Textbook Notes (280,000)
CA (170,000)
SFU (6,000)
BUS (1,000)
BUS 237 (200)
Bisher (10)
Chapter 12

BUS 237 Chapter Notes - Chapter 12: Personal Information Protection And Electronic Documents Act, Identity Theft, Information System


Department
Business Administration
Course Code
BUS 237
Professor
Bisher
Chapter
12

This preview shows pages 1-3. to view the full 9 pages of the document.
What Is Identity Theft?
- Identity theft - stealing, misrepresenting, or hijacking the identity of another person
or business
What Is PIPEDA?
- Personal Information Protection and Electronic Documents Act (PIPEDA) - in
Canada, PIPEDA gives individuals the right to know why an organization collects,
uses, or discloses their personal information
- If issues arise that cannot be resolved between an individual and an organization,
they should file a complaint with the Office of the Privacy Commissioner of Canada.
- They will review the case and produces a report stating its conclusion
What Types of Security Threats Do Organizations Face?
- Security threats - a problem with the security of information or the data therein,
caused by human error, malicious activity, or natural disasters
-
- Spam - unwanted email messages
Unauthorized Data Disclosure
- Unauthorized Data Disclosure- can occur because of human error when someone
inadvertently releases data in violation of policy.
find more resources at oneclass.com
find more resources at oneclass.com

Only pages 1-3 are available for preview. Some parts have been intentionally blurred.

- Pretexting - a technique for gathering unauthorized information in which someone
pretends to be someone else.
- A common scam involves a telephone caller who pretends to be from a credit
card company and claims to be checking their validity of credit card numbers
- Phishing - a technique for obtaining unauthorized data that uses pretexting via
email.
- The phisher pretends to be a legitimate company and sends an email
requesting confidential data, such as account numbers, social insurance
numbers, account passwords, and so forth
- Spoofing - when someone pretends to be someone else with the intent of obtaining
unauthorized data.
- If you pretend to be your professor, you are spoofing your professor
- IP spoofing - a type of spoofing whereby an intruder uses another site’s IP
address as if it were that other site
- Changing location to USA to watch more shows on Netflix
- Email spoofing - a synonym for phishing. A technique for obtaining
unauthorized data that uses pretexting via email.
- The phisher pretends to be a legitimate company and sends email
requests for confidential data, such as account numbers, SIN, account
passwords, and so forth. Phishers direct traffic to their site under the
guise of a legitimate business
- Sniffing - a technique for intercepting computer connections.
- With wired networks, sniffing requires a physical connection to the network
- With wireless networks, no such connection is required
- Drive-by sniffers - people who take computers with wireless
connections through an area and search for unprotected wireless
networks in an attempt to gain free internet access or to gather
unauthorized data
- Spyware and adware are two other sniffing techniques
Incorrect Data Modification
- Incorrectly increasing a customer’s discount or incorrectly modifying an employee’s
salary, earned days of vacation, or annual bonus.
- Incorrect data modification can occur through human error when employees follow
procedure incorrectly or when procedures have been incorrectly designed
- Hacking - occurs when a person gain unauthorized access to a computer system.
Faulty Service
- Includes problems that result because of incorrect system operation
- Include incorrect data modification, systems that work incorrectly by sending
the wrong goods to the customer or ordered goods to the wrong customer,
incorrectly billing customers, or sending the wrong information to employees
find more resources at oneclass.com
find more resources at oneclass.com

Only pages 1-3 are available for preview. Some parts have been intentionally blurred.

Denial of Service
- Denial of service (DOS) - security problem in which users are not able to access an
information system
- Can be caused by human errors, natural disaster, or malicious activity
- A malicious hacker can flood a web server with bogus or fraudulent service requests
that so occupy the server that it cannot service legitimate requests
- Computer worms can infiltrate a network with so much artificial traffic that legitimate
traffic cannot get through
Loss of Infrastructure
- Human error i.e. a bulldozer cutting fibre-optic cables, or the maintenance staff
unplugging an important device in order to plug in a vacuum cleaner
- Theft and terrorists i.e. a disgruntled former employee or contractor can walk off with
corporate data servers, routers, or other crucial equipment
- Terrorist events can also cause the loss of physical plants and equipment
- Natural disasters i.e. flood, fire, earthquake, or similar event can destroy data centres
and all they contain
Elements of a Security Program
1. Senior management involvement
- Must establish the security policies. This policy sets the stage for the
organization’s response to security threats
- Manage risk by balancing the costs and benefits of the security program
2. Safeguards of various kinds
- Protections against security threats
-
3. Incident response
find more resources at oneclass.com
find more resources at oneclass.com
You're Reading a Preview

Unlock to view full version