Question 1
Discuss some human safeguards for employees that can ensure the security of information systems.
Your response should be at least 200 words in length. You are required to use at least your textbook as source material for your response. All sources used, including the textbook, must be referenced; paraphrased and quoted material must have accompanying citations.
Question 2
How should organizations respond to security threats?
Your response should be at least 200 words in length. You are required to use at least your textbook as source material for your response. All sources used, including the textbook, must be referenced; paraphrased and quoted material must have accompanying citations.
Question 3
Research disaster recovery plans (IS). Be sure to review your lessons and assigned readings.
• Assume there are two generic companies, one with and the other without a disaster recovery plan.
• Title your response under one of the following headings:
oReasons why the company survived
oReasons why the company did not survive
• Explain the type of disaster, the plan your company had in place, and why the company did or did not survive.
• Be sure to use your research to support your post.
Your response should be at least 200 words in length. You are required to use at least your textbook as source material for your response. All sources used, including the textbook, must be referenced; paraphrased and quoted material must have accompanying citations.
Could Someone Be Getting To Our Data?
•Stealing only from weddings of club members
•Knowledge: How to access system and database and SQL
•Access: Passwords on yellow stickies; many copies of key to server building
•Suspect: Greens keeper guy’s “a techno-whiz,” created report for Anne, knows SQL and how to access database
What Types of Security Loss Exists? Unauthorized Data Disclosure
•Pretexting
•Phishing
•Spoofing
–IP spoofing
–Email spoofing
•Drive-by sniffers
•Hacking
•Natural disasters
Incorrect Data Modification
•Procedures not followed or incorrectly designed procedures
•Increasing a customer’s discount or incorrectly modifying employee’s salary
•Placing incorrect data on company Web site
•Improper internal controls on systems
•System errors
•Faulty recovery actions after a disaster
Faulty Service
•Incorrect data modification
•Systems working incorrectly
•Procedural mistakes
•Programming errors
•IT installation errors
•Usurpation
•Denial of service (unintentional)
•Denial-of-service attacks (intentional)
Loss of Infrastructure Human accidents Theft and terrorist events Disgruntled or terminated employees Natural disasters
Goal of Information Systems Security
•Threats can be stopped, or at least threat loss reduced
•Safeguards are expensive and reduce work efficiency
•Find trade-off between risk of loss and cost of safeguards
Using MIS InClass 12: Phishing for Credit Cards, Identifying Numbers, Bank Accounts
•In this exercise, you and ...
Question 1 Discuss some human safeguards for employees that can .docx
1. Question 1
Discuss some human safeguards for employees that can ensure
the security of information systems.
Your response should be at least 200 words in length. You are
required to use at least your textbook as source material for
your response. All sources used, including the textbook, must
be referenced; paraphrased and quoted material must have
accompanying citations.
Question 2
How should organizations respond to security threats?
Your response should be at least 200 words in length. You are
required to use at least your textbook as source material for
your response. All sources used, including the textbook, must
be referenced; paraphrased and quoted material must have
accompanying citations.
Question 3
Research disaster recovery plans (IS). Be sure to review your
lessons and assigned readings.
• Assume there are two generic companies, one with and the
other without a disaster recovery plan.
• Title your response under one of the following headings:
oReasons why the company survived
oReasons why the company did not survive
• Explain the type of disaster, the plan your company had in
place, and why the company did or did not survive.
• Be sure to use your research to support your post.
Your response should be at least 200 words in length. You are
required to use at least your textbook as source material for
your response. All sources used, including the textbook, must
2. be referenced; paraphrased and quoted material must have
accompanying citations.
Could Someone Be Getting To Our Data?
