Chapter 12 - Chapter 12 MIS 235 Security threats A problem...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Chapter 12 MIS 235 Security threats – A problem with the security of an information system or the data therein caused by human error, malicious activity, or natural disasters. Human error and mistakes: include accidental problems caused by both employees and nonemployees. Ex: an employee who misunderstands operating procedures and accidentally deletes customer records. Or if an employee inadvertently installs an old database on top of a current one or driving, also includes poorly written application programs and poorly designed procedures. Finally, it includes physical accidents like driving a car through the wall of a computer room. Malicious human activity: employees and former employees who intentionally destroy data or other system components. Also includes hackers who break into a system as well as virus and worm writers who infect computer systems and finally includes outside criminals who break into a system to steal for financial gain; terrorism. Natural events and disasters: includes fires, floods, hurricanes, earthquakes, tsunamis, avalanches, and other acts of nature. Five types of security problems: 1. Unauthorized data disclosure – when a person inadvertently releases data in violation of policy. a. Pretexting – occurs when someone deceives by pretending to be someone else. b. Phishing – a similar technique for obtaining unauthorized data that uses pretexting via email. c. Spoofing – another term for someone pretending to be someone else. d. IP spoofing – occurs when an intruder uses another site’s IP address as if it were that site. e. Email Spoofing – a synonym for phishing. f. Sniffing – technique for intercepting computer communications. It requires a physical connection to the network. g. Driveby Sniffers – simply take computers with wireless connections through an area and search for unprotected wireless networks. 2. Incorrect Data Modification – incorrectly increasing a customer’s discount or incorrectly modifying an employee’s salary, earned days of vacation, or annual bonus. Can occur through human error or when procedures have been incorrectly designed. System errors = lost update problem. a. Hacking – occurs when a person gains unauthorized access to a computer system. 3. Faulty service – includes problems that result because of incorrect system operation. Could include incorrect data modification, systems that work incorrectly by sending the wrong goods to the wrong customer, incorrectly billing customers, or sending the wrong information to employees.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 4

Chapter 12 - Chapter 12 MIS 235 Security threats A problem...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online