IS303 Ch 4

Alien Software

Adware Spyware Spamware Cookies

Human Errors

Carelessness with one's office, devices, equipment

Software Attacks - Needing No User Action

Denial of service attack

Deliberate Threats to Info. Sys.

Espionage, extortion, sabotage, theft, software attacks

Authentication

Something the user is, has, does, or knows

Software Attacks - Programmer Developing System

Trojan Horse Back Door Logic Bomb

Software Attacks - Remote Requiring User Action

Virus Worm Phishing

Firewall

a system that prevents a specific type of information from moving between untrusted networks, such as the Internet, and private networks, such as your company's network.

Social Engineering

an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords

Risk Analysis

ensures IS security programs are cost effective.

Risk Management

identifies, controls, and minimizes the impact of threats. In other words, risk management seeks to reduce risk to acceptable levels

Physical Controls

prevent unauthorized individuals from gaining access to a company's facilities. Common physical controls include walls, doors, fencing, gates, locks, badges, guards, and alarm systems.

Access Controls

restrict unauthorized individuals from using information resources and involve two major functions: authentication and authorization

Communication Controls

secure the movement of data across networks and consist of firewalls, anti-malware systems, whitelisting and blacklisting, encryption, etc.

Risk Mitigation

the organization takes concrete actions against risks which has two functions: 1) implementing controls to prevent identified threats from occurring 2) developing a means of recovery if the threat becomes a reality