SlideShare a Scribd company logo

Mis3rd

Download as DOCX, PDF
G
gopalnb

short que que

1 of 5
845-HB-KT 1) Define eBusiness? eBusiness Electronic commerce (EC or e-commerce) describes the process of buying, selling, transferring, or exchanging products, services, or information via computer networks, including the Internet. E-business is a somewhat broader concept. In addition to the buying and selling of goods and services, e- business also refers to servicing customers, collaborating with business partners, and performing electronic transactions within an organization. Or E-business (electronic business) is the conducting of business on the Internet, not only buying and selling but also servicing customers and collaborating with business partners. 2) What is meant by Communitainment' The Internet has increasingly become a principal medium for community, communication, and entertainment–three areas that have collided together and are impacting each other’s growth– generating a new type of activity that we call communitainment. 3) What is meant by IT Steering Committee? IT steering committee It is a committee, comprised of a group of managers and staff representing various organizational units, set up to establish IT priorities and to ensure that the MIS function is meeting the needs of the enterprise. The IT steering committee acts as very important role in developing and implementing the IT strategic plan The IT steering committee is important because it ensures that you get the information systems and applications that you need to do your job. 4) What is meant by Social engineering social engineering It is Getting around security systems by tricking computer users inside a company into revealing sensitive information or gaining unauthorized access privileges. Or Social engineering is an attack in which the perpetrator uses social skills to trick or manipulate a legitimate employee into providing confidential company information such as passwords The most common example of social engineering is The attacker impersonates someone else on the telephone, such as a company manager or information systems employee. The attacker claims he forgot his password and asks the legitimate employee to give him a password to use. 5) Define Information Systems Auditing? Information Systems Auditing is performing the task of examination of information systems, their inputs, outputs, and processing and checking for Are all controls installed as intended? Are the controls effective? Has any breach of security occurred?
845-HB-KT If so, what actions are required to prevent future breaches? There are two type of IS Audiying Internal auditing External auditing 6) Define Pilot conversion. pilot conversion It is Implementation process that introduces the new system in one part of the organization like department or in one functional area on a trial basis; when new system is working properly, it is introduced in other parts of the organization. 7) What is meant by Organizational strategic plan? The organization’s strategic plan The organization’s strategic plan states the firm’s overall mission, the goals that to be followed from that mission, and the broad steps necessary to reach these goals. It plays important role in the planning process for new IT applications The strategic planning process modifies the organization’s objectives and resources to meet its changing markets and opportunities. 8) Define IT Strategic Plan. IT strategic plan It is a set of long-range goals that describe the IT infrastructure and major IT initiatives needed to achieve the goals of the organization. The IT strategic plan must meet three objectives: 1. It must be aligned with the organization’s strategic plan. 2. It must provide for an IT architecture that enables users, applications, and databases to be seamlessly networked and integrated. 3. It must efficiently allocate IS development resources among competing projects so the projects can be completed on time and within budget and have the required functionality.
845-HB-KT Q9) Threats to Information Systems Whitman and Mattord (2003) classified threats into five general categories to help us better understand the complexity of the threat problem. Their categories are: 1. Unintentional acts 2. Natural disasters 3. Technical failures 4. Management failures 5. Deliberate acts Unintentional Acts. Unintentional acts are those acts with no malicious intent. There are three types of unintentional acts human errors deviations in the quality of service by service providers environmental hazards Out of these three types of acts, human errors represent by far the most serious threats to information security. Human errors or mistakes by employees pose a large problem as the result of laziness, carelessness, or a lack of awareness concerning information security. This lack of awareness comes from poor education and training efforts by the organization. Human Mistakes Description and Examples Tailgating A technique designed to allow the perpetrator to enter restricted areas that are controlled with locks or card entry. The perpetrator follows closely behind a