CHAPTER 12 WEEK 8: Information Security Management
Threat= person/ organization that seek to obtain or alter data/ assets illegally, without the owner’s permission (often without owner’s knowledge). Vulnerability =opportunity for threats to gain access to individual or organizational assets Safeguard = measure individuals or organizations take to block the threat from obtaining the asset Target = asset desired by the threat
3 Sources of threats:
Human Error: accidental problems caused by both employees and nonemployees. (Accidental removal of customer records, installs old database, poorly written application programs, poorly designed procedures, physical accidents)
Computer Crime: employees and former employees intentionally destroy data or other system components. Hackers who break into a system & virus and worm writers who infect computer systems. Includes also terrorists and those who break into a system to steal for financial gain.
Natural Events and disasters: fire, floods, hurricanes … other acts of nature. Includes initial loss but also actions to recover from the initial problem.
5 Types of security loss:
Unauthorized data disclosure: When a threat obtains data that is supposed to be protected with Human error: Procedural mistakes With Computer crime: - Pretexting = someone deceives by pretending to be someone else. Phishing: Pretexting via e-mail
Spoofing: email spoofing (= phishing)/ IP spoofing = intruder uses another site’s IP address to masquerade as that other site Sniffing : intercepting computer communications. Drive-by sniffers take computers with wireless connections through an area and search for unprotected wireless networks. Able to monitor and intercept wireless traffic at will. (Spyware, adware included). Hacking: breaking into computers/servers/ networks to get personal data. With natural events and disasters: less precautious about inadvertently disclose data. Incorrect data modification :
Please join StudyMode to read the full document