New User Special Price Expires in

Let's log you in.

Sign in with Facebook


Don't have a StudySoup account? Create one here!


Create a StudySoup account

Be part of our community, it's free to join!

Sign up with Facebook


Create your account
By creating an account you agree to StudySoup's terms and conditions and privacy policy

Already have a StudySoup account? Login here

IDS Notes

by: Lael Wynne

IDS Notes 24418

Lael Wynne
View Full Document for 0 Karma

View Full Document


Unlock These Notes for FREE

Enter your email below and we will instantly email you these Notes for Intro to Management Information Systems

(Limited time offer)

Unlock Notes

Already have a StudySoup account? Login here

Unlock FREE Class Notes

Enter your email below to receive Intro to Management Information Systems notes

Everyone needs better class notes. Enter your email and we will send you notes for this class for free.

Unlock FREE notes

About this Document

These notes cover this past weeks notes
Intro to Management Information Systems
Class Notes
IDs, busines




Popular in Intro to Management Information Systems

Popular in Business

This 6 page Class Notes was uploaded by Lael Wynne on Tuesday April 12, 2016. The Class Notes belongs to 24418 at University of Illinois at Chicago taught by Erickson in Spring 2016. Since its upload, it has received 14 views. For similar materials see Intro to Management Information Systems in Business at University of Illinois at Chicago.


Reviews for IDS Notes


Report this Material


What is Karma?


Karma is the currency of StudySoup.

