INFS1602 Study Guide - Final Guide: Intrusion Detection System, Phishing, Computer Program
18 Jul 2018
School
Department
Course
Professor
Chapter X: Information Systems Security
Part 1: Information Systems Security
Threat: Person/Organization that seeks to obtain/alter data or other IS assets illegally,
without the owner’s permission and often without the owner’s knowledge.
Vulnerability: Opportunity for threats to gain access to individual/organizational assets.
Safeguard: Some measure that individuals/organizations take to block the threat from
obtaining the asset.
Target: Asset that is desired by the threat.
Sources of threats:
Human Error: Accidental problems caused by both employees and nonemployees.
Computer Crime: Former/Employees who intentionally destroy data or other system
components; hackers who break into a system and virus/worm writers who infect computer
systems; terrorist who break into a system to steal for financial gain.
Natural Disaster: Initial loss of capability and service; losses stemming from actions to recover
from the initial problem.
Types of security loss
Unauthorized data disclosure: When a threat obtains data that is supposed to be protected.
(e.g. Pretexting, Phishing, Spoofing, Sniffing)
Incorrect data modification: E.g. Incorrectly modifying salary
Faulty Service: Problems that result because of incorrect system operations; Usurpation
(criminals invade a computer system and replace legitimate programs with unauthorized)
Denial of Service: E.g. shut down web server
Loss of Infrastructure
Part 2: Personal Safeguards
• Intrusion Detection System: Computer program that senses when another computer
is attempting to scan or access a network.
• Brute Force Attack
Document Summary
Threat: person/organization that seeks to obtain/alter data or other is assets illegally, without the ow(cid:374)er"s per(cid:373)issio(cid:374) a(cid:374)d ofte(cid:374) without the ow(cid:374)er"s k(cid:374)owledge. Vulnerability: opportunity for threats to gain access to individual/organizational assets. Safeguard: some measure that individuals/organizations take to block the threat from obtaining the asset. Target: asset that is desired by the threat. Human error: accidental problems caused by both employees and nonemployees. Computer crime: former/employees who intentionally destroy data or other system components; hackers who break into a system and virus/worm writers who infect computer systems; terrorist who break into a system to steal for financial gain. Natural disaster: initial loss of capability and service; losses stemming from actions to recover from the initial problem. Unauthorized data disclosure: when a threat obtains data that is supposed to be protected. (e. g. pretexting, phishing, spoofing, sniffing) Faulty service: problems that result because of incorrect system operations; usurpation (criminals invade a computer system and replace legitimate programs with unauthorized)
