Textbook Notes (363,222)
Canada (158,274)
Criminology (610)
CRIM 101 (121)
Chapter 12

Chapter 12.docx

3 Pages
Unlock Document

Simon Fraser University
CRIM 101
Kamal Masri

Chapter 12 o Aware of own security threats  easier to consider security threats of organization o Pg 355 figure 12-1 for human error, malicious activity, natural disaster security threats o PIPEDA Unauthorized Data Disclosure  Unauthorized Data Disclosure – Releasing data in violation of policy  Personal Information Protection and Electronic Documents ACT (PIPEDA)  Gives individuals the right to know why an organization collects, uses, discloses their personal information  Personal information defined as information about an identifiable individual, does not include name, title, business, address, telephone number  Requires organizations to identify anyone in organization who is responsible for keeping personal information private and secure and allows others to access this information o Search engines have made information posted by employees more accessible  Pretexting – someone deceives by pretending to be someone else  Phishing – Pretexting via email  Spoofing – pretending to be someone else as well  Email spoofing = phishing  Sniffing – Intercepting and stealing data  For wired connection, physical connection required  Drive by sniffler – wireless computers search for unprotected wifis and monitor/intercept wireless traffic at will, protected wireless also vulnerable.  Incorrect data modification  Occurs when employees follow procedures incorrectly or procedures incorrectly designed  Companies should ensure separation of duties and authorities and have multiple checks and balances in place for internal control on systems that process financial data or control inventories of assets like products/equipment  Hacking and modifying/stealing data for own personal gain o Faulty service  Incorrect system operation  Systems that work incorrectly by sending wrong goods to people, billing incorrect items, etc  Humans cause this by making procedural mistakes  System developers can write programs incorrectly or make errors during installation of hardware, software, data o Denial of service (DOS)  Employees can shut down web server/corporate gateway router by starting computationally intensive application  Denial of service attacks – malicious attacks by a hacker to flood a weber server so legitimate traffic cannot get through o Loss of infrastructure  Example – theft, terrorist events, accidents like bulldozers cutting fibre-optic cables  Natural disasters pose a large risk  Viruses, worms, zombies are techniques for causing problems in figure 12-1 What are the elements of a security program? o Security program’s 3 components  Senior management  Establish security policy, not perfect  still always a risk  Manage risk by balancing cost/benefit of security program  Safeguards  Protections against security threats o Figure 12-2 pg 358  Planned response to security incidents How Can Technical Safeguards Protect Against Security Threats o Involve hardware/software components o Identification (username)/authentication (password)  Password problems  Careless in their use, ex. Writing  Sharing passwords  Choosing weak passwords  Issues can be eliminated using: o Smart Cards  Contain a microchip loaded with identifying data  Requires users to enter a PIN o Biometric authentication  Fingerprints, facial features, retinal scans  Strong, but expensive  Users resist this method as it is invasive o Encryption & Firewalls o Malware protection  Viruses, worms, Trojan horses, spyware, adware,  Spyware – installed on user’s computer without user’s knowledge/permission o Resides in background and observes users actions/keystrokes, monitors computer activity and reports activity to sponsoring organizations o Steals passwords, account numbers, supports marketing analysis  Adware – also reside in background, watches user activity, produces pop ups, change default window, modify search results, switch users search engine  Symptoms of spyware/adware o Slow system start up o Sluggish system performance o Many pop ups o Suspicious browser homepage changes o Suspicious changes to taskbar/other system interfaces o Unusual hard disk activity  Malware safeguards o Antivirus/antispyware o Set up frequent scans o Update malware definitions o Open email attachments only from known sources  Ray Panko - 90% of all viruses are spread by email attachments o Promptly install software updates from legitimate sources o Browse only in reputable internet neighbourhoods
More Less

Related notes for CRIM 101

Log In


Don't have an account?

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.