MIS Chapter 10
Preventions
Biometric, Non-biometric, other hardware-based measures, other hardware measures, strategic responses.
Non-Biometric
Call back modems, Firewalls, and intrusion detection system
Biometric
Finger prints, signature analysis, facial recognition, hang geometry, palm prints, signature analysis
Other software-based measures
Passwords, Access control, data encryption, virtual private network (VPN), e-commerce security measures
Human error occurs when
accidental problems cause by both employees and non-employees
computer fraud
any type of fraud that requires computer technology to perpetrate
Corner bolts
are an inexpensive way to secure a computer to a desktop or counter and often have locks as an additional protection against theft.
Trojan Programs
are viruses that masquerade as useful programs or files
Hacking
breaking into computers, servicers, or networks to steal data.
Malware
broad category of software that includes viruses, spyware, and adware, trojan.
Blended Threats
bundles of malicious programs that combine the functionality of different types of malware such as Trojans, worms, and backdoors
Retinal Scanning
As part of the authentication process, some systems use biometric data by scanning the blood vessels on the back of the eye and is considered the most reliable of all biometric data scanning.
Vein Analysis
Biometric authentication using vein pattern in a human finger
Phisher
Pretends to be a legitimate company and sends an email requesting confidential data, such as account numbers, social security number, account passwords, etc.
Phishing
is used for obtaining unauthorized data that uses pretexting via email.
Cryptojacking
victims' computers or installing hidden malware that mines cryptocurrency for attackers.
Computer Emergency Response Team (CERT)
A group of people integrated at the enterprise with clear lines of reporting and responsibilities for standby support in case of an information systems emergency. This group will act as an efficient corrective control, and should also act as a single point of contact for all incidents and issues related to information systems.
Pharming
A phishing attack that automatically redirects the user to a fake site.
shoulder surfing
Gaining compromising information through observation (as in looking over someone's shoulder).
Three categories of threats
Human error, Computer Crime, Natural Disaster.
Other hardware-based measures
ID badges, corner bolts, electronic trackers, id badges, proximity-release door openers, room shielding, steen encasements.
dumpster diving
Involves digging through trash receptacles to find computer manuals, printouts, or password lists that have been thrown away
Human Erros
Procedural mistakes, incorrect procedure, ineffective accounting controls, system error, development and installation errors, and accidents.
Iris Analyst
a comprehensive, data-driven exploration of common threats techniques, and their financial impact.
DOS Attacks- Denial of Service
a cyberattack on devices, information systems, or other network resources that prevents legitimate users from accessing expected services and resources
Scareware
a cyberattack tactic that scares people into visiting spoofed or infected websites or downloading malicious software (malware)
Logic Bombs
a piece of often-malicious code that is intentionally inserted into software.
Rootkits
a type of malware program that enables cyber criminals to gain access to and infiltrate data from machines without being detected
Virtual Private Network (VPN)
an encrypted connection over the Internet from a device to a network
Backdoors
are shortcuts into programs created by system designers to facilitate system maintenance but used and abused by hackers. .
Keystroke Logger
capture keystrokes to obtain usernames, etc.
Firewalls
computing devices that prevents unauthorized network access.
E-Commerce Security
degree to which individuals feel that their private information is safe in the hands of companies collecting such information
natural disaster
disclose during recovery, incorrect data recovery, service improperly restored, service interruption, and property loss
Terrorist Activities
disruptive attacks by recognised terrorist organizations against computer systems with the intent of generating alarm, panic, or the physical disruption of the information system.
Computer Crime occurs when
employees and former employees who intentionally destroy data or other system components
Call back modem
enables a modem to disconnect an incoming call and call back the calling party upon request.
Natural Disasters occurs when
fires, floods, hurricanes, earthquakes, tsunamis, etc.
Sniffing
for intercepting computer communications.
Viruses
is a computer program that replicates itself.
Intrusion Detection System (IDS)
is a computer program that senses when another computer is attempting to scan or access a computer or network.
Threat
is a person or organization that seeks to obtain or alter data or other IS assets illegally, without the owner's permission and often without the owner's knowledge.
Worms
is a viruses that self-propagates using internet or other computer networks
Cable Sheilding
minimize Electromagnetic interference (EMI) and radio frequency interference (RFI) from external electronic devices such as computers, power lines, cellular networks, air conditioners, and fluorescent lighting. EMI is unwanted signals from a neighboring transmission circuit.
Usurpation
occurs when computer criminals invade a computer system and replace legitimate programs with their own, unauthorized ones that shut down legitimate applications and substitute their own processes to spy, steal, manipulate data, or achieve other purposes.
Pretexting
occurs when someone deceives by pretending to be someone else.
Business Continuity Planning
outlines procedures for keeping an organization operational in the event of a natural disaster or network attack
Authentication
password authenticates that user
Encryption
process of transforming clear text into coded unintelligible text for secure storage or communication
Spyware
programs installed on the user's computer without the user's knowledge or permission
Baiting
promises an item, commodity, or reward to attract victims, infect their systems with malware, and steal their sensitive information.
Adware
software that automatically displays or downloads advertising material (often unwanted) when a user is online.
Spoofing
someone pretending to be someone else
Quid Pro Quo
something given in exchange or return for something else
theft
the act of stealing information stored on corporate databases, computers, servers, or electronic devices to obtain sensitive information or compromise privacy
social engineering
the tactic of manipulating, influencing, or deceiving a victim in order to gain control over a computer system, or to steal personal and financial information
identification
username identifies the user
Tailgating
where an attacker follows an unaware user to gain access to an area without authorization