legitimate employee and, when the employee gains entry, asks them to “hold the door.” Shoulder surfing The perpetrator watches the employee’s computer screen over that person’s shoulder. This technique is particularly successful in public areas such as airports, commuter trains, and on airplanes. Carelessness with laptops Losing laptops, misplacing laptops, leaving them in taxis, and so on. Carelessness with portable devices Losing or misplacing these devices, or using them carelessly so that malware is introduced into an organization’s network. Opening questionable e-mails Opening e-mails from someone unknown, or clicking on links embedded in e-mails Careless Internet surfing Accessing questionable web sites; can result in malware and/or alien software being introduced into the organization’s network. Poor password selection and use Choosing and using weak passwords Carelessness with one’s office Unlocked desks and filing cabinets when employees go home at night; not logging off the company network when gone from the office for any extended period of time. Carelessness using unmanaged devices Unmanaged devices are those outside the control of an organization’s IT department and company security procedures. These devices include computers belonging to customers and business
845-HB-KT partners, computers in the business centers of hotels, and computers in Starbucks, Paneras, and so on. Carelessness with discarded equipment Discarding old computer hardware and devices without completely wiping the memory; includes computers, cellphones, Blackberries, and digital copiers and printers. The human errors that we have just discussed are unintentional on the part of the employee. Employees can also make mistakes as a result of deliberate actions by an attacker. These actions are classified into three categories Social engineering Reverse social engineering social data mining (buddy mining) An attack that occurs when perpetrators seek to learn who knows who in an organization, and how, in order to target specific individuals. Deviations in the Quality of Service by Service Providers. This category consists of situations in which a product or service is not delivered to the organization as expected. Ex: Heavy equipment at a construction site cuts a fiber-optic line to your building or your Internet service provider has availability problems. Organizations may also experience service disruptions from various providers, such as communications, electricity, telephone, water, wastewater, trash pickup, cable, and natural gas. Environmental Hazards. Environmental hazards include dirt, dust, humidity, and static electricity. These hazards are harmful to the safe operation of computing equipment. Natural Disasters. Natural disasters include floods, earthquakes, hurricanes, tornadoes, lightning, and in some cases, fires. In many cases, these disasters “sometimes referred to as acts of God” can cause catastrophic losses of systems and data. To avoid such losses, companies must engage in proper planning for backup and recovery of information systems and data. Known as Disaster Recovery Plans which includes Maintenance of HOT Sites , WARM Sites and COLD Sites Technical Failures. Technical failures include problems with hardware and software. The most common hardware problem is a crash of a hard disk drive The most common software problem is errors—called bugs—in computer programs. Software bugs are so common that entire web sites are dedicated to documenting them. Ex: www.bug- track.com and www.bugaware.com. Management Failures. Management failures involve a lack of funding for information security efforts and a lack of interest in those efforts. Such lack of leadership will cause the information security of the organization to suffer.
845-HB-KT Q10 ) Explain any three ethical issues related to e-commerce. Page no : 223 Ethical Issues Most of the ethical and global issues related to IT also apply to e-business. Here we consider two basic issues Privacy Job loss. By making it easier to store and transfer personal information, e-business presents some threats to privacy. To begin with, most electronic payment systems know who the buyers are. It may be necessary, then, to protect the buyers’ identities. Businesses frequently use encryption to provide this protection. Another major privacy issue is tracking. For example, individuals’ activities on the Internet can be tracked by cookies. Cookies store your tracking history on your personal computer’s hard drive, and any time you revisit a certain Web site, the computer knows it In response, some users install programs to exercise some control over cookies and thus restore their online privacy. In addition to compromising employees’ privacy, the use of EC may eliminate the need for some of a company’s employees, as well as brokers and agents. The manner in which these unneeded workers, especially employees, are treated can raise ethical issues: How should the company handle the layoffs? Should companies be required to retrain employees for new positions? If not, how should the company compensate or otherwise assist the displaced workers?

