Shared Flashcard Set

Details

bus237 Chapter 12
n/a
23
Business
Undergraduate 1
04/09/2012

Additional Business Flashcards

 


 

Cards

Term
5 Types of Security problems
Definition
1. Unauthorized data disclosure
2. Incorrect Data Modification
- e.g. incorrectly increase customer's discount/ incorrectly modify employee's salary
3. Faulty Service
- incorrect system operation
- systems that work incorrectly by sending the wrong goods to the customer
- Human mistake by making procedural mistakes
4. Denial of service/ Loss of access
- human error in following procedures or a lack of procedures
- e.g. shut down a web server or corporate gateway router by accident by starting a computationally intensive application
5. Loss of infrastructure
- e.g. bulldozer cutting fibre-optic cables, theft, natural infracstructure
Term
3 Sources of security threats
Definition
1. Malicious human activity
2. Human errors and mistakes
3. Natural events and disasters
Term
Malicious Human Activity
Definition
- Intentional destruction of data
- Destroying system components
- Hackers: person gains unauthorized access to comp. system
- Virus and worm writers
- Criminals
Term
Human errors and mistakes
Definition
- Accidental problems
- Poorly written programs
- Poorly designed procedures
- Physical accidents
Term
Natural events and disasters
Definition
- Fire, floods, hurricanes etc
- Initial losses of capability
- Plus losses from recovery actions
Term
Pretexting
Definition
Pretend to be someone else through phone
Term
Phishing
Definition
Pretending to be someone else via email
Term
Spear Phishing
Definition
Personalized Phishing (pretending to be someone else via email)
Term
Spoofing
Definition
Someone pretend to be someone else
e.g. pretend to be professor -> spoofing your professor
Term
Sniffing
Definition
Technique for intercepting computer communications
Term
Drive-by sniffing
Definition
Take computers with wireless connections through an area and search for unprotected wireless networks
- monitor and intecept wireless traffic at will
e.g. spyware, adware
Term
PIPEDA (Personal Information Protection and Electronic Documents Act)
Definition
Gives individuals the right to know why an organization collects, uses, or discloses their personal information
Term
The security program
Definition
- series of ongoing, regular, and periodic reviews conducted to ensure IS assets are safeguarded
Term
3 key steps o security program
Definition
1. Senior management involvement
- to establish the security policy
2. Develop safeguards to protect
- technical infrastructure safeguards
- data and procedures safeguards
- human safeguards
3. Develop Incident Response plans
Term
Technical Safeguards
Definition
- Identification and authentication
= user names, passwords, smart cards(PIN), fingerprints.
- Encryption
- Firewalls
- Malfunction safeguards
= install antivirus, antispyware programs
= browse only reputable web sites
= scan hard drive and email frequently
- Malware protection
= viruses, worms, spyware, adware
- Application design
Term
Data Safeguards
Definition
- Data rights and responsibilities
- Passwords
- Encryption
- Backup and recovery
- Physical security
Term
Human Safeguards
Definition
- Hiring
= security considerations (extensive screening, background checks), esp. for sensitive positions

- Positions Definitions
= user access privilege should match job needs only

- Dissemination and Enforcement
= Train employees according to security policies, procedures, responsibilities

- Termination
= establish security policies and procedures for the termination of employees such as IS admin prior to employee notification of termination
Term
Spyware
Definition
Programs installed on the user's computer without the user's knowledge or permission
- observes user's actions and keystrokes, computer activity and reports activity to sponsoring organizations
Term
Adware
Definition
Installed without permission
- Benign: not to steal data

Watch user activity and produce pop-up ads
- change user's default window/ modify search results
- switch user's search engine
Term
Key escrow
Definition
Procedure where a trusted third party has a copy of the key in case it's lost, destroyed, disgruntled
Term
Disaster preparedness safeguards
Definition
include asset location, identification of mission-critical systems, and the preparation of remote backup facilities
- preparing backup processing centers in locations geographically removed from the primary processing site
Term
5 Sample Recovery Strategies
Definition
1. Work Area Recovery (WAR)
- Office space with basic equipment, often pre-configured for company's use, at a recovery facility

2. Cold site
- A room/building used for recovery, but not set up for immediate occupation or use.
- Long-term strategy

3. Hot site
- Recovery location that is always avilable 24/7
- IT systems either running all the time/ can be activated within two hours

4. Relocate
- Recovery team members relocate to other locations (company's branches/vendors) to resume/continue their work
- short term solution

5. Shut down
- temporarily halting all non-essential activities
Term
Incident Response
Definition
Part of security program
- Identify critical personnel and their off-hours contact info
- Include how employees are to respond to specific security problems
- Provide centralized reporting of all security incidents
- Practice
Supporting users have an ad free experience!