Register now to access 7 million high quality study materials (What's Course Hero?) Course Hero is the premier provider of high quality online educational resources. With millions of study documents, online tutors, digital flashcards and free courseware, Course Hero is helping students learn more efficiently and effectively. Whether you're interested in exploring new subjects or mastering key topics for your next exam, Course Hero has the tools you need to achieve your goals.
10 Pages
ITS1V3
Course: GBA 547, Fall 2009School: Cal Poly Pomona
Rating:
Word Count: 1484
Document Preview
Privacy Integrity, and Security of IT in the 21st Century Sub Module 8-3 CIS 310 Organizational Responsibilities Governance, Managing, Securing and Controlling IT IT Security Management Starts with Management commitment and support It is applied the beginning of design and extends throughout the life of the system IT Security Management involves: Security Policy User Information Configuration management...
Unformatted Document Excerpt
Coursehero >> California >> Cal Poly Pomona >> GBA 547Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
Privacy Integrity, and Security of IT in the 21st Century
Sub Module 8-3 CIS 310 Organizational Responsibilities Governance, Managing, Securing and Controlling IT
IT Security Management
Starts with Management commitment and support It is applied the beginning of design and extends throughout the life of the system IT Security Management involves:
Security Policy User Information Configuration management Design Documentation and other activities to secure the organizations data and information assets
Security Extends through the life cycle even on the Net
Design Develop Implement Test Production Maintenance
1
Management involvement includes:
Determine which information is critical to the business Define who creates the critical information Specify who uses that information Determine what would happen if that critical information was stolen, corrupt or lost
Management Involvement includes: Cont.
Specify how long the company can operate without access to the critical data A Contingency Plan and Business Continuity Plan that works
IT Governance
Information Technology is a resource shared by all within an organization, therefore Governance is needed. IT Governance recognizes the need for security, privacy, control and management of this resource. As partners in governance, they assist in the prioritization, planning and support of these goals.
2
Management involvement does not include a Contingency Plan that works.
A) True B) False
Correct - Click anywhere to continue Your answer:
Incorrect - Click anywhere to continue
You did not answer this You answered this correctly! question completely The correct answer is: Try again
Submit
Clear
Information System Security Managerial Techniques Assessing Risk Security Audit identifies all aspects of information systems and business processes that use them Risk Analysis assesses the value of assets being protected Alternatives based on Risk Analysis:
Risk Reduction implementing active counter measures to protect systems (e.g. firewalls) Risk Acceptance implementing no counter measures Risk Transference transferring riskbuying insurance
Controlling Access Keeping information safe by only allowing access to those that require it to do their jobs Authentication verifying identity before granting access (e.g. passwords) Access Control Granting access to only those system areas where the user is authorized (e.g. accounting)
Controls and Authentication
3
Information System Security Managerial Techniques Organizational Policies and Procedures Acceptable Use Policies formally document how systems should be used, for what, and penalties for non-compliance Backups and Disaster Recovery Backups taking periodic snapshots of critical systems data and storing in a safe place or system (e.g. backup tape) Disaster Recovery Plans spell out detailed procedures to be used by the organization to restore access to critical business systems (e.g. viruses or fire) Disaster Recovery executing Disaster Recovery procedures using backups to restore the system to the last backup if it was totally lost
Standards and Risk
Authentication means verifying identity before granting access (e.g. passwords) A) True B) False
Correct - Click anywhere to continue Your answer:
Incorrect - Click anywhere to continue
You did not answer this You answered this correctly! question completely The correct answer is: Try again
Submit
Clear
4
Securing and Controlling
Issues confronting organizations range from:
Spam Cookies Viruses Spyware and these all cost organizations money in lost productivity
Also, who has access and to what and why?