Recommended

ILTA Mobile Security Gap
ILTA Mobile Security GapILTA Mobile Security Gap
ILTA Mobile Security GapGes Ray
 
Network monitoring white paper
Network monitoring white paperNetwork monitoring white paper
Network monitoring white paperImaging Network Technology, LLC
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...IOSR Journals
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...Ahmad Sharifi
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template Demand Metric
 
IRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET Journal
 
306 310
306 310306 310
306 310Editor IJARCET
 
Intranet Pdf
Intranet PdfIntranet Pdf
Intranet Pdfkhammett
 

Recommended

ILTA Mobile Security Gap
ILTA Mobile Security GapILTA Mobile Security Gap
ILTA Mobile Security GapGes Ray
 
Network monitoring white paper
Network monitoring white paperNetwork monitoring white paper
Network monitoring white paperImaging Network Technology, LLC
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...IOSR Journals
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...Ahmad Sharifi
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template Demand Metric
 
IRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET- A Survey on Cloud Data Security Methods and Future Directions
IRJET- A Survey on Cloud Data Security Methods and Future DirectionsIRJET Journal
 
306 310
306 310306 310
306 310Editor IJARCET
 
Intranet Pdf
Intranet PdfIntranet Pdf
Intranet Pdfkhammett
 
Healthcare Industry Security Whitepaper
Healthcare Industry Security WhitepaperHealthcare Industry Security Whitepaper
Healthcare Industry Security WhitepaperCasey Lucas
 
Security White Paper
Security White PaperSecurity White Paper
Security White PaperMobiWee
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldIdentive
 
E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce SecurityLindsey Landolfi
 
An overview of cyberimes
An overview of cyberimesAn overview of cyberimes
An overview of cyberimesProf. (Dr.) Tabrez Ahmad
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET Journal
 
Information security
Information securityInformation security
Information securityLaxmiprasad Bansod
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereJim Brashear
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Securityijtsrd
 
MBM's InterGuard Security Suite
MBM's InterGuard Security SuiteMBM's InterGuard Security Suite
MBM's InterGuard Security SuiteCharles McNeil
 
Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03kbzdox ivanovich
 
Computrace Laptop Security Solutions
Computrace Laptop Security SolutionsComputrace Laptop Security Solutions
Computrace Laptop Security Solutionsabe8512000
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security IntelligenceIBMGovernmentCA
 
Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!Team Sistemi
 
Module 2 (footprinting)
Module 2 (footprinting)Module 2 (footprinting)
Module 2 (footprinting)Wail Hassan
 
Iaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd Iaetsd
 
Module 3 (scanning)
Module 3 (scanning)Module 3 (scanning)
Module 3 (scanning)Wail Hassan
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
Securing Citizen Facing Applications
Securing Citizen Facing ApplicationsSecuring Citizen Facing Applications
Securing Citizen Facing Applicationsedwinlorenzana
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6annwhyjay
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksHokme
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber securitySweta Kumari Barnwal
 

More Related Content

What's hot

Healthcare Industry Security Whitepaper
Healthcare Industry Security WhitepaperHealthcare Industry Security Whitepaper
Healthcare Industry Security WhitepaperCasey Lucas
 
Security White Paper
Security White PaperSecurity White Paper
Security White PaperMobiWee
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldIdentive
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET Journal
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereJim Brashear
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Securityijtsrd
 
MBM's InterGuard Security Suite
MBM's InterGuard Security SuiteMBM's InterGuard Security Suite
MBM's InterGuard Security SuiteCharles McNeil
 
Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03kbzdox ivanovich
 
Computrace Laptop Security Solutions
Computrace Laptop Security SolutionsComputrace Laptop Security Solutions
Computrace Laptop Security Solutionsabe8512000
 
Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!Team Sistemi
 
Module 2 (footprinting)
Module 2 (footprinting)Module 2 (footprinting)
Module 2 (footprinting)Wail Hassan
 
Iaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd Iaetsd
 
Module 3 (scanning)
Module 3 (scanning)Module 3 (scanning)
Module 3 (scanning)Wail Hassan
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
Securing Citizen Facing Applications
Securing Citizen Facing ApplicationsSecuring Citizen Facing Applications
Securing Citizen Facing Applicationsedwinlorenzana
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6annwhyjay
 

What's hot (20)

