BTE 210 Study Guide - Midterm Guide: Financial Services, Database, Wimax
7 May 2018
School
Department
Course
Professor
BTE EXAM TWO STUDY GUIDE
CHAPTER 4 INFORMATION SECURITY
• Cyberlockers: third party file-sharing services that provide password-
protected hard drive space online (ex: DropBox)
o Sells both advertisements and premium subscriptions
o Upload files to lokes
o Problem: upload copyrighted content and make money
o Megaupload
▪ Largest Cyberlocker
▪ Charged in 2012 with online piracy
▪ Kim Dotcom (founder) arrested, lost hundreds of millions
• Digital Millennium Copyright Act (DMCA): addresses the balance between
the rights of copyright holders and Internet service providers (ISPs)
o Poides I“Ps ith safe hao fo liailit as log as the poide
▪ Does’t ko fo etai hih if a of its soed ateials ae
copyright-infringing
▪ epeditiousl eoes ifigig aterial following a
takedown notice
o lea up ga aeas of iteet la
o has created new problems
o did not explain how to store data in a manner that is private and
policed
o limits copyright holders
o does not prevent each file that is removed from being restored later
by another user
• Stop Online Piracy Act (SOPA): started to fix the problems DMCA caused
o Most controversial provision would have permitted the Justice
Department to ask a federal judge to order ISPs to block their users
from reaching foreign copyright-infringing Web sites
▪ Require search engines to stop presenting sites that a court
had declared to be dedicated to infringement
▪ Prohibit payment processors to conduct business with these
sites
▪ People hated this, bill died in Congress in 2012
• Information security especially important to small businesses
find more resources at oneclass.com
find more resources at oneclass.com
• Large businesses have greater resources to help them survive
• Customer churn: customer turnover (increase CT decreases customer trust)
INTRODUCTION TO INFORMATION SECURITY
• Security: the degree of protection against criminal activity, danger, damage,
and/or loss
• Information Security: all of the processes and policies designed to
potet a ogaizatio’s ifoatio ad ifoatio sstes fo
unauthorized access, use, disclosure, etc.
• Threat: any danger to which a system may be exposed
• Exposure of an information resource: the harm, loss, or damage that can
result if a threat compromises that resource
• Vulnerability: the possibility that the system will be harmed by a threat
• 5 key factors are contributing to the increasing vulnerability of
organizational information resources
1. Toda’s iteoeted, itedepedet, ielessl etoked usiess
environment
a. Trusted network: any network within your organization
b. Untrusted network: any network external to your organization
c. Wireless tech has advanced this
2. Smaller, faster, cheaper computers and storage devices
a. Easier to lose or steal sensitive information
b. More can afford powerful computers
3. Decreasing skills necessary to be a hacker
a. Internet contains info called scripts that users with few skills can
download
4. International organized crime taking over cybercrime
a. Cybercrime: illegal activities conducted over computer networks
5. Lack of management support
a. Lower-level managers important because in close contact with
employees every day and can make sure they ae following
security procedures
UNINTENTIONAL THREATS TO INFORMATION SYSTEMS
• The two major categories are unintentional threats and deliberate threats
• Unintentional threats: acts performed without malicious intent
o Human error
find more resources at oneclass.com
find more resources at oneclass.com
▪ the higher the level of the employee, the greater the threat
they pose to information security because they have greater
access and privileges
▪ employees in HR and information systems of the organization
also pose significant threats
• HR eploees hae aess to eploees’ pesoal
information
• IS employees control the means to create, store,
transmit, and modify that data
▪ Contract laborers (temps) often ignored but may also have
access
▪ Janitors and guards most frequently ignored
• Peset he eploees ae’t thee ad hae kes
▪ Lack of awareness comes from poor education and training
SOCIAL ENGINEERING
• An attack in which the perpetrator uses social skills to trick or manipulate
legitimate employees into providing confidential company info
• Most common is when attacker impersonates someone else on telephone
• Tailgating: allows perpetrator to enter restricted areas that are controlled
with locks or card entry
o hold the doo
• Shoulder surfing: pepetato athes a eploee’s opute see oe
the shoulder
DELIBERATE THREATS TO INFORMATION SYSTEMS
• Espionage or trespass
o competitive intelligence: legal information-gathering techniques,
suh as studig a opa’s esite
o industrial espionage: illegal
• Information extortion
o Hacker threatens to or does steal information from a company
o Demands payment for not stealing the information, returning it, or
not disclosing it
• Sabotage or vandalism
o Deface a website, cause customers to lose faith
• Theft of equipment or information
o Smaller devices: easier to steal
o Carelessness with laptop
find more resources at oneclass.com
find more resources at oneclass.com
Document Summary
Resources: organizations perform risk management before they spent time and money to protect information resources, risk: probability a threat will impact an information resource, risk management: identifies, controls, and minimizes impact of threats, risk analysis. Asses the value of each asset being protected. Estimate probability that each asset will be compromised. Co(cid:373)pa(cid:396)i(cid:374)g the p(cid:396)o(cid:271)a(cid:271)le (cid:272)osts of the asset"s (cid:271)ei(cid:374)g (cid:272)o(cid:373)p(cid:396)o(cid:373)ised with the costs of protecting it: risk mitigation. Implements controls to prevent identifies threats from occurring. Developing a means of recovery if the threat becomes a reality. Examines costs of implementing control measures against valye of them. Information secutiy controls: controls: defense mechanisms (countermeasures, defense-in-depth: layers of controls to defend against many diverse threats. Physical controls: p(cid:396)e(cid:448)e(cid:374)t u(cid:374)autho(cid:396)ized i(cid:374)di(cid:448)iduals f(cid:396)o(cid:373) gai(cid:374)i(cid:374)g a(cid:272)(cid:272)ess to a (cid:272)o(cid:373)pa(cid:374)(cid:455)"s facilities (walls, doors, alarm systems, can be inconvenient, guards. Big data: to refer to the vast and constantly increasing amounts of data that modern organizations need to capture, store, process, and analyze.