Information Property Gathering and Uses Spam (see Chapter 4 for definition) This unsolicited e-mail can come from reputable sites selling your information. Possible problems from spam include: Viruses in attachments or links Added to other spam lists by responding Slows systems by taking up resources disk space Cookies These files stored on a computer do have legitimate uses but they also can: Store and transmit information about online habits including, sites visited, purchases made, etc. Prevent accessing sites when cookies are refused Collect and combine information with other information to build a personal profile to be sold
Information Property Gathering and Uses Spyware These stealth computer applications are installed and then collect information about individuals without their knowledge. Currently this technology is not illegal Spyware Issues Spyware applications collect and transmit, or use, this information locally in several ways including: Sale of information to online marketers (spammers) Illegal uses such as identity theft Modify user experience to market to the user by presenting ad banners, pop-ups, etc. (Adware)
5
Information Accessibility
Information Accessibility Concerned with defining what information a person or organization has the right to obtain about others and how that information is used Who has access? Besides personal access, other parties have the legal right to access and view information private including: Government using advanced software packages (e.g Carnivore), e-mail traffic and all online activity can be monitored in real-time or after the fact Employers they can legally limit, monitor or access activities on company-owned computers or networks as long as policy has been distributed to employees
Information Access Example of Carnivore
Spyware are stealth computer applications which are installed and then collect information about individuals without their knowledge.
A) True B) False
Correct - Click anywhere to continue Your answer:
Incorrect - Click anywhere to continue
You did not answer this You answered this correctly! question completely The correct answer is: Try again
Submit
Clear
6
The Need of Ethical Behavior
Ethical Behavior Illegal versus unethical behavior is an information age concern. Though activities are not explicitly illegal, questions exist of whether they are unethical such as: Photograph manipulation/modification in this circumstance, the photograph not longer reflects absolute reality Unauthorized use of computers at work or at school, stealing time for personal business or use Information collection by companies compiling information to sell for profit
Responsible Computer Use
Guidelines In area of ethics, we rely on guidelines to guide behavior. These guidelines can come from many organizations The Computer Ethics Institute developed these guidelines for ethical computer use that prohibit the following behaviors:
Using a computer to harm others Interfering with other peoples computer work Snooping in other peoples files Using a computer to steal Using a computer to bear false witness Copying or using proprietary software without paying for it Using other peoples computer resources without authorization or compensation Appropriating other peoples intellectual output
Responsible Computer Use
The guidelines from the Computer Ethics Institute also recommend the following when creating programs or using computers: Thinking about the social consequences of programs you write and systems you design (e.g Napster, or a piece of Spyware) Using computers in way that show consideration and respect for others (e.g. proliferation of viruses, instant messaging, etc.)
7
Review
IT Security Starts with Management Commitment and Support IT Governance recognizes the need for security, privacy, control and management of this resource. As partners in governance, they assist in the prioritization, planning and support of these goals.
Review (Cont)
Assessing Risk includes:
Security Audit identifies all aspects of information systems and business processes that use them Risk Analysis assesses the value of assets being protected
Securing and Controlling focuses on protection against malicious attacks and who has proper access Ethics is an organization issue which requires education, communication, monitoring and enforcement. Even in using IT, one must do so with ethics in mind and becoming a responsible Computer User.
IT Securit...
Find millions of documents on Course Hero - Study Guides, Lecture Notes, Reference Materials, Practice Exams and more.
Course Hero has millions of course specific materials providing students with the best way to expand
their education.
