Recommended
More Related Content
Similar to Question 1 Discuss some human safeguards for employees that can .docx
Similar to Question 1 Discuss some human safeguards for employees that can .docx (20)
More from IRESH3
More from IRESH3 (20)
Recently uploaded
Recently uploaded (20)
Question 1 Discuss some human safeguards for employees that can .docx
- 1. Question 1 Discuss some human safeguards for employees that can ensure the security of information systems. Your response should be at least 200 words in length. You are required to use at least your textbook as source material for your response. All sources used, including the textbook, must be referenced; paraphrased and quoted material must have accompanying citations. Question 2 How should organizations respond to security threats? Your response should be at least 200 words in length. You are required to use at least your textbook as source material for your response. All sources used, including the textbook, must be referenced; paraphrased and quoted material must have accompanying citations. Question 3 Research disaster recovery plans (IS). Be sure to review your lessons and assigned readings. • Assume there are two generic companies, one with and the other without a disaster recovery plan. • Title your response under one of the following headings: oReasons why the company survived oReasons why the company did not survive • Explain the type of disaster, the plan your company had in place, and why the company did or did not survive. • Be sure to use your research to support your post. Your response should be at least 200 words in length. You are required to use at least your textbook as source material for your response. All sources used, including the textbook, must
- 2. be referenced; paraphrased and quoted material must have accompanying citations. Could Someone Be Getting To Our Data? •Stealing only from weddings of club members •Knowledge: How to access system and database and SQL •Access: Passwords on yellow stickies; many copies of key to server building •Suspect: Greens keeper guy’s “a techno-whiz,” created report for Anne, knows SQL and how to access database What Types of Security Loss Exists? Unauthorized Data Disclosure •Pretexting •Phishing •Spoofing –IP spoofing –Email spoofing •Drive-by sniffers •Hacking •Natural disasters Incorrect Data Modification •Procedures not followed or incorrectly designed procedures •Increasing a customer’s discount or incorrectly modifying employee’s salary •Placing incorrect data on company Web site •Improper internal controls on systems •System errors •Faulty recovery actions after a disaster Faulty Service •Incorrect data modification •Systems working incorrectly •Procedural mistakes •Programming errors
- 3. •IT installation errors •Usurpation •Denial of service (unintentional) •Denial-of-service attacks (intentional) Loss of Infrastructure Human accidents Theft and terrorist events Disgruntled or terminated employees Natural disasters Goal of Information Systems Security •Threats can be stopped, or at least threat loss reduced •Safeguards are expensive and reduce work efficiency •Find trade-off between risk of loss and cost of safeguards Using MIS InClass 12: Phishing for Credit Cards, Identifying Numbers, Bank Accounts •In this exercise, you and a group of your fellow students will investigate phishing attacks. •Search the Web for phishing, be aware that your search may bring the attention of an active phisher. •Therefore, do not give any data to any site that you visit as part of this exercise! What Are the Elements of a Security Policy? Elements of Security Policy Managing Risks •Risk — threats & consequences we know about •Uncertainty — things we do not know that we do not know 1.General statement of organization’s security program 2.Issue-specific policy 3.System-specific policy Risk Assessment and Management Risk Assessment •Tangible consequences. •Intangible consequences
- 4. •Likelihood •Probable loss Risk-Management Decisions •Given probable loss, what to protect? •Which safeguards inexpensive and easy? •Which vulnerabilities expensive to eliminate? •How to balance cost of safeguards with benefits of probable loss reduction? Ethics Guide: Security Privacy Legal requirements to protect customer data •Gramm-Leach-Bliley (GLB) Act (1999) •Privacy Act of 1974 •Health Insurance Portability and Accountability Act (HIPAA) (1996) •Privacy Principles of the Australian Privacy Act of 1988 Ethics Guide: Security Privacy What requirements does your university have on data it maintains about you? •No federal law •Responsibility to provide public access to graduation records •Class work, email, exam answers not covered under privacy law •Research covered under copyright law, not privacy law System Access Protocols Kerberos •Single sign-on for multiple systems •Authenticates users without sending passwords across network. •“Tickets” enable users to obtain services from multiple networks and servers. •Windows, Linux, Unix employ Kerberos Wireless Access •VPNs and special security servers •WEP (Wired-Equivalent Privacy)
- 5. •WPA, WPA2 (WiFI Protected Access) Malware Safeguards 1.Antivirus and antispyware programs 2.Scan frequently 3.Update malware definitions 4.Open email attachments only from known sources 5.Install software updates 6.Browse only reputable Internet neighborhoods Bots, Botnets, and Bot Herders •Bot uncontrolled by user ery malicious, others annoying •Botnet Human Safeguards for Nonemployee Personnel •Nonemployee personnel •Contract personnel urity responsibilities •Public Users Account Administration •Account Management permissions, removal of unneeded accounts. •Password Management frequently •Help Desk Policies
- 6. Security Monitoring Functions •Activity log analyses •In-house and external Security testing Responding to Security Incidents •Human error & Computer crimes contact, data to gather, and steps to reduce further loss •Centralized reporting of all security incidents •Incident-response plan •Emergency procedures Q7: 2022? •Challenges likely to be iOS and other intelligent portable devices •Harder for the lone hacker to find vulnerability to exploit •Continued investment in safeguards •Continued problem of electronically porous national borders Guide: Security Assurance, Hah! •Employees who never change password or use some simpleton word like “Sesame” or “MyDogSpot” or something equally absurd •Notes with passwords in top drawer of desks •Management talks about security risk assurance and should enforce real security Guide: The Final, Final Word •Routine work will migrate to lower-labor-cost countries •Be a symbolic-analytic worker
- 7. Case 12: Moore’s Law, One More Time … •Doubling CPU speed helps criminals •iOS, Android phones, and millions of mobile devices increase data communications and exponential opportunities for computer criminals.