IS303 Ch 4
Alien Software
Adware Spyware Spamware Cookies
Human Errors
Carelessness with one's office, devices, equipment
Software Attacks - Needing No User Action
Denial of service attack
Deliberate Threats to Info. Sys.
Espionage, extortion, sabotage, theft, software attacks
Authentication
Something the user is, has, does, or knows
Software Attacks - Programmer Developing System
Trojan Horse Back Door Logic Bomb
Software Attacks - Remote Requiring User Action
Virus Worm Phishing
Firewall
a system that prevents a specific type of information from moving between untrusted networks, such as the Internet, and private networks, such as your company's network.
Social Engineering
an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords
Risk Analysis
ensures IS security programs are cost effective.
Risk Management
identifies, controls, and minimizes the impact of threats. In other words, risk management seeks to reduce risk to acceptable levels
Physical Controls
prevent unauthorized individuals from gaining access to a company's facilities. Common physical controls include walls, doors, fencing, gates, locks, badges, guards, and alarm systems.
Access Controls
restrict unauthorized individuals from using information resources and involve two major functions: authentication and authorization
Communication Controls
secure the movement of data across networks and consist of firewalls, anti-malware systems, whitelisting and blacklisting, encryption, etc.
Risk Mitigation
the organization takes concrete actions against risks which has two functions: 1) implementing controls to prevent identified threats from occurring 2) developing a means of recovery if the threat becomes a reality