Below is a small sample set of documents:
Below is a small sample set of documents:
Cal Poly Pomona - GBA - 547
Management and Decision MakingSub Module 4-8 / CIS 310 Conclusion and Key PointsA Revisit to Learning Objectives for Module 41. Can you describe the characteristics that differentiate the operational, managerial, and executive levels of an organi
Cal Poly Pomona - GBA - 547
Management and Decision MakingSub Module 4-5 / CIS 310 Expert Systems In BusinessExpert SystemsExpert Systems have been around for a while. One of the first uses was in the area of taxes Since then they have expanded in applicability toMedical
Columbia - CS - 4160
Computer Graphics (Fall 2005)COMS 4160, Lecture 7: Curves 2http:/www.cs.columbia.edu/~cs4160To Do Start on HW 2 (cannot be done at last moment) This (and previous) lecture should have all information need Start thinking about partners for HW 3
Cal Poly Pomona - PHY - 132
Physics 132 NameExam #1Winter 2001PLEASE READ THIS FIRST: Work the problems on separate sheets of paper and staple this sheet to the front. Read each problem carefully. Show your work and/or give brief explanations for all answers. (But there i
Evergreen - ENERGY - 0405
Winter wk 4 Thus.27.Jan.05 Ch.28: Magnetic fields How to make a magnetic field Magnetic forces and fields Charge/mass ratio Charges circulate around B fields Magnetic force on current-carrying wire Solar applicationsEnergy Systems, EJZHow
Evergreen - ENERGY - 0405
Energy - Cassedy & Grossman - Energy Systems fall week 6 - 1 Nov 2004 - EJZ Table 4.1 Table 4.3 Table 4.1 E/GDP Real Price E/GDP efficiency*50 1973 22.7 76 22.7 22.03 1975 21.9 99 21.9 22.83 1977 21.59 103 21.59 23.16 1979 29.78 115 29.78 16.79 1981
Evergreen - ENERGY - 0405
Rubric for Evaluation of EvaluationsCreated by TESC Writing CenterWhat is the driving idea behind the evaluation? Content: Does the evaluation cover or mention all that the student feels that it should? Are there any unnecessary details? Does the
Maryland - CMSC - 828
CMSC 828F Intro to HCI (Grad)Future interactive devices from IDEOFranois Guimbretire CSI 2120 Tue-Thu 2:00 - 3:15CMSC 838G Administrivia Instructor Franois Guimbretire Human computer interaction Paper based computing Pen based interactions
UCSC - CMPE - 110
Tue Mar 22 15:25:32 PST 2005Tue Mar 22 15:25:32 PST 2005 MSB ?LSB ? word address A<> <>A+3 A+2 A+1 AA+3 A+2 A+1 A littleendianBIGendianPa
UCSC - CMPE - 110
Tue Mar 22 15:25:14 PST 2005 <> Page 1 Tue Mar 22 15:25:14 PST 2005 byte addresses 9 8 7 6 5 4 3 2 1 0 8 bits =
UCSC - OCEA - 211
Ocean CirculationBenjamin Franklins Map of the Gulf StreamSea Surface Temperature (SST) More solar radiation in the tropics than at higher latitudes, means the ocean is warmest in the tropics.The Westerlies and Storm Track In wintertime, cold
UCSC - OCEA - 101
Ocean Sciences 101The Marine Environment NAME:_Midterm Exam SECTION:_OCEA 101 THE MARINE ENVIRONMENT MID-TERM EXAM Part I. Multiple Choice Questions. Choose the one best answer from the list, and write the letter legibly in the blank to the left
Maryland - CLASS - 221
10.4: Applications of Linear Differential Equations Recall that in Chapter 4.3, we described a very simple model for bank accounts and interest. We had a situation where an account had balance P (t) at time t, and that if the interest being accumulat
VCU - GEN - 619
VCU - PSY - 691
Genetic Risk Assessment and Genetic Counseling ResearchJohn Quillin Human Genetics Virginia Commonwealth UniversityOutline for today Of Risk and Popcorn Cancer Risk Factors Genetic Risk Assessment Implications for Cancer Control Genetic Couns
VCU - INFO - 658
October 24, 2007ADVERTISINGIn Foray Into TV , Google Is to Track Ad Audiences By BRIAN STELTER Google, which dominates the market for advertising on the Internet, seems to be hoping to do the same thing on television. The company is set to anno
