Textbook Notes (363,141)
Canada (158,218)
UOIT (533)
Business (277)
BUSI 3040U (17)
Chapter 4

BUSI 3040U Chapter 4: Chapter 4

4 Pages
Unlock Document

BUSI 3040U
Stephen Marsh

Chapter 4: Deliberate Threats to Information Systems 4.1 Security degree of protection against criminal activity, danger, damage and or loss Information security processes and policies designed to protect an organizations information and IS from unauthorized access, use, disclosure, disruption, modification or destruction Treat any danger to which an information resource may be exposed Exposure harm, loss, or damage that can result if a treat compromises an information resource Vulnerability possibility that an information resource will be harmed by a threat 5 factors that contribute to the increasing vulnerability o Todays interconnected, interdependent, wirelessly networked business environment Trusted network networking within the organization Wireless technologies enable employees to compute, communicate and access the intent anywhere and anytime nonsecure broadcast communications medium o Smaller, faster, cheaper computers and storage devices much easier to steak or lose a computer or storage devices that contain huge amounts of sensitive information o Decreasing skills necessary to be a computer hacker internet contains information and computer programs called scripts that users with few skills can download and use to attack any information system connected to the internet o International organized crime taking over cyber crime Cybercrime illegal activities conducted over computer networks o Lack of management support senior managers are to set tone for employees to follow security procedures 4.2 Unintentional Threats to IS Human Error; the higher the level of employee, the greater threat he or she poses to information security; with greater access to corporate data and enjoy greater privileges on organizational IS o IS and HR employees have sensitive organizational data where they control the means to create, store, transmit and modify that data o Results of laziness, carelessness or lack of awareness concerning IS; poor education and training Social Engineering attack in which the perpetrator uses social skills to trick or manipulate a legitimate employee into providing confidential company information such as passwords o Tailgating allow the perpetrator to enter restricted areas that are controlled with locks or card entry o Shoulder surfing perpetrator watches an employees computer screen over the employees shoulder 4.3 Deliberate Threats to IS Espionage or trespass when unauthorized individuals attempts to gain illegal access to organizational information o Competitive intelligence consists of legal informationgathering technique, such as studying a companys websites, press releases, attending trade shows o Industrial espionage crosses the legal boundary Information extortion occurs when attackers either threatens to steal, or actually steal information from a company Sabotage or vandalism deliberate acts that involve defacing an organizations website, possibly damaging the organizations image and causing its brand equity Theft of equipment or information dumpster diving Identity theft deliberate assumption of another persons identity, to gain access to financial information or to frame for a crime costly, time consuming and difficult to recover o Stealing mail or dumpster diving o Stealing personal information in computer databases o Infiltrating organizations that store large amounts of personal information o Impersonating a trusted organization in an electronic communication Compromises to intellectual property o Intellectual property created by individuals or corporations that is protected under trade secret, patent, and copyright laws o Trade secrets intellectual work; business plans, a company secret and is not based on public information o Patent official document that grants the holder exclusive rights on invention or a process for a specified time o Copyright statutory grant that provides the creator or owners of intellectual property with ownership of the property for specified time Software attacks 1. Remote attacks requiring user action o Virus segment of computer code that performs malicious actions by attaching to another computer program
More Less

Related notes for BUSI 3040U

Log In


Don't have an account?

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.