Information Systems Final Chapter 8
Ransomware
(malware)- tries to extort money from users by taking control of their devices or displaying pop up messages
Why are systems vulnerable?
Info systems in different locations are all connected. Unauthorized access can occur through one location and get into the entire network. Internet pages are more vulnerable because they are open to anyone. This can cause widespread impact. Vulnerability has spread through email, instant message, and peer to peer file sharing. Hackers can access wifi and Bluetooth
What is the business value of security and control?
Some companies don't want to spend a lot on security because it is not directly related to sales. Businesses have all of their valuable info to protect. Inadequate security and control may result in serious legal liability. Government regulations force businesses to take security and control seriously.
Computer crime
any violation of criminal law involving knowledge of computer technology for their perpetration, investigation, or prosecution.
NAT
conceals IP addresses of internal host computers
(SSL)
enable client and server computers to manage encryption and decryption activities as they communicate with each other during a secure web session - Establishes connection between two computers
Sarbanes-Oxley act
ensures accuracy and integrity of financial info that is used internally and released externally.
DPI
examines data files and sorts out low priority online materials while assigning high priority to business-critical files
Intrusion Detection System
full time monitoring tools placed at the most vulnerable points of=r hot spots of corporate networks to detect and deter intruders continually.
War driving
hackers drive by buildings or park outside and try to intercept wireless network traffic
Spoofing
hackers misrepresent themselves by using fake email addresses
Zero day vulnerabilities
holes in software unknown to creator. Patches- repairs flaws
Identity theft
imposter gains personal information
Worms
independent computer programs that copy themselves - spread from files of downloaded software
Spyware
install themselves onto computers to monitor web browsing
Hacker
intends to gain unauthorized access to computer
Malware
malicious software programs
Drive-by downloads
malware that comes with a downloaded file that users intentionally or unintentionally request.
Controls
methods, policies, and organizational procedures that ensure the safety of the organizations assets, the accuracy and reliability of its records, and operational adherence to management standards
MSSP
monitor network activity and preform vulnerability testing and intrusion detection
HIPPA
outlines medical security and privacy rules and procedures for simplifying the administration of healthcare billing and automating the transfer of healthcare data between health care providers, payers, and plans
Antivirus software
prevents, detects, and removes malware, including computer viruses, computer worms, Trojan horses, spyware, and adware
Encryption
process of transforming plain text or data into cipher text which cannot be read by anyone but the sender and intended receiver
(S-HTTP)
protocol used for encrypting data flowing over internet but limited to individual message
Keyloggers
record keystrokes made on computer
Pharming
redirects users to bogus web page
Security
refers to the policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to info systems
Gramm Leach Bliley Act
requires financial institutes to ensure the security and confidentiality of customer data
Computer virus
rogue software program that attaches itself to other programs or data files to be executed, usually without use knowledge or permission
Computer forensics
scientific collection, examination, authentication, preservation, and analysis of data held on or retrieved from computer storage media in such a way that the info can be used as evidence in court of law.
(UTM)
single appliance combining security tools
Trojan horse
software program that appears benign but then does something other than expected
Phishing
spoofing where fake emails are made to look real and ask for personal information
Cyberwarfare
state sponsored activity designed to cripple and defeat another state or nation by penetration their software Software errors post threat to info systems. Hidden bugs is a major problem of software.
SQL injection attacks
take advantage of vulnerabilities in poorly coded web applications and introduce malicious program codes into a company's system.
Sniffer
type of eavesdropping software that monitors info traveling over a network
PKI
use of public key cryptography
Distributed denial
uses multiple computers
Public key encryption
uses one shared key and one private key to send and read messages
Two factor authentications
validates users by multistep process aka two means of identification
Click fraud
when individual fraudulently clicks on an online ad without intention
Denial of service attack
when multiple hackers flood a network server with false communications and requests the service cannot service real requests
Evil twins
wifi that appears to offer trustworthy wifi but its fake
Multitier client/server computing can introduce vulnerability including:
• System malfunction if computer breaks (could lose data) • Domestic/offshore partnering with another company (valuable info could get into wrong hands) • Handheld mobile devices (vulnerable to malicious software from outsiders)