UCSC - CMPE - 110
byte addresses 9 8 7 6 5 4 3 2 1 0 0 32 bits = 1 word 4 32 bits = 1 word 8 word addresses8 bits = 1 byte
Sveriges lantbruksuniversitet - CMPT - 361
Today 2D and 3D Geometric Objects and TransformationsGeometry basics Affine transformations Use of homogeneous coordinates Concatenation of transformations 3D transformationsRichard (Hao) ZhangIntroduction to Computer Graphics CMPT 361 Lecture 7
Maryland - ECE - 434
Maryland - ECE - 610
File: 610f0_01 RWN 09/01/00 ENEE 610 Problems to Consider #1 1. Given f(s) defined as a function of the complex variable s and analytic for all s with Re(s)>0, a Richards' function r(s,f) is defined by [text, p. 361]r(s, f) = f(k) kf(s) - sf(k) kf(k
Maryland - ECE - 610
File: 610f0_01 RWN 09/01/00 ENEE 610 Problems to Consider #1 1. Given f(s) defined as a function of the complex variable s and analytic for all s with Re(s)>0, a Richards' function r(s,f) is defined by [text, p. 361]r(s, f) = f(k) kf(s) - sf(k) kf(k
Maryland - ECE - 610
File: 610f0_02 RWN 09/08/00 ENEE 610 Problems to Consider #2 1. For the following circuits set up oriented graphs, choose a tree, and find the associated cut set and tie set matrices; check that these latter have the desired relationship. For a) and
Maryland - ECE - 610
File: 610f0_03 RWN 09/11/00 ENEE 610 Problems to Consider #3 1. A single-valued continuous piecewise linear circuit can be described byN y(x) = b 0 + b x + b i abs(x - x i ) i =1(3.1)where there are N break points xi. Approximate the tunnel
Maryland - ECE - 610
File: 610f0_04 RWN 09/15/00 ENEE 610 Problems to Consider #4 1. For the two back to back VCCSs shown below show that for real gains G1 and G2 the two port is passive if and only if G2 = -G1 in which case the circuit realizes a gyrator.2. Find the I
Maryland - ECE - 610
File: 610f0_06 RWN 10/06/00 ENEE 610 Problems to Consider #63s + 5s 1. For the input admittance y(s) = 10s 2 +10s+6 create a set of semistate equations which yield 10 3s + 5s + it. Check that you do obtain y(s). Repeat on y(s) = 10s 2 +10s+6 s 22sas
Maryland - ECE - 610
Maryland - ECE - 610
file:\ee610\610F0des.docdisk: Courses Fall 2000 08/30/00b RWNENEE 610 - Fall 2000 Course Description 1. Course: ENEE 610, Electrical Network Theory 2. Time: M W 17:00 - 18:15 3. Place: Room CHM 0115 4. Instructor: R. W. Newcomb Office: AVWII-1347
Maryland - ECE - 610
file:\ee610\610F0des.docdisk: Courses Fall 2000 08/30/00 RWNENEE 610 - Fall 2000 Course Description 1. Course: ENEE 610, Electrical Network Theory 2. Time: M W 17:00 - 18:15 3. Place: Room CHM 0115 4. Instructor: R. W. Newcomb Office: AVWII-1347;
Maryland - ECE - 610
file:a:\Fall00\EE610\610f0ppr.docdisk: Courses Fall 2000RWN10/09/00ENEE 610 - Fall 2000 Network Theory, MW 5:00-6:15 Room CHM 0115 Paper Choices Student/present dates Crouse/Section:Email address Commentator for / by Aya F. Abdelaziz ayafekry
Maryland - ECE - 610
file:a:\spring00\EE610\610f00.tim.docdisk:Courses Fall 2000 ENEE 610 Fall 2000 Network Theory Time Schedule MW 17:00-18:15; CHM 0115RWN08/30/00- 09/20/00bMondayWednesday 08/30/00 OrganizeMonday 09/04/00 Holiday (Labor Day)Wednesday 09/0
Maryland - ECE - 610
ENEE610 Homework Assignment #1, 09/20/2000 LJ Due on 09/27/2000 Problem I (50 pts) Please refer to the Problem to Consider #2. Just do steps 1,2,3 and 4 for circuit (b) Problem II (20 pts) Please refer to problem 1 in Problem to Consider #4 Problem I
Maryland - ECE - 610
ENEE610 Homework Assignment #2, 09/27/2000, LJ Due 10/04/2000 Problem I (50 pts)For the above circuit 1. Find the open-circuit impedance matrix. 2. Find the short-circuit admittance matrix 3. Obtain the current scattering matrix. Problem II (15 pts
Maryland - ECE - 610
ENEE 610 Homework Assignment #3, 10/4/2000 LJ Due 10/11/2000 Please refer to 'problem to consider #5" questions 1, 3, and 4.
