Securing Information Systems
• Why are information systems vulnerable to destruction, error, and abuse?
• What is the business value of security and control?
• What are the components of an organizational framework for security and control?
• Evaluate the most important tools and technologies for safeguarding information resources.
Online Games Need Security, Too
• Problem: Threat of attacks from hackers hoping to steal information or gaming assets.
• Solutions: Deploy an advanced security system to identify threats and reduce hacking attempts.
• NetContinuum’s NC-2000 AG firewall and Cenzic’s ClickToSecure service work in tandem to minimize ...view middle of the document...
Malicious Software: Viruses, Worms, Trojan Horses, and Spyware
• Rogue software program that attaches itself to other software programs or data files in order to be executed
• Independent computer programs that copy themselves from one computer to other computers over a network.
• Trojan horses
• Software program that appears to be benign but then does something other than expected.
• Small programs install themselves surreptitiously on computers to monitor user Web surfing activity and serve up advertising
• Key loggers
• Record every keystroke on computer to steal serial numbers, passwords, launch Internet attacks
Hackers and Computer Crime
• Hackers vs. crackers
• Activities include
• System intrusion
• System damage
• Intentional disruption, defacement, destruction of Web site or corporate information system
• Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else
• Redirecting Web link to address different from intended one, with site masquerading as intended destination
• Eavesdropping program that monitors information traveling over network
• Enables hackers to steal proprietary information such as e-mail, company files, etc.
• Redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser
• Click fraud
• Occurs when individual or computer program fraudulently clicks on online ad without any intention of learning more about the advertiser or making a purchase
Internal Threats: Employees
• Security threats often originate inside an organization
• Inside knowledge
• Sloppy security procedures
• User lack of knowledge
• Social engineering:
• Tricking employees into revealing their passwords by pretending to be legitimate members of the company in need of information
Data Thefts: The Biggest Worry and Insider Threats
Here are a few examples of possible criminal acts from an insider of a company:
• A computer staff illegally accesses employees’ e mails to steal information that could be used for malicious intent
• An employee who is angry about the low bonus he receives brings down the entire company’s computer system by deleted sensitive data records
• A system administrator is not happy with his life and decides to change the code of legacy systems, creating bad data
• A marketing salesperson steals sensitive data and sells them to a competitor
• Commercial software contains flaws that create security vulnerabilities