Healthcare Industry Security Whitepaper
Healthcare Industry Security WhitepaperHealthcare Industry Security Whitepaper
Healthcare Industry Security Whitepaper
 
Security White Paper
Security White PaperSecurity White Paper
Security White Paper
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
 
E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce Security
 
An overview of cyberimes
An overview of cyberimesAn overview of cyberimes
An overview of cyberimes
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
 
Information security
Information securityInformation security
Information security
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data Everywhere
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Security
 
MBM's InterGuard Security Suite
MBM's InterGuard Security SuiteMBM's InterGuard Security Suite
MBM's InterGuard Security Suite
 
Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03
 
Computrace Laptop Security Solutions
Computrace Laptop Security SolutionsComputrace Laptop Security Solutions
Computrace Laptop Security Solutions
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
 
Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!
 
Module 2 (footprinting)
Module 2 (footprinting)Module 2 (footprinting)
Module 2 (footprinting)
 
Iaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd cyber crimeand
Iaetsd cyber crimeand
 
Module 3 (scanning)
Module 3 (scanning)Module 3 (scanning)
Module 3 (scanning)
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professional
 
Securing Citizen Facing Applications
Securing Citizen Facing ApplicationsSecuring Citizen Facing Applications
Securing Citizen Facing Applications
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6
 

Similar to Mis3rd

Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksHokme
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineeringSweta Kumari Barnwal
 
IRJET- Impact of Ethical Hacking on Business and Governments
IRJET- Impact of Ethical Hacking on Business and GovernmentsIRJET- Impact of Ethical Hacking on Business and Governments
IRJET- Impact of Ethical Hacking on Business and GovernmentsIRJET Journal
 
Student NameCYB110Playbook Runbook Parts 1-3S.docx
Student NameCYB110Playbook Runbook Parts 1-3S.docxStudent NameCYB110Playbook Runbook Parts 1-3S.docx
Student NameCYB110Playbook Runbook Parts 1-3S.docxdeanmtaylor1545
 
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test CampaignInfographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test CampaignPratum
 
IRJET- Ethical Hacking
IRJET- Ethical HackingIRJET- Ethical Hacking
IRJET- Ethical HackingIRJET Journal
 
“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information securityAhmed Banafa
 
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdfJust-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdfInfinityGroup5
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdfmistryritesh
 
Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Brianna Johnson
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?Ahmed Banafa
 
61370436 main-case-study
61370436 main-case-study61370436 main-case-study
61370436 main-case-studyhomeworkping4
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET- Ethical Hacking Techniques and its Preventive Measures for NewbiesIRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET- Ethical Hacking Techniques and its Preventive Measures for NewbiesIRJET Journal
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesKristin Helgeson
 
Firewall buyers-guide
Firewall buyers-guideFirewall buyers-guide
Firewall buyers-guideAndy Kwong
 

Similar to Mis3rd (20)

Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineering
 
Mis 1
Mis 1Mis 1
Mis 1
 
IRJET- Impact of Ethical Hacking on Business and Governments
IRJET- Impact of Ethical Hacking on Business and GovernmentsIRJET- Impact of Ethical Hacking on Business and Governments
IRJET- Impact of Ethical Hacking on Business and Governments
 
Student NameCYB110Playbook Runbook Parts 1-3S.docx
Student NameCYB110Playbook Runbook Parts 1-3S.docxStudent NameCYB110Playbook Runbook Parts 1-3S.docx
Student NameCYB110Playbook Runbook Parts 1-3S.docx
 
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test CampaignInfographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
 
IRJET- Ethical Hacking
IRJET- Ethical HackingIRJET- Ethical Hacking
IRJET- Ethical Hacking
 
“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security“Verify and never trust”: The Zero Trust Model of information security
“Verify and never trust”: The Zero Trust Model of information security
 
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdfJust-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
 
10.1.1.436.3364.pdf
10.1.1.436.3364.pdf10.1.1.436.3364.pdf
10.1.1.436.3364.pdf
 
Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?
 
