100%(4)4 out of 4 people found this document helpful
This preview shows page 2 - 3 out of 3 pages.
Hacking. *Incorrect data modification: Procedure incorrectly designed or not followed, Increasing a customer's discount or incorrectly modifying employee's salary, Placing incorrect data on company web site, Improper internal controls on systems, System errors, Faulty recovery actions after a disaster. *Faulty service: Due to incorrect system operations, Incorrect data modification, Systems working incorrectly, Procedural mistakes, Programming errors, IT installation errors (Usurpation: occurs when computer criminals invade a computer system and replace legitimate programs with their own). *Denial of Service: Human error may lead to shutdown of critical applications, DoS attack - malicious hacker intentionally floods a web server with millions of bogus service requests. *Loss of InfrastructureGoal of IS security To protect information by finding an appropriate trade-off between risk of loss and cost of implementing safeguardsHow big is the computer security problem?*No one knows exact cost of computer crime. *Cost of computer crime based on surveys. *Data loss single most expensive consequence of computer crime, accounting for 44% of losses in 2013. *80% of respondents believe data on mobile devices poses significant risks. *Median cost of computer crime increasing. *Malicious insiders increasingly serious security threat. *Data loss is principal cost of computer crime. *Survey respondents believe mobile device data a significant security threat.How should you respond to security threats? How should organizations respond to security threats? *Personal Security Safeguards: Take security seriously, Create Strong Passwords, Use Multiple passwords, Send no valuable data via email or IM, Use https at trusted reputable vendors, Remove high-value assets from computers, Clear browsing history, temporary files, and cookies, Regularly update antivirus software, Demonstrate security concern to your fellow workers, Follow organizational security directives and guidelines, Consider security for all business initiatives. *Organizational safeguards: Technical Safeguards (Identification and authorization, Encryption, Firewalls, Malware protection, Application design), Data safeguards (Data rights and responsibilities, Passwords, Encryption, Backup and recovery, Physical security) Human Safeguards (Hiring, Training, Education, Procedure Design, Administration, Compliance, Accountability) *Implement a security policy that stipulates: Management must establish company-wide security policies, What sensitive data the organization will store? How it will process that data? Whether data will be shared with other organizations, How employees and others can obtain copies of data stored about them? How employees and others can request changes to inaccurate data, What employees can do with their own mobile devices at work? As a new hire, seek out your employer’s security policy.