Maryland - ECE - 610
ENEE610 HW #4, LJ, 10/11/00 Due 10/25/00 1. Please refer to problem 2 in 'problem to consider #6" Need to derive the semistate first 2. Please refer to problem 4 in 'problem to consider #6"
Maryland - ECE - 610
file: c:\courses\fall00\610\ee610rpt.docdisk: courses Fall 2000RWN 10/23/00ENEE 610 Design Report Grading Form Student: Paper Title: Base Paper: 1. Comprehension (5pts) and explanation (10pts) of circuit operation; 15 points2. Depth of study;
Maryland - ECE - 610
Maryland - ECE - 610
Maryland - ECE - 610
Maryland - ECE - 610
Maryland - ECE - 610
Maryland - ECE - 610
Maryland - ECE - 610
Maryland - ECE - 610
Maryland - ECE - 610
Maryland - ECE - 610
Maryland - ECE - 610
Maryland - ECE - 610
Maryland - ECE - 610
Maryland - ECE - 610
Maryland - ECE - 610
Maryland - ECE - 610
Maryland - ECE - 610
Maryland - ECE - 610
Maryland - ECE - 610
Maryland - ECE - 610
Maryland - ECE - 610
File: ee610fnlstud.docRWN11/26/00ENEE 610 Final Exam Study Points I. Study the circuits listed under the following students for the group in which you were: 1. Azedeh Davoodi presented in first group 2. Thanongsak Himsoon presented in first g
Maryland - ECE - 610
File: ee610fnlstud2.docRWN12/11/00ENEE 610 Final Exam Study Points - update I. Study the circuits listed under the following students - include in your study setting up of semistate equations and determination of small signal, steady state and
Maryland - ECE - 434
File:c:\temp\courses\spring2005\434\434finalS05.doc RWN 05/19/05ENEE434 Spring 2005 Final Exam 100 points; 120 minutes, open book, open notes; if stuck go on to the next; good luck! Show your work for partial credit. 1. [50 points, 45 minutes] A ne
Maryland - ECE - 417
ENEE 41ENEE 417 S09 paper choices 03/26/09Section 2 Th 2-5 Gines, Enrique Jose C.-X. Wang, P.-M. Lee, C.-F. Wu and H.-L. Wu, "High Fan-In Dynamic CMOS Comparators with Low Transistor Count," IEEE Transactions on Circuits and Systems I, Vol. 50, No
Maryland - ECE - 417
file:C:\temp\courses\spring2009\417\417pprdes.docRWN01/24/09ENEE 417 - Spring 2009 Term Paper Description The term paper should have a thorough discussion of your base paper and 1. Be no longer than 10 pages (1.5 space, 12 point) 2. Follow the
Maryland - ECE - 417
Guide to the Curve Tracer in LabVIEWEric Tan, 1/26/03 Updated 09/15/06 YYS and 02/06/09RWN1. How to use?First of all, you need to set-up the channel names. Refer to the tutorials for "Measurement & Automation Explorer". The Channel names that I s