You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 04/12/16
IDS Notes (4/9/16- End of Semester) Chapter 10: Information Systems Security Threat- person/org that seeks to obtain/alter data or other information system’s assets illegally Vulnerability- opportunity for threats to gain access to someone’s assets Safeguard- measure that people/orgs take to block the threat from obtaining the asset Target- asset that is desired by the threat Sources of threats: 1) Human error- caused by employees and non-employees 2) Computer crime- intentional destroying of data and system components 3) Natural events & disasters- fires, floods, etc. Types of security loss: 1) Unauthorized data disclosure- when a threat gets data that’s supposed to be protected 2) Data modification 3) Faulty service- incorrect system operations 4) Denial of service (DoS) 5) Loss of infrastructure Pretexting- deceiving someone by pretending to be someone else or another org. Phishing- obtaining unauthorized data that uses pretexting via email Phisher- pretends to be a company and sends emails requesting confidential data Spoofing- someone pretending to be someone else IP Spoofing- intruder uses another site’s IP address to be that other site Email Spoofing- synonym for phishing Sniffling- technique for intercepting computer communications Wardrivers- take computers with wireless connections by an area and search for unprotected wireless networks Hacking- breaking into computers/networks to steal data Usurpation- criminals invade a computer and replace programs with their own Advanced Persistent Threat (APT) - long running computer hack perpetrated by well-funded organizations Intrusion detection system (IDS) - computer program the detects when another computer is trying to access a computer or network Brute force attack- password-cracking program that tries various combos of characters Cookies- small files that’s stored on the computer by a browser Technical safeguards- involves hardware and software components of an IS. o Identification and authorization o Encryption o Firewalls o Malware protection o Application design Data safeguards- data component of IS. o Data rights and responsibilities o Passwords o Encryptions o Backup and recovery o Physical security Human safeguards- procedures and people components of IS. o Hiring o Training o Education o Procedure design o Administration o Assessment o Compliance o Accountability Identification- when IS identifies a user by asking for the user to sign in with a username and password Authentication- when IS verifies a user Smart card- plastic card, like a credit card, loaded with identifying data Personal identification number (PIN) – a number that only the user only know Biometric authentication- uses physical characteristics to authenticate users o Fingerprints, facial features, retinal scans Encryption-transforming clear text into coded text for secure storage/communication Encryption algorithms- procedures for encrypting data Symmetric encryption- method where the same key is used to encode/decode the message Asymmetric encryption- method where different keys are used to encode/decode the message Public key encryption- each site has a public key for encoding messages and private key for decoding them HTTPS- indication that a browser is using the SSL/TLS protocol to offer secure communications Secure sockets layer (SSL) – uses both asymmetric and symmetric encryption Transport Layer Security (TLS) – new name for a later version of SSL Fire wall- computing device that prevents unauthorized network access Perimeter wall- firewall that sits outside of the orgs network st o 1 device internet traffic encounters Internal firewalls- firewalls inside of the orgs’ network Packet-filtering firewall- checks each packet and decides whether to let the packet pass Malware- broad category of software including viruses, spyware, and adware Virus- computer program that replicates itself Payload- causes unwanted/hurtful actions that are undetected by the user Trojan horses- viruses that masquerade as useful programs/files Worm- virus that self-propagates using the internet/other computer network Spyware- programs installed on the user’s computer without the user’s knowledge/permission Key loggers- captures keystrokes without the user’s knowledge Adware- similar to spyware, resides in the background and watches user’s behavior Malware Safeguards: 1) Install antivirus and antispyware programs 2) Set up antimalware programs to scan your computer frequently 3) Update malware definitions 4) Open email attachments only from known sources 5) Promptly install software updates from legit sources 6) Browse only in reputable internet neighborhoods Chapter Extension 14: Data Breaches Data breach fees: o Notification o Detection o Escalation o Remediation o Legal fees and consultation Personally identifiable info (PII) - data used to identify a person o Names, addresses, birthdates, social security, etc. Carding- validation process that charges a small amount on a stolen credit card to make sure its working Attack vectors- ways of attacking targets Exploit- software used to take advantage of new vulnerability in a target’s app or operating system Spear phishing- targeted phishing attack How to respond to data breaches: 1) Respond quickly 2) Plan for data breach 3) Be honest about the breach Walk-through- meeting that discusses the steps each person takes of the occurrence of data breaches Business continuity planning- how to return the org to normal operations quickly following data breaches Computer security incident response team (CSIRT) - team including staff from leg/public relations departments Notifying users of data breach: 1) Be transparent in activity and demonstrate you’re getting the word out 2) Follow normal media routine 3) Avoid absolutes 4) Avoid misleading statements 5) Don’t withhold key details 6) Stay focused and concise Payment card industry data security standard (PCI DSS) – standards governing secure storage of cardholder data o Standards: 1) Build/maintain secure network & systems 2) Protect cardholder data 3) Maintain a vulnerability management program 4) Implement strong access control measures 5) Regularly monitor/test networks 6) Maintain info security policy Federal info security management act (FISMA) - requires security precautions for Gov. Agencies Gramm-Leach-Bliley Act (GLBA) – financial services modernization act that requires data protection for financial institutions Health Info portability & accountability act (HIPAA) – requires data protection for healthcare institutions Family educational rights & privacy act (FERPA) – gives protection for student education records Countermeasures – software/procedures used to prevent attacks Network intrusion detection system (NIDS) – intrusion detection system that examines traffic passing through a network to identify possible attacks Data loss prevention systems (DLP) – prevent sensitive data from being released to unauthorized people Preventing data loss: 1) Don’t collect more data than necessary 2) Permanently destroy old data 3) Limit number of places data is stored 4) Limit employee access to data 5) Document/log access to critical data 6) Develop effective termination procedures to prevent data theft 7) Develop policies that govern offsite data storage and use 8) Encrypt data when possible 9) Provide training to users about data security standards


Buy Material

Are you sure you want to buy this material for

0 Karma

Buy Material

BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.


You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

Why people love StudySoup

Steve Martinelli UC Los Angeles

"There's no way I would have passed my Organic Chemistry class this semester without the notes and study guides I got from StudySoup."

Amaris Trozzo George Washington University

"I made $350 in just two days after posting my first study guide."

Jim McGreen Ohio University

"Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."


"Their 'Elite Notetakers' are making over $1,200/month in sales by creating high quality content that helps their classmates in a time of need."

Become an Elite Notetaker and start selling your notes online!

Refund Policy


All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email


StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here:

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.