BUS 237 Chapter Notes - Chapter 12: Email Spoofing, Personal Information Protection And Electronic Documents Act, Adware

37 views5 pages
Ch. 12 – Managing Information Security and Privacy
Q1: What is identity theft?
- identity theft = vital info of person used to facilitate impersonation
 involves stealing, misrepresenting, hijacking identity of another person/business & provides effective
way to commit other crimes
Q2: What is PIPEDA?
- PIPEDA = Personal Info Protection & Electronic Documents Act
 balance indiv’s right to privacy of his/her personal info, which orgs need to collect, use & share
personal info for business purposes
- every business professional needs to be aware of PIPEDA b/c it governs how data are collected & used
- one of most critical elements of PIPEDA is principle that indivs have right to know what type of info an org
collects about them & also how that info is going to be used
- PIPEDA creates some protection of personal privacy
- orgs must protect info it collects
 PIPEDA provides indiv right to know who in org is responsible for securing info
- orgs must collect info fairly
Q3: What types of security threats do organizations face?
- 3 sources of security threats:
1) human errors 2) malicious human activity 3) natural events & disasters
- human errors & mistakes: accidental problems caused by both employees others outside org
- malicious human activity: employees & others who intentionally destroy data/other sys components
 incl. hackers
- natural events & disasters: fires, floods, hurricanes, earthquakes, etc
 problems incl initial loss of capability & service and also losses stemming from actions to recover from
initial problem
- 5 types of security problems
1) unauthorized data disclosure
2) incorrect data modification
3) faulty service
4) denial of service
5) loss of infrastructure
- unauthorized data disclosure: can occur by human error when someone inadvertently releases data in violation
of policy
 popularity & efficacy of search engines create another source of inadvertent disclosure
- pretexting = someone deceives by pretending to be someone else
 telephone caller pretending to be from a credit card company
- phishing = uses pretexting via email = email spoofing
 send email requesting confidential data
- spoofing = someone pretending to be someone else
- IP spoofing = intruder sues another site’s IP address as if it were that other site
- sniffing = technique for intercepting computer communications
 w/ wired networks, sniffing requires physical connection to network
- drive-by sniffing = no connection required w/ wireless networks
 take computers w wireless connections thru area & search for unprotected wireless networks
 can monitor & intercept wireless traffic at will
- incorrect data modification: incorrectly increasing customer’s discount, incorrectly modifying employee’s
salary, etc
 can occur thru human error
 companies should ensure separation of duties & authorities & have multiple checks & balances in place
 eg. system errors (lost-update problem)
find more resources at oneclass.com
find more resources at oneclass.com
Unlock document

This preview shows pages 1-2 of the document.
Unlock all 5 pages and 3 million more documents.

Already have an account? Log in
- hacking = person gains unauthorized access to a computer system
- faulty service: problems that result b/c of incorrect system operation
- denial of service: results from human error in following procedures/lack of procedures
 employees can inadvertently shut down web server by starting computationally intensive app
 OLAP app using operational DMBS can consume so many DBMS resources that order-entry transactions
cannot get thru
 denial-of-service attacks: mostly malicious, (eg) too many bogus service requests that occupy server &
cannot service legitimate requests
 can be from natural disasters causing sys to fail
- loss of infrastructure: caused by human error (bulldozer cutting cables), theft & terrorist, natural disaster (fire
can destroy data centres)
- 3 components of security program:
1) senior management involvement
2) safeguards of various kinds
3) incident response
- senior management: must establish security policy & manage risk by balancing costs & benefits of security
program
- safeguards: protect against security threats
- org’s planned response to security incidents
Q4: How can technical safeguards protect against security threats?
- technical safeguards involve hardware & software components of info sys
- primary technical safeguards: ID & authentication, encryption, firewalls, malware protection, design for secure
apps
- identification & authentication: username & password
 3 parts to authentication: 1) what you know (password)
2) what you have (smart card)
3) what you are (biometric)
- smart card = plastic card similar to credit card but has microchip
 microchip hold far more data than magnetic strip, loaded w/ identifying data/algorithms
 users of smart cards required to enter PIN to be authenticated
- biometric authentication = uses personal physical characteristics to authenticate users
 provides strong authentication but equipment expensive
 users feel it is invasive
- single sign-on for multiple systems
 usu need to be authenticated for LAN, WAN, personal computer, etc
 now OS can authenticate you to networks & other servers
- malware: incl. viruses, worms, spyware, adware, etc
 spyware programs installed on user’s computer w/o user’s knowledge, resides in background &
observes user’s actions/monitors computer activity/reports activity to sponsoring orgs
 some malicious spyware captures keystrokes to obtain passwords, others support marketing analyses
 adware similar to spyware b/c installed w/o user’s permission & resides in background to observe user
behaviour but most adware does not perform malicious acts
find more resources at oneclass.com
find more resources at oneclass.com
Unlock document

This preview shows pages 1-2 of the document.
Unlock all 5 pages and 3 million more documents.

Already have an account? Log in

Get access

Grade+
$10 USD/m
Billed $120 USD annually
Homework Help
Class Notes
Textbook Notes
40 Verified Answers
Study Guides
1 Booster Class
Class+
$8 USD/m
Billed $96 USD annually
Homework Help
Class Notes
Textbook Notes
30 Verified Answers
Study Guides
1 Booster Class