CHAPTER 8 notes for the exam 2.docx

3 Pages
Unlock Document

University of Massachusetts Amherst
Operations & Info Management
OIM 210
Ryan Wright

CHAPTER 8  User and Administrator Threats o BadApple – own workers cheating and selling o Phishing - Acon executed using technology, typically targeted at acquiring sensitive information or tricking someone into installing malicious software.The goal of phishing is to leverage the reputation of a trusted firm or friend to trick the victim into performing an action or revealing information (Click here to update info to receive your tax refund transfer ; downloading program) o Social Engineering - attempts to trick or con individuals into providing information, while phishing techniques are cons conducted through technology.( Win a free trip to Hawaii—just answer three questions about your network.; Setting off a series of false alarms that cause the victim to disable alarm systems; intimidation)  Technology threts: o Malware seeks to compromise a computing system without permission. Client PCs and a firm’s servers are primary targets, but, malware now threatens nearly any connected system running software, including mobile phones, embedded devices, and a firm’s networking equipment. Some hackers will try to sneak via techniques like phishing. In another high-profile hacking example, infected USB drives were purposely left lying around government offices. * Malware goes by many names:  Viruses. Programs that infect other software or files. They require a running program to spread, attaching to other program. Viruses can spread via operating systems, programs, or the boot sector or auto-run feature of media such as DVDs or USB drives.  Worms. Programs that take advantage of security vulnerability to automatically spread, but unlike viruses, worms do not require a program. Some worms scan for and install themselves on vulnerable systems with stunning speed.  Trojans - try to sneak in by masquerading as something they’re not. The payload is released when the user is duped into downloading and installing the malware cargo, oftentimes via phishing exploits.  white hat hacker - Someone who uncovers computer weaknesses without exploiting them. The goal of the white hat hacker is to improve system security.  black hat hacker - Acomputer criminal.  zero-day exploits-Attacks that are so new that they haven’t been clearly identified, and so they haven’t made it into security screening systems.  Encryption-Scrambling data using a code or formula, known as a cipher, such that it is hidden from those who do not have the unlocking key.  Data harvesters-Cybercriminals who infiltrate systems and collect data for illegal resale.  Botnets-Hordes of surreptitiously infiltrated computers, linked and controlled remotely, also known as zombie networks  cash-out fraudsters-Firms that purchase assets from data harvesters.Actions may include using stolen credit card numbers to purchase goods, creating fake accounts via identity fraud, and more.  distributed denial of service (DDoS)-An attack where a firm’s computer systems are flooded with thousands of seemingly legitimate requests, the sheer volume of which will slow or shut down the site’s use. DDoS attacks are often performed via botnets.  Hack-Aterm that may, depending on the context, refer to either 1) breaking into a compu
More Less

Related notes for OIM 210

Log In


Don't have an account?

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.