Deck 10: Information Systems Security

Explain the types of events that result in faulty service, a type of security loss.

Faulty service includes problems that result because of incorrect system operation. It could include incorrect data modification. It also could include systems that work incorrectly by sending wrong goods to a customer or the ordered goods to a wrong customer, inaccurately billing customers, or sending the wrong information to employees. Humans can inadvertently cause faulty service by making procedural mistakes. System developers can write programs incorrectly or make errors during installation of hardware, software programs, and data. Usurpation is also a type of faulty service. Faulty service can also result when a service is improperly restored during recovery from natural disasters.

Advanced persistent threats can be a means to engage in cyber warfare and cyber espionage.

Wardrivers are those who engage in phishing to obtain unauthorized access to data.

Incorrectly increasing a customer's discount is an example of incorrect data modification.

Spoofing is a technique for intercepting computer communications.

IP spoofing occurs when an intruder uses another site's IP address to masquerade as that other site.

A threat is a person or an organization that seeks to obtain or alter data illegally, without the owner's permission or knowledge.

Pretexting occurs when someone deceives by pretending to be someone else.

Explain the concept of denial of service (DOS) in information management.

In a brute force attack, a password cracker tries every possible combination of characters.

There are no standards for tallying costs of computer crime.

Damages to security systems caused by natural disasters are minimal when compared to the damages due to human errors.

What are some of the recommended personal security safeguards against security threats?

Financial institutions must invest heavily in security safeguards because they are obvious targets for theft.

Risk management is a critical security function addressed by an organization's senior management.

While making online purchases, a person should buy only from vendors who support https.

Malware protection is an example of a technical safeguard.

Hiring, training, and educating employees in an organization is a technical safeguard.

As one of the safeguards against security threats, a person should preferably use the same password for different sites so as to avoid confusion.

Technical safeguards include encryption and usage of passwords.

Smart cards are convenient to use because they do not require a personal identification number for authentication.

A user name authenticates a user, and a password identifies that user.

Technical safeguards involve both software and hardware components of an information system.

What are the two critical security functions that an organization's senior management needs to address?

Explain how secure sockets layer works when a user communicates securely with a Web site.

Spyware programs are installed on a user's computer without the user's knowledge.

The creation of backup copies of database contents makes the data more vulnerable to security threats.

What are the precautions to be taken when opening email attachments to avoid malwares?

Viruses, worms, and Trojan horses are types of firewalls.

Packet-filtering firewalls are the most sophisticated type of firewall.

Explain the functions performed by packet-filtering firewalls.

The loss of encryption keys by employees is referred to as key escrow.

Packet-filtering firewalls cannot prohibit outsiders from starting a session with any user behind the firewall.

A virus is a computer program that replicates itself.

Malware definitions are patterns that exist in malware code.

Explain the functions of the two organizational units responsible for data safeguarding.

A criticism of biometric authentication is that it provides weak authentication.

In the case of public key encryption, each site has a private key to encode a message and a public key to decode it.

A key is a number used with an encryption algorithm to encrypt data.

With asymmetric encryption, two different keys are used for encoding and decoding a message.

Discuss briefly the pros and cons of biometric authentication.