Term
| 5 Types of Security problems |
|
Definition
1. Unauthorized data disclosure
2. Incorrect Data Modification
- e.g. incorrectly increase customer's discount/ incorrectly modify employee's salary
3. Faulty Service
- incorrect system operation
- systems that work incorrectly by sending the wrong goods to the customer
- Human mistake by making procedural mistakes
4. Denial of service/ Loss of access
- human error in following procedures or a lack of procedures
- e.g. shut down a web server or corporate gateway router by accident by starting a computationally intensive application
5. Loss of infrastructure
- e.g. bulldozer cutting fibre-optic cables, theft, natural infracstructure |
|
|
Term
| 3 Sources of security threats |
|
Definition
1. Malicious human activity
2. Human errors and mistakes
3. Natural events and disasters |
|
|
Term
|
Definition
- Intentional destruction of data
- Destroying system components
- Hackers: person gains unauthorized access to comp. system
- Virus and worm writers
- Criminals |
|
|
Term
| Human errors and mistakes |
|
Definition
- Accidental problems
- Poorly written programs
- Poorly designed procedures
- Physical accidents |
|
|
Term
| Natural events and disasters |
|
Definition
- Fire, floods, hurricanes etc
- Initial losses of capability
- Plus losses from recovery actions |
|
|
Term
|
Definition
| Pretend to be someone else through phone |
|
|
Term
|
Definition
| Pretending to be someone else via email |
|
|
Term
|
Definition
| Personalized Phishing (pretending to be someone else via email) |
|
|
Term
|
Definition
Someone pretend to be someone else
e.g. pretend to be professor -> spoofing your professor |
|
|
Term
|
Definition
| Technique for intercepting computer communications |
|
|
Term
|
Definition
Take computers with wireless connections through an area and search for unprotected wireless networks
- monitor and intecept wireless traffic at will
e.g. spyware, adware |
|
|
Term
| PIPEDA (Personal Information Protection and Electronic Documents Act) |
|
Definition
| Gives individuals the right to know why an organization collects, uses, or discloses their personal information |
|
|
Term
|
Definition
| - series of ongoing, regular, and periodic reviews conducted to ensure IS assets are safeguarded |
|
|
Term
| 3 key steps o security program |
|
Definition
1. Senior management involvement
- to establish the security policy
2. Develop safeguards to protect
- technical infrastructure safeguards
- data and procedures safeguards
- human safeguards
3. Develop Incident Response plans |
|
|
Term
|
Definition
- Identification and authentication
= user names, passwords, smart cards(PIN), fingerprints.
- Encryption
- Firewalls
- Malfunction safeguards
= install antivirus, antispyware programs
= browse only reputable web sites
= scan hard drive and email frequently
- Malware protection
= viruses, worms, spyware, adware
- Application design |
|
|
Term
|
Definition
- Data rights and responsibilities
- Passwords
- Encryption
- Backup and recovery
- Physical security |
|
|
Term
|
Definition
- Hiring
= security considerations (extensive screening, background checks), esp. for sensitive positions
- Positions Definitions
= user access privilege should match job needs only
- Dissemination and Enforcement
= Train employees according to security policies, procedures, responsibilities
- Termination
= establish security policies and procedures for the termination of employees such as IS admin prior to employee notification of termination |
|
|
Term
|
Definition
Programs installed on the user's computer without the user's knowledge or permission
- observes user's actions and keystrokes, computer activity and reports activity to sponsoring organizations |
|
|
Term
|
Definition
Installed without permission
- Benign: not to steal data
Watch user activity and produce pop-up ads
- change user's default window/ modify search results
- switch user's search engine |
|
|
Term
|
Definition
| Procedure where a trusted third party has a copy of the key in case it's lost, destroyed, disgruntled |
|
|
Term
| Disaster preparedness safeguards |
|
Definition
include asset location, identification of mission-critical systems, and the preparation of remote backup facilities
- preparing backup processing centers in locations geographically removed from the primary processing site |
|
|
Term
| 5 Sample Recovery Strategies |
|
Definition
1. Work Area Recovery (WAR)
- Office space with basic equipment, often pre-configured for company's use, at a recovery facility
2. Cold site
- A room/building used for recovery, but not set up for immediate occupation or use.
- Long-term strategy
3. Hot site
- Recovery location that is always avilable 24/7
- IT systems either running all the time/ can be activated within two hours
4. Relocate
- Recovery team members relocate to other locations (company's branches/vendors) to resume/continue their work
- short term solution
5. Shut down
- temporarily halting all non-essential activities |
|
|
Term
|
Definition
Part of security program
- Identify critical personnel and their off-hours contact info
- Include how employees are to respond to specific security problems
- Provide centralized reporting of all security incidents
- Practice |
|
|