61370436 main-case-study
61370436 main-case-study61370436 main-case-study
61370436 main-case-study
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET- Ethical Hacking Techniques and its Preventive Measures for NewbiesIRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
IRJET- Ethical Hacking Techniques and its Preventive Measures for Newbies
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headaches
 
Firewall buyers-guide
Firewall buyers-guideFirewall buyers-guide
Firewall buyers-guide
 

Mis3rd

  • 1. 845-HB-KT 1) Define eBusiness? eBusiness Electronic commerce (EC or e-commerce) describes the process of buying, selling, transferring, or exchanging products, services, or information via computer networks, including the Internet. E-business is a somewhat broader concept. In addition to the buying and selling of goods and services, e- business also refers to servicing customers, collaborating with business partners, and performing electronic transactions within an organization. Or E-business (electronic business) is the conducting of business on the Internet, not only buying and selling but also servicing customers and collaborating with business partners. 2) What is meant by Communitainment' The Internet has increasingly become a principal medium for community, communication, and entertainment–three areas that have collided together and are impacting each other’s growth– generating a new type of activity that we call communitainment. 3) What is meant by IT Steering Committee? IT steering committee It is a committee, comprised of a group of managers and staff representing various organizational units, set up to establish IT priorities and to ensure that the MIS function is meeting the needs of the enterprise. The IT steering committee acts as very important role in developing and implementing the IT strategic plan The IT steering committee is important because it ensures that you get the information systems and applications that you need to do your job. 4) What is meant by Social engineering social engineering It is Getting around security systems by tricking computer users inside a company into revealing sensitive information or gaining unauthorized access privileges. Or Social engineering is an attack in which the perpetrator uses social skills to trick or manipulate a legitimate employee into providing confidential company information such as passwords The most common example of social engineering is The attacker impersonates someone else on the telephone, such as a company manager or information systems employee. The attacker claims he forgot his password and asks the legitimate employee to give him a password to use. 5) Define Information Systems Auditing? Information Systems Auditing is performing the task of examination of information systems, their inputs, outputs, and processing and checking for Are all controls installed as intended? Are the controls effective? Has any breach of security occurred?
  • 2. 845-HB-KT If so, what actions are required to prevent future breaches? There are two type of IS Audiying Internal auditing External auditing 6) Define Pilot conversion. pilot conversion It is Implementation process that introduces the new system in one part of the organization like department or in one functional area on a trial basis; when new system is working properly, it is introduced in other parts of the organization. 7) What is meant by Organizational strategic plan? The organization’s strategic plan The organization’s strategic plan states the firm’s overall mission, the goals that to be followed from that mission, and the broad steps necessary to reach these goals. It plays important role in the planning process for new IT applications The strategic planning process modifies the organization’s objectives and resources to meet its changing markets and opportunities. 8) Define IT Strategic Plan. IT strategic plan It is a set of long-range goals that describe the IT infrastructure and major IT initiatives needed to achieve the goals of the organization. The IT strategic plan must meet three objectives: 1. It must be aligned with the organization’s strategic plan. 2. It must provide for an IT architecture that enables users, applications, and databases to be seamlessly networked and integrated. 3. It must efficiently allocate IS development resources among competing projects so the projects can be completed on time and within budget and have the required functionality.
  • 3. 845-HB-KT Q9) Threats to Information Systems Whitman and Mattord (2003) classified threats into five general categories to help us better understand the complexity of the threat problem. Their categories are: 1. Unintentional acts 2. Natural disasters 3. Technical failures 4. Management failures 5. Deliberate acts Unintentional Acts. Unintentional acts are those acts with no malicious intent. There are three types of unintentional acts human errors deviations in the quality of service by service providers environmental hazards Out of these three types of acts, human errors represent by far the most serious threats to information security. Human errors or mistakes by employees pose a large problem as the result of laziness, carelessness, or a lack of awareness concerning information security. This lack of awareness comes from poor education and training efforts by the organization. Human