•Stealing only from weddings of club members
•Knowledge: How to access system and database and SQL
•Access: Passwords on yellow stickies; many copies of key to
server building
•Suspect: Greens keeper guy’s “a techno-whiz,” created report
for Anne, knows SQL and how to access database
What Types of Security Loss Exists? Unauthorized Data
Disclosure
•Pretexting
•Phishing
•Spoofing
–IP spoofing
–Email spoofing
•Drive-by sniffers
•Hacking
•Natural disasters
Incorrect Data Modification
•Procedures not followed or incorrectly designed procedures
•Increasing a customer’s discount or incorrectly modifying
employee’s salary
•Placing incorrect data on company Web site
•Improper internal controls on systems
•System errors
•Faulty recovery actions after a disaster
Faulty Service
•Incorrect data modification
•Systems working incorrectly
•Procedural mistakes
•Programming errors
3. •IT installation errors
•Usurpation
•Denial of service (unintentional)
•Denial-of-service attacks (intentional)
Loss of Infrastructure Human accidents Theft and terrorist
events Disgruntled or terminated employees Natural disasters
Goal of Information Systems Security
•Threats can be stopped, or at least threat loss reduced
•Safeguards are expensive and reduce work efficiency
•Find trade-off between risk of loss and cost of safeguards
Using MIS InClass 12: Phishing for Credit Cards, Identifying
Numbers, Bank Accounts
•In this exercise, you and a group of your fellow students will
investigate phishing attacks.
•Search the Web for phishing, be aware that your search may
bring the attention of an active phisher.
•Therefore, do not give any data to any site that you visit as
part of this exercise!
What Are the Elements of a Security Policy? Elements of
Security Policy
Managing Risks
•Risk — threats & consequences we know about
•Uncertainty — things we do not know that we do not know
1.General statement of organization’s security program
2.Issue-specific policy
3.System-specific policy
Risk Assessment and Management Risk Assessment
•Tangible consequences.
•Intangible consequences
4. •Likelihood
•Probable loss
Risk-Management Decisions
•Given probable loss, what to protect?
•Which safeguards inexpensive and easy?
•Which vulnerabilities expensive to eliminate?
•How to balance cost of safeguards with benefits of probable
loss reduction?
Ethics Guide: Security Privacy Legal requirements to protect
customer data
•Gramm-Leach-Bliley (GLB) Act (1999)
•Privacy Act of 1974
•Health Insurance Portability and Accountability Act (HIPAA)
(1996)
•Privacy Principles of the Australian Privacy Act of 1988
Ethics Guide: Security Privacy What requirements does your
university have on data it maintains about you?
•No federal law
•Responsibility to provide public access to graduation records
•Class work, email, exam answers not covered under privacy
law
•Research covered under copyright law, not privacy law
System Access Protocols Kerberos
•Single sign-on for multiple systems
•Authenticates users without sending passwords across network.
•“Tickets” enable users to obtain services from multiple
networks and servers.
•Windows, Linux, Unix employ Kerberos Wireless Access
•VPNs and special security servers
•WEP (Wired-Equivalent Privacy)
5. •WPA, WPA2 (WiFI Protected Access)
Malware Safeguards
1.Antivirus and antispyware programs
2.Scan frequently
3.Update malware definitions
4.Open email attachments only from known sources
5.Install software updates
6.Browse only reputable Internet neighborhoods
Bots, Botnets, and Bot Herders
•Bot
uncontrolled by user
ery malicious, others annoying
•Botnet
Human Safeguards for Nonemployee Personnel
•Nonemployee personnel
•Contract personnel
urity responsibilities
•Public Users
Account Administration
•Account Management
permissions, removal of unneeded accounts.
•Password Management
frequently
•Help Desk Policies
6. Security Monitoring Functions
•Activity log analyses
•In-house and external Security testing
Responding to Security Incidents
•Human error & Computer crimes
contact, data to gather, and steps to reduce further loss
•Centralized reporting of all security incidents
•Incident-response plan
•Emergency procedures
Q7: 2022?
•Challenges likely to be iOS and other intelligent portable
devices
•Harder for the lone hacker to find vulnerability to exploit
•Continued investment in safeguards
•Continued problem of electronically porous national borders
Guide: Security Assurance, Hah!
•Employees who never change password or use some simpleton
word like “Sesame” or “MyDogSpot” or something equally
absurd
•Notes with passwords in top drawer of desks
•Management talks about security risk assurance and should
enforce real security
Guide: The Final, Final Word
•Routine work will migrate to lower-labor-cost countries
•Be a symbolic-analytic worker
7. Case 12: Moore’s Law, One More Time …
•Doubling CPU speed helps criminals
•iOS, Android phones, and millions of mobile devices increase
data communications and exponential opportunities for
computer criminals.