Upgrade to remove ads
Only $35.99/year

IS 3003 Ch 8: Securing Information Systems

Terms in this set (119)

Acceptable Use Policy (AUP)
Acceptable uses of the firm's information resources and computing equipment, including desktop and laptop computers, wireless devices, telephones, and the Internet. Identifies acceptable and unacceptable practices for all users.
Antivirus Software
Prevents, detects, and removes malware, including computer viruses, computer worms, Trojan horses, spyware, and adware. Must perform regular updates. (consider holistic protection)
Why Increase In Attacks
Speed of attacks
More sophisticated attacks
Simplicity of attack tools
Faster detection weaknesses
Delays in user patching
Distributed attacks
Attacks exploit user ignorance & confusion
Information
is an organizational asset - it must be protected
Security:
Policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems

The protection of information from accidental or intentional misuse by persons inside or outside the organization
Controls:
Methods, policies, and organizational procedures that ensure safety of organization's assets; accuracy and reliability of its accounting records; and operational adherence to management standards
Factors Driving the importance of security ...
1. Evolution from mainframe environment to
today's interconnected, wireless, networked
infrastructure
2. Trend toward smaller, faster, cheaper, portable
computers and storage devices
3. Increased employee use of unmanaged devices
4. The computer skills necessary to be a hacker
are decreasing ...
5. International organized crime is taking over
cybercrime
Computer Crime/Fraud
"any violations of criminal law that involve knowledge of computer technology for their perpetration, investigation, or prosecution" [defined by U.S. Department of Justice]

Commission of illegal acts through use of computer or against a computer system - computer may be the object (target) or the instrument of crime
Computers as Targets of Crime
- Breaching the confidentiality of protected
computerized data
- Accessing computer system without authority
- Knowingly accessing a protected computer to
commit fraud.
- Intentionally accessing a protected system and causing
damage, negligently or deliberately
- Knowingly transmitting a program, program
code, or command that intentionally causes
damage to a protected computer
- Threatening to cause damage to a protected
computer
Computer as Instruments of Crime
- Theft of trade secrets
- Unauthorized copying of software or
copyrighted intellectual property, such as
articles, books, music, and video
- Schemes to defraud
- Using e-mail for threats or harassment
- Intentionally attempting to intercept electronic
communications
- Illegally accessing stored electronic
communications, including e-mail and voice mail
- Transmitting or possessing child pornography
using a computer
Identity Theft
- A crime in which an impostor obtains key pieces
of personal information to impersonate someone
else
- The forging of someone's identity for the
purpose of fraud
- "total identity theft" ....
- Identity Theft Resource Center
Click fraud -
occurs when an individual or computer program fraudulently clicks on an online ad without any intention of learning more about the advertiser or making a purchase
Click Farm -
a business that pays employees to click on website elements to artificially boost the status of a client's website or product
CAPTCHA
a program that protects websites against bots by generating and grading tests that humans can pass but current computer programs cannot. For example, humans can read distorted text, but current computer programs can't:
Hardware problems
Breakdowns, configuration errors, damage from improper use or crime, theft of devices
Sets with similar terms