ISYS111 Chapter Notes - Chapter 7: Cyberterrorism, Cyberwarfare, Extortion
7 Jun 2018
School
Department
Course
Professor
ISYS111: FUNDAMENTALS OF BUSINESS INFORMATION SYSTEMS, WEEK 8
Learning Outcomes:
Recognise issues of ethics and information security that violate the common good associated with
information systems (LO 4)
Demonstrate practical skills in the major functions of spreadsheet, database and ePortfolio software (LO 5)
Essential Question:
What are the major threats to information security and how to minimise them?
Notes:
Information security:
• Security – the degree of protection against criminal activity, danger, damage and/or loss
• Information security – protetig a orgaisatio’s iforatio ad iforatio systes fro
unauthorised access, use, disclosure, disruption, modification or destruction
• Threat – any danger to which a system may be exposed
• Exposure – harm, loss or damage that can result if a threat compromises that resource
• Vulnerability – the possibility that the system will suffer harm by a threat
Factors that contribute to the vulnerability of organisational information resources:
• Today’s iteroeted, iterdepedet, irelessly networked business environment
• Smaller, faster, cheaper computers and storage devices
• Decreasing skills necessary to be a computer hacker
• International organised crime taking over cybercrime
• Lack of management support
Unintentional threats to information systems:
• Human errors
o The higher the level of employee, the greater the threat the employee poses as they
generally have greater access to corporate data
o Employees in human resources and information systems generally have access to sensitive
and personal information
o Other human mistakes may be:
➢ Carelessness with laptops
➢ Carelessness with computing devices
➢ Opening questionable emails
➢ Careless internet surfing
➢ Poor password selection and use
➢ Carelessess ith oe’s offie
➢ Carelessness using unmanned devices
➢ Carelessness with discarded equipment
➢ Carelessness monitoring of environment
• Social engineering – getting around security by tricking computer users inside a computer into
revealing sensitive information or gaining unauthorised access privileges
o Most common example is when the attacker impersonates someone else on the telephone
find more resources at oneclass.com
find more resources at oneclass.com
Document Summary
Recognise issues of ethics and information security that violate the common good associated with information systems (lo 4) Demonstrate practical skills in the major functions of spreadsheet, database and eportfolio software (lo 5) Information security: security the degree of protection against criminal activity, danger, damage and/or loss. Factors that contribute to the vulnerability of organisational information resources: today"s i(cid:374)ter(cid:272)o(cid:374)(cid:374)e(cid:272)ted, i(cid:374)terdepe(cid:374)de(cid:374)t, (cid:449)irelessly networked business environment, smaller, faster, cheaper computers and storage devices, decreasing skills necessary to be a computer hacker. International organised crime taking over cybercrime: lack of management support. Deliberate threats to information systems: espionage or trespass occurs when an unauthorised individual attempts to gain illegal access to organisational information; crosses the legal boundary. Information extortion occurs when an attacker either threatens to steal, or actually steals information from a company: sabotage or vandalism the deliberate act that involves defacing an organisation"s website, theft of equipment and information.
