Tuesday, September 22, 2009

Chapter 3: Threats to Information Security

Q1. Provide an IT example that relates to the ethical issues for the ideas of privacy, accuracy, property, and accessibility.

Facebook is a global social networking website that is operated and privately owned by Facebook, Inc. Users can add friends and send them messages, and update their personal profiles to notify friends about themselves. Additionally, users can join networks organized by city, workplace, school, and region. Privacy has been an issue, and it has been compromised several times. Facebook was charged by the administration with breach of security, violating copyrights and violating individual privacy and faced expulsion. It was also claimed by the developer’s classmates that he had stolen their source code and other intellectual property. This shows that this website includes all problems of ethical issues, accessibility is also part of the issue as hacking into other people’s accounts takes place all the time.

Q2. What are the 4 general types of IT threats? Provide an example for each one

The four main general types of IT threats include:
1. Unintentional acts: those with no malicious intent and include human errors, deviations in the quality of service by service providers and environmental hazards. Example, shoulder surfing.

2. Natural disasters: include floods, earthquakes, hurricanes, and static electricity.
3. Technical failures: include problems with hardware and software. Example a crash of a hard disc.
4. Management failures: involve a lack of funding for information security efforts and a lack of interest in those efforts.

Q3. Describe/discuss three types of software attack and a problem that may result from them

Virus: segment of computer code that performs malicious actions by attaching to another computer program. The other computer will spread this virus by sending it to another without knowing, this may result in a re-format for all computers and loss of data and saved information.
Logic bomb: segment of computer code that is embedded with an organization’s existing computer programs and is designed to activate and perform a destructive action at a certain time or date.
Denial-of-service Attack: attackers sends so many information requests to a target cannot handle them successfully and typically crashes (i.e., ceases to function).

Q4. Describe the four major types of security controls in relation to protecting information systems.

Physical Controls: prevent unauthorized individuals from gaining access to a company’s facilities.
Access Controls: restrict unauthorized individuals from using information resources.
Communications Controls: or network controls secure the movement of data across networks.
Application Controls: as their name suggests, are security counter-measures that protect specific applications.

Q5. Name one recent software threat and briefly discuss its effects and resolutions?

Human errors is a type of unintentional acts that are affecting software. It is comprised of regular employees, who span the breadth and depth of the organization, ranging from mail clerks to the CEO, and in all functional areas. The higher the level of employees, the greater the threat the employee poses to information security because higher-level employees typically have greater access to corporate data and enjoy greater privileges on organizational information systems. Human errors or mistakes by employees caused by laziness, carelessness, or lack of information security awareness pose a large problem for organizations. This lack of awareness comes from poor education and training efforts by the organization, this is resolved by effort put in from managers to fix this problem by educating their workers and limiting their access and privileges.

Q6. What is the difference between authentication and authorization and why are they important to e-Commerce/give an example of their relevance to e-Commerce

Authentication is a process that determines the identity of the person requiring access. Authenticate someone means something the user is, something the user has, something the user does and something the user knows. Authorization determines which actions, rights, or privileges the person has, based on verified identity. Organizations use methods to identify authorized personnel.

No comments:

Post a Comment