senior management involvement, safeguards of various kinds and incident response - The first comoponent, senior management, has two critical security functions 1. Senior Management must establish the security policy 2. Manage risk by balancing the costs and benefits of the security program - Safeguards are protections against security threats - Involve hardware and software, some involve data, others involve procedures and people - Final component cosists of the organization’s planned resoponse to security incidents Q3. How Can Technical Safeguards Protect against Security Threats? - Technical Safeguards involve the hardware and software components of an IS Identification - Every IS today require users to sign on with a user name (identification) and the password (authentification). - The deficiencies, carelessness of passwords, can be reduced or eliminated using smart cards and biometric authentication Smart Cards - Smart Card is a plastic card similar to a credit card with a microchip - Users of smart cards are required to enter Personal Identification Number (PIN) to be authenticated BiometricAuthentication - Biometric Authentication uses personal physical characteristics to authenticate users Single Sign-On for Multiple Systems - IS often require multiple sources of authentication - Today’s OS have the capability to authenticate you to networks and other servers Encryption and Firewalls are very important technical safeguards Malware Protection - The term malware has several definitions. - Malware is viruses, worms, spywares and adware Spyware andAdware - Spyware programs are installed on user’s computer without the user’s knowledge or permission - Spywares observe the user’s actions and keystrokes, monitors computer activity and reports the user’s activities to sponsoring organizations - Adware is installed without user’s permission and resides in the background to observe user behavior - Most adware is benign in that it does not perform malicious acts or steal data. They watch user activity and produce pop-up ads - Adware can also change user’s default window or modify search results and switch the user’s search engine Malware Safeguards - It is possible to avoid most malware using following safeguards; 1. Install antivirus and antispyware program 2. 2. Set up your anti-malware programs to scan your computer frequently 3. Update malware definitions. Malware definitions, patterns that exist in malware code, should be downloaded frequently 4. Open email attachments only from known sources - With a properly configured firewall, email is the only outside initiated traffic that can reach user computers
More Less

Related notes for Computer Science 1032A/B

Log In


OR

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


OR

By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.


Submit