Security and Privacy.docx

Security and Privacy.docx - Security and Privacy...

This preview shows page 1 - 2 out of 10 pages.

Security and Privacy - Information security: o must be a top organizational priority o is not just a technology problem; a host of personnel and procedural factors can create and amplify a firm’s vulnerability A constant vigilance regarding security needs to be part of individual skill sets and a key component of organizations’ culture Factors Affecting Information Security: o Interconnected, interdependent, wirelessly-networked business environment o Lack of strict government legislation o Smaller, faster, cheaper, and portable computers and storage devices o Availability of hacking software/code o Involvement of International organized crime o Lack of downstream liability laws o Increased employee use of unmanaged devices o Lack of management support Key Information Security terms Risk : likelihood that threat will occur Vulnerability: likelihood that threat will harm the system Exposure : potential harm if threat breaks the controls and comprises the resources Categories of Threats to Information Systems - Unintentional acts o Human Errors (shoulder surfing, tailgating), Quality of service from service providers, Environmental Hazard o Social and reverse social engineering Social engineering is an attack where the attacker uses social skills to trick a legitimate employee into providing confidential company information such as passwords.) - Deliberate acts (espionage, sabotage, cyberterrorism, cyberwarfare, intellectual property violation –piracy, copyright, patent- identity theft) o Intellectual property compromise - Intellectual property (trade secret, patent, copyright) - Software Piracy (illegal copying, distributing copyrighted material) - Natural disasters (damage to physical facilities) - Technical failures (software bug, hardware crash) - Management failures
Image of page 1

Subscribe to view the full document.

Motivations for Criminals 1° Steal Data → Engage in identity fraud, illegal financial transactions 2° Extortion → Demand payment in return for not attacking (such as DDos) a firm’s IT system or for not hacking (and exposing private/confidential) firm’s data. 3° Hide trace of their criminal act → Compromise computing assets for illegal acts (spamming, click fraud, DDos attacks) to make it difficult to trace/link. 4° Corporate espionage → By insiders, rivals, or even foreign governments 5° Terrorism and Cyberwarfare → Devastating technology disruptions by terrorists or military/countries (Compromising a key component in an oil refinery, force it to overheat, and cause an explosion; Taking out key components of vulnerable national power grids) 6° Pranks (E.g., set off rumors that could have widespread repercussions) 7° Protest → Hacking into a system to make a political point (hacktivism) 8° Revenge → By disgruntled employees Response to CyberCrime - Law enforcement agencies dealing with computer crime are increasingly outnumbered, out-skilled, and underfunded
Image of page 2
You've reached the end of this preview.
  • Winter '08
  • ANIMESH

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern