information security management

Topics: Computer security, Computer, Authentication Pages: 4 (980 words) Published: April 3, 2014
CHAPTER 12 WEEK 8: Information Security Management
Threat= person/ organization that seek to obtain or alter data/ assets illegally, without the owner’s permission (often without owner’s knowledge). Vulnerability =opportunity for threats to gain access to individual or organizational assets Safeguard = measure individuals or organizations take to block the threat from obtaining the asset Target = asset desired by the threat

3 Sources of threats:

Human Error: accidental problems caused by both employees and nonemployees. (Accidental removal of customer records, installs old database, poorly written application programs, poorly designed procedures, physical accidents)

Computer Crime: employees and former employees intentionally destroy data or other system components. Hackers who break into a system & virus and worm writers who infect computer systems. Includes also terrorists and those who break into a system to steal for financial gain.

Natural Events and disasters: fire, floods, hurricanes … other acts of nature. Includes initial loss but also actions to recover from the initial problem.

5 Types of security loss:

Unauthorized data disclosure: When a threat obtains data that is supposed to be protected with Human error: Procedural mistakes With Computer crime: - Pretexting = someone deceives by pretending to be someone else. Phishing: Pretexting via e-mail

Spoofing: email spoofing (= phishing)/ IP spoofing = intruder uses another site’s IP address to masquerade as that other site Sniffing : intercepting computer communications. Drive-by sniffers take computers with wireless connections through an area and search for unprotected wireless networks. Able to monitor and intercept wireless traffic at will. (Spyware, adware included). Hacking: breaking into computers/servers/ networks to get personal data. With natural events and disasters: less precautious about inadvertently disclose data. Incorrect data modification :

With human...
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Network Security Essay
  • . Computer Security Incident Response Team or CSIRT; How and why the “team” is established Essay
  • Essay on Information Security
  • Information Security Essay
  • information systems risk and security Essay
  • Essay about The Role of Information Security
  • History of Information Security Essay
  • Information Systems Security and Control Essay

Become a StudyMode Member

Sign Up - It's Free