Textbook Notes (368,425)
Canada (161,877)
BUS 237 (192)
Chapter 12

Chapter 12 Notes.docx

5 Pages
106 Views
Unlock Document

Department
Business Administration
Course
BUS 237
Professor
Maryam Ficociello
Semester
Summer

Description
Chapter 12 Notes Q1. What is Identity Theft and what types of Security Threats Do organizations Face? Identity Theft: Stealing, misrepresenting or hijacking the identity of another person or business Security Threats to organizations Security Threats: A problem with the security of an information or the data therein, caused by human error, malicious activity or natural disasters - 3 sources of security threats: human error and mistakes—accidental problems caused by both employees and non-employees , malicious human activity—employees and others who intentionally destroy data or other system components and natural events and disasters - 5 types of security problems: Unauthorized data disclosure, incorrect data modification, faulty service, denial of service and loss of infrastructure Spam: Unwanted email msgs PIPEDA Unauthorized Data Disclosure Unauthorized data disclosure: Can occur by human error when someone inadvertently releases data in violation of policy or when employees unknowingly or carelessly release proprietary data to competitors or the media Personal Information Protection and Electronic Documents Act (PIPEDA): In Canada, gives individuals the right to know why an organization collects, uses, or discloses their personal information Pretexting: Phishing: A form of pretexting Spoofing: When someone pretends to be someone else with the intent of obtaining unauthorized data IP spoofing: A type of spoofing whereby an intruder uses another site’s IP address as if it were that other site Email Spoofing: A technique for obtaining unauthorized data that uses pretexting via email. The phisher pretends to be a legit company and sends email requrest for confidential data such as account numbers, social insurance numbers, account passwords and so forth. Synonym of phishing Sniffing: a techinique for intercepting computer communications - With wired networks, sniffing requires a physical connection to the network. With wireless networks, no such connection is required Chapter 12 Notes Drive by sniffers: People who take computers with wireless connections through an area and search for unprotected wireless networks in an attempt to gain free internet access or to gather unauthorized data Incorrect Data Modification Hacking: When a person gains unauthorized access to a computer system. Although some people hack for the sheer joy of doing it, other hackers invade systems for the malicious purpose of stealing or modifying data Faulty Service - It could include incorrect data modification. Also systems that work incorrectly by sending the wrong goods to the customer, or ordered goods to the wrong customer, incorrectly billing customers or sending wrong info to employees Denial of Service Denial of service (DOS): Security problem in which users are not able to access an IS; can be caused by human errors, natural disaster or malicious activity - A malicious hacker can flood a web server, for example, with millions of bogus service requests that so occupy the server that it cannot service legitimate requests - Natural disasters may cause systems to fail, resulting in denial of service Loss of Infrastructure - Human accidents such as a bulldozer cutting fiber optic cables or the floor polisher crashing into a rach of web servers - Natural disasters present a large risk for risk of infrastructure loss Q2. What are the elements of a security program? - A security program has 3 components: senior management involvement, safeguards of various kinds, and incident response - Senior management—must establish the security policy, Their second function is to manage risk by balancing the costs and benefits of the security program - Safeguards—protection against security threats; 3 types of safeguards: Technical, Data and Human Q3. How can technical safeguards protect against security threats? Technical safeguards: involves the hardware and software components of an IS. For ex, Identification and authentication, encryption, firewalls, malware protection and application design. Identification and Authentication Identification: The process whereby an IS identifies a user by requiring the user to sign on with a user name and password Authentication: The process whereby an IS approves a user by checking the user’s password Chapter 12 Notes Smart Cards Smart Card: A plastic card that has a micro chip. The micro chip holds much more data than a magnetic strip Personal Identification Number (PIN): A form of authentication whereby the owner supplies a number only he/ she knows Biometric Authentication Biometric authentication: Uses personal physical characteristics such as fingerprints, facial features and retinal scans to aunthenticate users Single Sign on for Multiple Systems - Today’s operating systems can authenticate you to networks and other servers  You sign on to you local computer and provide authentication data, from that point on, your operatin
More Less

Related notes for BUS 237

Log In


OR

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


OR

By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.


Submit