Textbook Notes (369,137)
Canada (162,407)
AFM 341 (30)
Brian Ma (12)
Chapter 11

AFM 341 Chapter 11: Chapter 11

4 Pages

Accounting & Financial Management
Course Code
AFM 341
Brian Ma

This preview shows page 1. Sign up to view the full 4 pages of the document.
Chapter 11 Information security management goal: protect information from internal and external threats - confidentiality: info not accessible to unauthorized people/processes - integrity: accurate + complete - availability of information: accessible on demand Information security risks - virus: self-replication program that runs and spreads by modifying other programs/files - worm: self-replication, self-contained, self-spreading program that uses networking mechanisms to spread - Trojan horse: program that seems to have a useful purpose but is malicious - spam: unsolicited bulk info - Botnet: software bots that overruns computers to act automatically in response to controls received - DOS: prevent authorized access to resources or delaying time-critical operations - Spyware: software secretly installed to gather info on individuals or organizations without them knowing - spoofing: sending info to appear like it comes from one place when its from another source - social engineering: manipulating someone to revealing confidential information/granting access to physical assets/networks/information Encryption: preventive control that provides confidentiality and privacy when transmitting and storing data Symmetric-key encryption - fast and suitable for large data sets/messages - sender and receiver use the same key to encrypt and decrypt messages (can’t use it to authenticate users) - ex. secret language that only two people know (morose code if only 2 people knew it) - key distribution and management are difficult because same key o difficult to securely distribute keys if many employees o costly if there are lots of users Asymmetric-key encryption - extremely slow - can’t be used to encrypt large data sets - each user has a public key and a private key (solve problem of key distribution & management) o public keys are widely distributed, available to others o private key is secret, only the owner knows what it is - Encrypt message using receivers public key - Receiver uses their private key to decrypt message - ex.???? Authentication - process that establishes origin of information/determines identity of user, process, device Combination of both methods: 1. Both use asymmetric-key encryption to authentic each other 2. Sender/receiver generates symmetric key that both users use (session key: only valid for a certain period) 3. asymmetric-key encryption used to distribute key session (sender encrypts message with receivers’ public key that they will open with their private key) 4. session key is used to transmit data Digital signature: message digest (MD) that is encrypted using senders private key - ensure data integrity because each MD is unique - authenticates creator too (use private key to create) - no one can enter an electronic transaction and then say they didn’t - example?? To ensure asymmetric-key encryption: *I don’t really understand this… - certificate authority(CA): trusted entity that issues and revokes digital certificates - digital certificate: document issues and digitally signed by private key of CA, subscriber (who is that?) is the only person that has control of the private key - public-key infrastructure (PKI): policies, processes, server platforms, software, workstations used to administer certificates, private and public pairs (issue, maintain, and revoke public key certificates) Computer Fraud & Abuse Fraud: illegal act characterized by deceit, concealment, violation of trust (get money, property, services, avoid payment/loss of services, secure personal/business advantage) Computer fraud: illegal acts with computers/networks Fraud Triangle - incentive (pressure that provides reason to commit fraud) - opportunity (lack of controls, controls that aren’t effective) - rationalize (have an attitude that enables them to justi
More Less
Unlock Document

Only page 1 are available for preview. Some parts have been intentionally blurred.

Unlock Document
You're Reading a Preview

Unlock to view full version

Unlock Document

Log In


Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.