{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Chapter 12 - Chapter 12 MIS 235 Security threats A problem...

Info icon This preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Chapter 12 MIS 235 Security threats – A problem with the security of an information system or the data therein caused by human error, malicious activity, or natural disasters. Human error and mistakes: include accidental problems caused by both employees and nonemployees. Ex: an employee who misunderstands operating procedures and accidentally deletes customer records. Or if an employee inadvertently installs an old database on top of a current one or driving, also includes poorly written application programs and poorly designed procedures. Finally, it includes physical accidents like driving a car through the wall of a computer room. Malicious human activity: employees and former employees who intentionally destroy data or other system components. Also includes hackers who break into a system as well as virus and worm writers who infect computer systems and finally includes outside criminals who break into a system to steal for financial gain; terrorism. Natural events and disasters: includes fires, floods, hurricanes, earthquakes, tsunamis, avalanches, and other acts of nature. Five types of security problems: 1. Unauthorized data disclosure – when a person inadvertently releases data in violation of policy. a. Pretexting – occurs when someone deceives by pretending to be someone else. b. Phishing – a similar technique for obtaining unauthorized data that uses pretexting via email. c. Spoofing – another term for someone pretending to be someone else. d. IP spoofing – occurs when an intruder uses another site’s IP address as if it were that site. e. Email Spoofing – a synonym for phishing. f. Sniffing – technique for intercepting computer communications. It requires a physical connection to the network. g. Driveby Sniffers – simply take computers with wireless connections through an area and search for unprotected wireless networks. 2. Incorrect Data Modification – incorrectly increasing a customer’s discount or incorrectly modifying an employee’s salary, earned days of vacation, or annual bonus. Can occur through human error or when procedures have been incorrectly designed. System errors = lost update problem. a. Hacking – occurs when a person gains unauthorized access to a computer system. 3. Faulty service – includes problems that result because of incorrect system operation. Could include incorrect data modification, systems that work incorrectly by sending the wrong goods to the wrong customer, incorrectly billing customers, or sending the wrong information to employees.
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern