New User Special Price Expires in

Let's log you in.

Sign in with Facebook


Don't have a StudySoup account? Create one here!


Create a StudySoup account

Be part of our community, it's free to join!

Sign up with Facebook


Create your account
By creating an account you agree to StudySoup's terms and conditions and privacy policy

Already have a StudySoup account? Login here

IS, Chapter 4 notes

by: Daria Trikolenko

IS, Chapter 4 notes CIS 2010

Marketplace > Georgia State University > CIS 2010 > IS Chapter 4 notes
Daria Trikolenko

Preview These Notes for FREE

Get a free preview of these Notes, just enter your email below.

Unlock Preview
Unlock Preview

Preview these materials now for free

Why put in your email? Get access to more of this material and other relevant free materials for your school

View Preview

About this Document

Chapter 4 notes
Intro Computer Based Information Systems
Jim Senn
Class Notes
25 ?




Popular in Intro Computer Based Information Systems

Popular in Department

This 4 page Class Notes was uploaded by Daria Trikolenko on Friday September 16, 2016. The Class Notes belongs to CIS 2010 at Georgia State University taught by Jim Senn in Fall 2016. Since its upload, it has received 20 views.


Reviews for IS, Chapter 4 notes


Report this Material


What is Karma?


Karma is the currency of StudySoup.

You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 09/16/16
Chapter 4. Introduction to information security Security can be defined as the degree of protection against criminal activity, danger, damage and loss. Information security- all of the processes and polices designed to protect an organization’s info and info system from unauthorized access, use, disclosure, disruption, modification, or destruction. 1) Organization collect info and inform systems that are subject to myriad threats (danger to which system may be exposed) 2) The exposure of info is the harm, loss or damage that can result it a threat compromises that resource. 3) An info resource’s vulnerability is the possibility that system will be harmed by a threat. Five key factors to the increasing vulnerability:  Today’s interconnected, interdependent, wirelessly networking business environment;  Smaller, faster, cheaper computers and storage devices;  Decreasing skills necessary to be a computer hacker;  International organized crime taking over cybercrime;  Lack of management support. Unintentional threats to IS: This is an act performed without malicious intent that nevertheless represent a serious threat to Info security. Human errors:  Higher level of employee, the greater the threat he poses to info security;  The employees in two areas of the organization pose significant threat to information security: human resource and IS. Errors are typically the result of laziness, carelessness, or lack of awareness concerning info, security. Social Engineering  Attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as password. Two social engineering techniques: 1) Tailgating-allow the perpetrator to enter restricted areas that are controlled with locks or card entry; 2) Shoulder surfing- when perpetrator watches an employee’s computer screen over the employee’s shoulder. Deliberate threats to IS:  Espionage or trespass- when an unauthorized individual attempts to gain illegal access to organizational information - Competitive intelligence: legal info, gathering techniques, studying web-site and press releases. - Industrial espionage: crosses the legal boundary.  Information extortion – an attacker either threatens to steal or actually steals information from company;  Sabotage or vandalism- deliberate acts that involve defacing an organization’s Web-site, potentially damaging the org. image and causing its customers to lose faith.  Theft of equipment or information- small devices (cell phones) easier to steal and use information. Dumpster diving- involves rummaging through commercial or residential trash to find discarded info (papers, files, letters, IDs).  Identify theft- deliberate assumption of another person’s identity, to gain access to his financial info or to frame him for crime.  Compromises to intellectual property- property created by individuals or corporations that is protected under trade secret, patent, copyright, laws.  Trade secret- intellectual work, which is company secret and is not based on public info.  A patent- an official document that grants the holder exclusive rights on an invention or a process for a specified period of time. (20years)  Copyright- a statutory grant that provides the creator or owns of intellectual property with ownership for a designed period. (+70 years) Piracy- major problem for software vendors.  Software attacks: - Malware attacks- typically via the Web, to make money; - Remote attacks requiring user action (virus, worm, phishing attack); - Remote attacks needing no user action (denial-of-service attack, distribution denial-of-service attack); - Attacks by a programmer developing a system (Trojan horse, back door, logic bomb).  Alien software- clandestine software that is installed on your computer through duplicitous methods: - adware pop-up ads; - spyware; - spamware; - cookies.  Supervisory control and data acquisition attacks – large-scale, distributed measurements and control system, used to monitor or to control chemical physical, and transport process (oil refineries);  Cyberterrorism and cyberwarfare- refer to malicious acts in which attacks use a target’s computer system, particularly via the internet, to cause physical, real world harm or severe disruption, often to carry out a political agenda. What organizations are doing to protect info resources Difficulties in protecting: - Hundreds of potential threats; - Resources may be situated in many locations; - Networks located outside of organization; - Online commerce industry is not willing o install safeguards; - Difficult to catch perpetrators. Risk- the probability that a threat will impact an information resource. The goal of risk management is to identify, control and minimize the impact of threats, reduce risk of acceptable levels:  Risk analysis: 1) Assessing the value of each asset being protected 2) Estimating the probability that each asset will be compromised 3) Comparing the probable costs of the asset’s being compromised with cost of protecting this asset.  Risk mitigation- taking concentrate to prevent against risks: 1) Implementing controls to prevent identified threats from occurring; 2) Developing a means of recovery if the threat becomes a reality Most common risks:  Risk acceptance  Risk limitations  Risk transference  Control evaluations- examines the cost of implementing adequate control measures against the value of those control measures. Information Security Controls Controls are designed to protect all of the components of an IS, including data, networks Physical Controls Prevent unauthorized individuals from gaining access to company’s facilities. (walls, doors, fencing, gates, pressure sensors, motion detectors). Organizations implement physical security measures that limit computer users to acceptable login times and locations. Access controls Restrict unauthorized individuals from using info resources: - Authentication-confirms the identity of the person requiring access; - Authorization- determines which action, rights or privileges that person has. Communications control: Or network controls secure the movement of data across network. Consist of: 1) Firewalls- system that prevents a specific type of information from moving between untrusted networks and private networks. 2) Anti-malware system (antivirus)- software packages that attempt to identify and eliminate viruses and worms, and other malicious software. Filter traffic according to a database of specific problem. 3) Whitelisting- process in which a company identifies the software that it will allow to run on its computers. Blacklisting- allows everything to run unless it is in the blacklist. 4) Encryption- process of converting an original message into a form that cannot be read by anyone except the intended receiver. Public-key encryption- uses two different keys: public and private; 5) Virtual private networking –private network that uses a public network to connect users. - Allow remote users to access the company network - Provide flexibility - Org. can impose their security policies through VPNs. 6) Transport layer security- an encryption standard used for secure transaction such as credit cards purchases and online banking; 7) Employee monitoring system – scrutinize their employee’s computers, e-mail activities, and internet surfing activities. Business continuity planning It is chain of events lining planning to protection and to recovery. Provide guidance to people who keep the business operating after a disaster occurs. Information system auditing It is an examination of informational systems, their inputs, outputs, and processing. Auditors: - internal (corporate), - external (reviews the findings of the internal audits) Audits: - internal, - external (part of the overall external auditing performing by CPA) How is auditing executed?  Auditing around computer: verifying processing by checking for known outputs using specific inputs;  Auditing though computer: check inputs, outputs, processing;  Auditing with the computer: using a combination of driven data, auditor software, and client and auditor hardware.


Buy Material

Are you sure you want to buy this material for

25 Karma

Buy Material

BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.


You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

Why people love StudySoup

Steve Martinelli UC Los Angeles

"There's no way I would have passed my Organic Chemistry class this semester without the notes and study guides I got from StudySoup."

Allison Fischer University of Alabama

"I signed up to be an Elite Notetaker with 2 of my sorority sisters this semester. We just posted our notes weekly and were each making over $600 per month. I LOVE StudySoup!"

Bentley McCaw University of Florida

"I was shooting for a perfect 4.0 GPA this semester. Having StudySoup as a study aid was critical to helping me achieve my goal...and I nailed it!"

Parker Thompson 500 Startups

"It's a great way for students to improve their educational experience and it seemed like a product that everybody wants, so all the people participating are winning."

Become an Elite Notetaker and start selling your notes online!

Refund Policy


All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email


StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here:

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.