information security management
CHAPTER 12 WEEK 8: Information Security Management
Threat= person/ organization that seek to obtain or alter data/ assets illegally, without the owner’s permission (often without owner’s knowledge).
Vulnerability =opportunity for threats to gain access to individual or organizational assets
Safeguard = measure individuals or organizations take to block the threat from obtaining the asset
Target = asset desired by the threat
3 Sources of threats:
Human Error: accidental problems caused by both employees and nonemployees. (Accidental removal of customer records, installs old database, poorly written application programs, poorly designed procedures, physical accidents)
Computer Crime: employees and former employees intentionally destroy data or other system components. Hackers who break into a system & virus and worm writers who infect computer systems. Includes also terrorists and those who break into a system to steal for financial gain.
Natural Events and disasters: fire, floods, hurricanes … other acts of nature. Includes initial loss but also actions to recover from the initial problem.
5 Types of security loss:
Unauthorized data disclosure: When a threat obtains data that is supposed to be protected with Human error: Procedural mistakes
With Computer crime: - Pretexting = someone deceives by pretending to be someone else.
Phishing: Pretexting via e-mail
Spoofing: email spoofing (= phishing)/ IP spoofing = intruder uses another site’s IP address to masquerade as that other site
Sniffing : intercepting computer communications. Drive-by sniffers take computers with wireless connections through an area and search for unprotected wireless networks. Able to monitor and intercept wireless traffic at will. (Spyware, adware included).
Hacking: breaking into computers/servers/ networks to get personal data.
With natural events and disasters: less precautious about inadvertently disclose data.
Incorrect data modification :
With
Threat= person/ organization that seek to obtain or alter data/ assets illegally, without the owner’s permission (often without owner’s knowledge).
Vulnerability =opportunity for threats to gain access to individual or organizational assets
Safeguard = measure individuals or organizations take to block the threat from obtaining the asset
Target = asset desired by the threat
3 Sources of threats:
Human Error: accidental problems caused by both employees and nonemployees. (Accidental removal of customer records, installs old database, poorly written application programs, poorly designed procedures, physical accidents)
Computer Crime: employees and former employees intentionally destroy data or other system components. Hackers who break into a system & virus and worm writers who infect computer systems. Includes also terrorists and those who break into a system to steal for financial gain.
Natural Events and disasters: fire, floods, hurricanes … other acts of nature. Includes initial loss but also actions to recover from the initial problem.
5 Types of security loss:
Unauthorized data disclosure: When a threat obtains data that is supposed to be protected with Human error: Procedural mistakes
With Computer crime: - Pretexting = someone deceives by pretending to be someone else.
Phishing: Pretexting via e-mail
Spoofing: email spoofing (= phishing)/ IP spoofing = intruder uses another site’s IP address to masquerade as that other site
Sniffing : intercepting computer communications. Drive-by sniffers take computers with wireless connections through an area and search for unprotected wireless networks. Able to monitor and intercept wireless traffic at will. (Spyware, adware included).
Hacking: breaking into computers/servers/ networks to get personal data.
With natural events and disasters: less precautious about inadvertently disclose data.
Incorrect data modification :
With