Question 1 Discuss some human safeguards for employees that can ensure the security of information systems. Your response should be at least 200 words in length. You are required to use at least your textbook as source material for your response. All sources used, including the textbook, must be referenced; paraphrased and quoted material must have accompanying citations. Question 2 How should organizations respond to security threats? Your response should be at least 200 words in length. You are required to use at least your textbook as source material for your response. All sources used, including the textbook, must be referenced; paraphrased and quoted material must have accompanying citations. Question 3 Research disaster recovery plans (IS). Be sure to review your lessons and assigned readings. • Assume there are two generic companies, one with and the other without a disaster recovery plan. • Title your response under one of the following headings: oReasons why the company survived oReasons why the company did not survive • Explain the type of disaster, the plan your company had in place, and why the company did or did not survive. • Be sure to use your research to support your post. Your response should be at least 200 words in length. You are required to use at least your textbook as source material for your response. All sources used, including the textbook, must be referenced; paraphrased and quoted material must have accompanying citations. Could Someone Be Getting To Our Data? •Stealing only from weddings of club members •Knowledge: How to access system and database and SQL •Access: Passwords on yellow stickies; many copies of key to server building •Suspect: Greens keeper guy’s “a techno-whiz,” created report for Anne, knows SQL and how to access database What Types of Security Loss Exists? Unauthorized Data Disclosure •Pretexting •Phishing •Spoofing –IP spoofing –Email spoofing •Drive-by sniffers •Hacking •Natural disasters Incorrect Data Modification •Procedures not followed or incorrectly designed procedures •Increasing a customer’s discount or incorrectly modifying employee’s salary •Placing incorrect data on company Web site •Improper internal controls on systems •System errors •Faulty recovery actions after a disaster Faulty Service •Incorrect data modification •Systems working incorrectly •Procedural mistakes •Programming errors •IT installation errors •Usurpation •Denial of service (unintentional) •Denial-of-service attacks (intentional) Loss of Infrastructure Human accidents Theft and terrorist events Disgruntled or terminated employees Natural disasters Goal of Information Systems Security •Threats can be stopped, or at least threat loss reduced •Safeguards are expensive and reduce work efficiency •Find trade-off between risk of loss and cost of safeguards Using MIS InClass 12: Phishing for Credit Cards, Identifying Numbers, Bank Accounts •In this exercise, you and ...