MIS Week 10

?
  • Created by: jmf00632
  • Created on: 09-01-20 12:44
Malware (Malicious Malware) - viruses
Rogue software program that attaches itself to other software programs or data files in order to be executed
1 of 53
Malware (Malicious Malware)- worms
Independent computer programs that copy themselves from one computer to other computers over a network
2 of 53
Malware (Malicious Malware)- trojan horses
Software program that appears to be benign but then does something other than expected
3 of 53
Malware (Malicious Malware- spyware
small prgramms install themselves surreptitiously on computers to monitor user Web surfing activity and serve up advertising
4 of 53
Malware (Malicious Malware)- key loggers
Record every keystroke on computer to steal serial numbers, passwords, launch Internet attacks
5 of 53
Malware (Malicious Malware)- Adware
Software that allows internet advertisers to display unwanted advertisements
6 of 53
Malware (Malicious Malware)- ransomware
Software that blocks access to a computer system until a sum of money (ransom) is paid.
7 of 53
•Black-hat hacker:
hacker with criminal intention
8 of 53
white hat hacker
Security expert working for a company
9 of 53
cyberterrorist
Hacker seeking to harm people by destroying computer systems
10 of 53
hacktivist
Someone who uses technology to announce a social, ideological, religious, or political message.
11 of 53
sciprt kiddy
Non-expert who breaks into computer systems by using pre-packaged automated tools written by others
12 of 53
hacking techniques / attacks - spoofing
Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else •Redirecting Web link to address different from intended one, with site masquerading as intended destination
13 of 53
sniffer
Eavesdropping program that monitors information traveling over network
14 of 53
•Denial-of-service attacks (DoS):
flooding server with thousands of fake reports to crash the system
15 of 53
Distributed denial-of-service attacks (DDoS):
use of numerous computers to launch a doss
16 of 53
botnets
Networks of “zombie” PCs infiltrated by bot malware
17 of 53
spam
unsolicited bulk e-mail messages advertising indiscriminately
18 of 53
biggest ddos attack so far (on git hub)
The first portion of the attack against the developer platform peaked at 1.35Tbps, and there was a second 400Gbps spike later.
19 of 53
identity theft
Theft of personal Information (social security id, driver’s license or credit card numbers) to impersonate someone else
20 of 53
phishing
Setting up fake Web sites or sending e-mail messages that look like legitimate businesses to ask users for confidential personal data.
21 of 53
evil twins
Wireless networks that pretend to offer trustworthy Wi-Fi connections to the Internet
22 of 53
pharming
Redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser
23 of 53
how much did the biggest financial fraud in history cost societe generale bank?
4.9 bn (£3.7)
24 of 53
IS users are the weakest link - what is social enegineerng?
Tricking employees into revealing their passwords by pretending to be legitimate members of the company in need of information
25 of 53
the 5 most common risj in IS
Misuse of corporate computers, unauthorised application use, unauthorised physical an network access, remote work security and misuse of passwords
26 of 53
lack of secuirty consequences
loss of revenue, lowered market value, legal liability, lowered employee productivity, higher op costs
27 of 53
what does a risk assesment do?
Determines level of risk to firm if specific activity or process is not properly controlled
28 of 53
what does it examine?
o Types of threat o Probability of occurrence during year o Potential losses, value of threat o Expected annual loss
29 of 53
what is involved in information system controls
Methods, policies, and organisational procedures that ensure safety of organisation’s information; accuracy and reliability of its accounting records; and operational adherence to management standards
30 of 53
what is genral controls?
Combination of hardware, software, and manual procedures to create overall control environment o Govern design, security, and use of computer programs and data throughout organisation’s IT infrastructure
31 of 53
types of general control
oSoftware & hardware controls, Computer operations control, Data Security, Implementation and admin controls
32 of 53
access control is...
Policies and procedures to prevent improper access to systems by unauthorised insiders and outsiders
33 of 53
examples.....
o Authentication: who are you? ▪Password systems: something you KNOW ▪Tokens: something you HAVE ❖Smart cards ▪Biometric authentication: something you ARE - e.g. facial recognition
34 of 53
2 examples of Prevention and Resistance Technology
firewall and intrusion detection systems
35 of 53
firewall definition
Hardware and/or software to prevent unauthorised access to private networks
36 of 53
intrustion detection system definition
Monitor vulnerable points on networks to detect and deter intruders
37 of 53
what does the prevention and resitance tech do
oExamines events as they are happening to discover attacks in progress oScans network to find patterns indicative of attacks
38 of 53
where is the firewlall placed?
The firewall is placed between the firm’s private network and the public Internet or another distrusted network to protect against unauthorised traffic
39 of 53
what is encription?
Transforming text or data into cipher text that cannot be read by unintended recipients
40 of 53
what are 2 meathods for ecrypting network traffic
▪Secure Sockets Layer (SSL) and successor Transport Layer Security (TLS) ▪Secure Hypertext Transfer Protocol (SHTTP)
41 of 53
2 meathods of encryption are...
▪Symmetric key encryption ▪Public key encryption
42 of 53
what are digital certificates
Digital certificates help establish the identity of people or electronic assets. They protect online transactions by providing secure, encrypted, online communication
43 of 53
how to ake IS systems secure
•Encrypt everything! •Secure the path! •Backup, backup, backup! •Educate your users! •IT strategy: “focus on vulnerabilities, not opportunities” (Nicholas Carr, 2003).
44 of 53
1. internet challeneges to privacy
Cookies o Tiny files downloaded by Web site to visitor’s hard drive o Identify visitor’s browser and track visits to site o Allow Web sites to develop profiles on visitors
45 of 53
2. internet challeneges to privacy
Web bugs o Tiny graphics embedded in e-mail messages and Web pages o Designed to monitor who is reading a message and transmitting that information to another computer on the Internet
46 of 53
3. internet challeneges to privacy
Spyware o Secretly installed on user’s computer o May transmit user’s keystrokes or display unwanted ads
47 of 53
4. internet challenges ot privacy
web analytics= o The tracking, collection, measurement, analysis and reporting of Internet data for purposes of understanding and optimizing Web usage
48 of 53
privacy: EU VS US
In the US, businesses are allowed to gather transaction information and use this for other marketing purposes VS eu Requires companies to inform people when they collect information about them and disclose how it will be stored and used
49 of 53
in the US...
PATRIOT Act, etc., permits US government entities to monitor Internet users without consent or judicial oversight
50 of 53
KEY POINTS...
•IS are vulnerable to hardware and software problems, natural disasters and user abuse •Hackers may break into IS and steal or damage important information •DDoS, phishing, and identity theft are common forms of hacker attacks
51 of 53
KEY POINTS...
•People are the weakest link because of their lack of knowledge and carelessness •Always choose a strong password and encrypt important information •Passwords, tokens, and biometrics are common forms of IS access control
52 of 53
KEY POINTS..
•Firewall, antivirus, and encryption are some technical solutions to security problem •Online privacy legislation varies from country to country
53 of 53

Other cards in this set

Card 2

Front

Malware (Malicious Malware)- worms

Back

Independent computer programs that copy themselves from one computer to other computers over a network

Card 3

Front

Malware (Malicious Malware)- trojan horses

Back

Preview of the front of card 3

Card 4

Front

Malware (Malicious Malware- spyware

Back

Preview of the front of card 4

Card 5

Front

Malware (Malicious Malware)- key loggers

Back

Preview of the front of card 5
View more cards

Comments

No comments have yet been made

Similar Business Management resources:

See all Business Management resources »See all system security and user privacy resources »