Study Guides (400,000)
CA (160,000)
SFU (5,000)
BUS (800)
BUS 237 (80)
Final

BUS 237 Study Guide - Final Guide: Email Spoofing, Online Analytical Processing, Key Escrow


Department
Business Administration
Course Code
BUS 237
Professor
Zorana Svedic
Study Guide
Final

This preview shows page 1. to view the full 5 pages of the document.
Chapter 12 Questions
What is PIPEDA? And what is the most critical element?
Personal information protection and electronic document act – to balance individuals right to the
privacy of his or her personal info which org need to collect for business purposes.
Most critical element is the fact that people have the right to know what type of info is being used and
how and also the person responsible for securing that info.
What are the 3 sources of security threats that organizations face?
Human error and mistakes — malicious human activity — natural disasters
Name the 5 types of security problems
1. Unauthorized date disclosure
2. Incorrect Data Modification
3. Faulty Service
4. Denial of Service
5. Loss of infastructure
Using pretexting via Email to obtain unauthorized data is called?
Phishing
What are malicious techniques used to obtain unauthorized data?
1. Pretexting – via phone
2. Phishing –via email
3. Spoofing  Id spoofing[ using another IP address], email spoofing
4. Sniffing  drive by sniffers [intercept computer communication]
5. Spyware and adware [unauthorized observing]
What are some examples of DOS – Denial of Service?
An online analytical processing application using so much of the DMBS that order transactions cannot
get through – also computer worms infiltrating the network with so much traffic that legitimate traffic
cant get through
What causes loss of infrastructure? (4 things)
Human accidents, theft, terrorist and natural disasters
What are the 3 elements of a security program and what do they do?
find more resources at oneclass.com
find more resources at oneclass.com
You're Reading a Preview

Unlock to view full version

Only page 1 are available for preview. Some parts have been intentionally blurred.

Senior management involvement – establishes security policy and manages risk
Safeguards - protection against security threats
incident response – org planned response to security incidents
What is Key escrow
A safety procedure where a trusted party has a copy of the encryption key use to encrypt data incase
organization loses or accidently destroys the key.
Explain what is used as a human safeguard for non-employees and what does it do?
Hardening – means to take extraordinary measures appropriate to the sensitivity of the
data and the information systems resources involved. Use special operating system hat
locks down or eliminates features that are not required by the application
List all the Human Safeguards in point form and explain them
Position definitions
definition of task and
responsibilities and restrictions
Hiring and screening
extensive intervies, references
and background checks
Dissemination and
Enforcement
Responsibility, accountability
and compliance
Termination
security policies and
procedures when terminating
Safeguards for Non-
employees
Hardening
Account Administration
of user accounts, passwords
and help desk procedures
Security monitoring
Activity logs analyses,
security testing, and
investigating/learning from
incidents
Name the 5 ways companies can prepare for a disaster?
1. Locate all infrastructure in safe location
2. Identify mission-critical systems
3. Identify resources need for those systems to run
4. Prepare remote backup files
5. Train and rehearse
What are the 4 Data Safeguards?
find more resources at oneclass.com
find more resources at oneclass.com
You're Reading a Preview

Unlock to view full version