Mistakes Description and Examples Tailgating A technique designed to allow the perpetrator to enter restricted areas that are controlled with locks or card entry. The perpetrator follows closely behind a legitimate employee and, when the employee gains entry, asks them to “hold the door.” Shoulder surfing The perpetrator watches the employee’s computer screen over that person’s shoulder. This technique is particularly successful in public areas such as airports, commuter trains, and on airplanes. Carelessness with laptops Losing laptops, misplacing laptops, leaving them in taxis, and so on. Carelessness with portable devices Losing or misplacing these devices, or using them carelessly so that malware is introduced into an organization’s network. Opening questionable e-mails Opening e-mails from someone unknown, or clicking on links embedded in e-mails Careless Internet surfing Accessing questionable web sites; can result in malware and/or alien software being introduced into the organization’s network. Poor password selection and use Choosing and using weak passwords Carelessness with one’s office Unlocked desks and filing cabinets when employees go home at night; not logging off the company network when gone from the office for any extended period of time. Carelessness using unmanaged devices Unmanaged devices are those outside the control of an organization’s IT department and company security procedures. These devices include computers belonging to customers and business
  • 4. 845-HB-KT partners, computers in the business centers of hotels, and computers in Starbucks, Paneras, and so on. Carelessness with discarded equipment Discarding old computer hardware and devices without completely wiping the memory; includes computers, cellphones, Blackberries, and digital copiers and printers. The human errors that we have just discussed are unintentional on the part of the employee. Employees can also make mistakes as a result of deliberate actions by an attacker. These actions are classified into three categories Social engineering Reverse social engineering social data mining (buddy mining) An attack that occurs when perpetrators seek to learn who knows who in an organization, and how, in order to target specific individuals. Deviations in the Quality of Service by Service Providers. This category consists of situations in which a product or service is not delivered to the organization as expected. Ex: Heavy equipment at a construction site cuts a fiber-optic line to your building or your Internet service provider has availability problems. Organizations may also experience service disruptions from various providers, such as communications, electricity, telephone, water, wastewater, trash pickup, cable, and natural gas. Environmental Hazards. Environmental hazards include dirt, dust, humidity, and static electricity. These hazards are harmful to the safe operation of computing equipment. Natural Disasters. Natural disasters include floods, earthquakes, hurricanes, tornadoes, lightning, and in some cases, fires. In many cases, these disasters “sometimes referred to as acts of God” can cause catastrophic losses of systems and data. To avoid such losses, companies must engage in proper planning for backup and recovery of information systems and data. Known as Disaster Recovery Plans which includes Maintenance of HOT Sites , WARM Sites and COLD Sites Technical Failures. Technical failures include problems with hardware and software. The most common hardware problem is a crash of a hard disk drive The most common software problem is errors—called bugs—in computer programs. Software bugs are so common that entire web sites are dedicated to documenting them. Ex: www.bug- track.com and www.bugaware.com. Management Failures. Management failures involve a lack of funding for information security efforts and a lack of interest in those efforts. Such lack of leadership will cause the information security of the organization to suffer.
  • 5. 845-HB-KT Q10 ) Explain any three ethical issues related to e-commerce. Page no : 223 Ethical Issues Most of the ethical and global issues related to IT also apply to e-business. Here we consider two basic issues Privacy Job loss. By making it easier to store and transfer personal information, e-business presents some threats to privacy. To begin with, most electronic payment systems know who the buyers are. It may be necessary, then, to protect the buyers’ identities. Businesses frequently use encryption to provide this protection. Another major privacy issue is tracking. For example, individuals’ activities on the Internet can be tracked by cookies. Cookies store your tracking history on your personal computer’s hard drive, and any time you revisit a certain Web site, the computer knows it In response, some users install programs to exercise some control over cookies and thus restore their online privacy. In addition to compromising employees’ privacy, the use of EC may eliminate the need for some of a company’s employees, as well as brokers and agents. The manner in which these unneeded workers, especially employees, are treated can raise ethical issues: How should the company handle the layoffs? Should companies be required to retrain employees for new positions? If not, how should the company compensate or otherwise assist the displaced workers?