Chapter 12 - Managing Information Security and Privacy (Summary Notes)

Chapter 12 - Managing Information Security and Privacy (Summary Notes)

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Chapter 12 – Managing Information Security and Privacy WHAT ARE T HE SOURCES AND TYPES OF SECUR I TY T HREATS 3 sources of security threats are: o Human error and mistakes – include accidental problems caused by both employees and non-employees. Ex: an employee who accidently deletes customer records. This also includes physical accidents such as poring coffee onto a pc. o Malicious human activity – involves employees and former employees who intentionally destroy data or other system components. This includes hackers, worm writers and people who provide unwanted emails (spam ) and terrorism. o Natural events and disasters – includes fires, floods, hurricanes, earthquakes, and other acts of nature . Problems in this category include not only the initial loss of capability and service, but also losses stemming from actions to recover from the initial problem. The 5 types of security problems are: o Unauthorized data disclosure o Incorrect data modification o Faulty service o Denial of service o Loss of infrastructure UNAUTHORIZED DATA DISCLOSURE Unauthorized data disclosure can occur by human error when someone inadvertently releases data in violation of policy. Ex: a university posting student names and associated grades in a public place. The popularity and efficacy of search engines has created another source of inadvertent disclosure. Of course, proprietary and personal data can also be released maliciously. o Pretexting – occurs when someone deceives by pretending to be someone else. Ex: a telephone caller who pretends to be from a credit card company and claims to be checking the validity of credit card numbers. o Phishing – it uses pretexting via email. The phisher pretends to be a legitimate company and sends an email requesting confidential data. o Spoofing – is another term for someone pretending to be someone else. Ex: if you pretend to be your professor. IP spoofing occurs when an intruder uses another site’s IP address as if it were that other site. Email spoofing is a synonym for phishing. o Sniffing – a technique for intercepting computer communications. With wired networks, sniffing requires a physical connection to the network. With wireless networks, no such connection is required: drive-by sniffers simply take computers with wireless connections through an area and search for unprotected wireless networks. They can monitor and intercept wireless traffic at will. Even protected wireless networks are vulnerable. Spyware and adware are to techniques. INCORRECT DATA MODIFICATION Examples include incorrectly increasing a customer’s discount or modifying an employee’s salary, earned days of vacation, and annual bonus. These can occur when employees follow procedures incorrectly or when procedures have been incorrectly designed. Companies should ensure separation of duties and multiple checks on transactions....
View Full Document

This note was uploaded on 03/23/2010 for the course COMP SCI 1032 taught by Professor Goldstein during the Winter '10 term at UWO.

Page1 / 14

Chapter 12 - Managing Information Security and Privacy (Summary Notes)

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online