New User Special Price Expires in

Let's log you in.

Sign in with Facebook


Don't have a StudySoup account? Create one here!


Create a StudySoup account

Be part of our community, it's free to join!

Sign up with Facebook


Create your account
By creating an account you agree to StudySoup's terms and conditions and privacy policy

Already have a StudySoup account? Login here

IS 2080C Prof Rapien Week 8 Notes

by: Brady Zuver

IS 2080C Prof Rapien Week 8 Notes IS 2080C

Marketplace > University of Cincinnati > IS 2080C > IS 2080C Prof Rapien Week 8 Notes
Brady Zuver
GPA 3.94

Preview These Notes for FREE

Get a free preview of these Notes, just enter your email below.

Unlock Preview
Unlock Preview

Preview these materials now for free

Why put in your email? Get access to more of this material and other relevant free materials for your school

View Preview

About this Document

This section of notes discusses Information security, focusing on the factors that affect the vulnerability of technology, the threats (both intentional and unintentional) that companies face when ...
IS 2080C
Class Notes
25 ?




Popular in IS 2080C

Popular in Department

This 5 page Class Notes was uploaded by Brady Zuver on Wednesday October 12, 2016. The Class Notes belongs to IS 2080C at University of Cincinnati taught by Prof.Rapien in Fall 2016. Since its upload, it has received 3 views.


Reviews for IS 2080C Prof Rapien Week 8 Notes


Report this Material


What is Karma?


Karma is the currency of StudySoup.

You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 10/12/16
IS 2080C Professor Rapien Week 8 Notes Chapter 7 Information Security 1. Five Factors Increasing Vulnerability of Information a. Today’s interconnected, interdependent, wirelessly-networked business environment i. If you are on the network, every computer on the network has access to you unless there are proper security measures in place b. Smaller, Faster, cheaper computers and storage devices c. Decreasing skills necessary needed to be a hacker i. Can watch videos on YouTube how to hack d. International Organized crime taking over cybercrime e. Lack of management support i. Inconvenient to secure f. Definitions i. Security: the degree of protection against criminal activity, danger, damage, and/or loss ii. Information Security: all of the processes and policies designed to protect an organization’s information and information systems (IS) from unauthorized access, use, disclosure, disruption, modification, or destruction iii. Threat: any danger to which a system may be exposed iv. Exposure: of an information resource is the harm, loss, or damage that can result if a threat compromises that resource v. Vulnerability: the possibility that the system will be harmed by a threat vi. Cybercrime: 2. Unintentional Threats to Information Security a. Unintentional Threats i. Most dangerous employees 1. Human Resources a. Know SSID, address, passwords, etc. 2. Information Technology a. Wrote the systems, know how to access all the data 3. Consultants, janitors security guards a. Don’t have to follow all the rules b. Janitors have keys and access to office late c. Security Guards, supposed to be where no one else is (where no one is watching) ii. Internet 1. Software can be written with backdoors 2. People with administrative rights on computer can install insecure applications 3. Data duplication/Data Entry Problems 4. Bad software, Malware, Viruses, etc 5. Non-secure terminals 6. Unauthorized hacking 7. Natural Disasters iii. Human Errors 1. Higher Employee Levels=Higher Levels of Security Risk 2. Human mistakes a. Data error (incorrect typing or duplicate data) b. Carelessness with Laptops or PCs c. Careless internet surfing d. Poor Password selection and use iv. Security is inconvenient, but Essential! b. Information Security i. Social Engineering 1. an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords a. Posing: Impersonating someone on the phone, such as a company manager or IS employee b. Tailgating: Tagging along to get in the company’s building c. Shoulder Surfing: Looking over someone’s shoulder d. Phishing: Sending email, “fishing” for someone to click, and enter data in a lookalike site to steal info. 3. Deliberate Threats to Information Security a. Espionage or Trespass i. When an unauthorized individual attempts to gain illegal access to organizational information ii. Pushing: b. Information Extortion i. when an attacker either threatens to steal, or actually steals, information from a company 1. Demands payment for not stealing information, returning stolen information or agreeing not to disclose info c. Sabotage or Vandalism i. acts that involve defacing an organization’s Web site, potentially damaging the organization’s image and causing its customers to lose faith d. Theft of Equipment or Information i. Stealing physical devices to get information ii. Dumpster Diving: looking through commercial or residential trash to find information that was thrown away e. Identity Theft i. Deliberate assumption of another person’s identity ii. Used to gain access to financial information or frame them for a crime f. Compromises to Intellectual Property i. Intellectual Property: Protected property created by individuals or corporations 1. Trade Secret: A company secret and is not based on public information 2. Patent: An official document that grants the holder exclusive rights on an invention or a process 3. Copyright: a statutory grant that provides the creators or owners of intellectual property with ownership of the property a. Patent and Copyright for a specified period of time g. Software Attacks i. User action related attacks 1. Virus: Segment of computer code that performs malicious actions by attaching to another computer program 2. Worm: Segment of computer code that performs malicious actions and will replicate, or spread, by itself 3. Phishing Attack: use deception to acquire sensitive personal information by masquerading as official-looking e-mails or instant messages 4. Spear Phishing: Targets large groups of people a. perpetrators find out as much information about an individual as possible to improve their chances that phishing techniques will obtain sensitive, personal information ii. Programmer Created 1. Trojan Horse: Download software you want, that also has malicious things in the background a. Toolbars can be Trojan Horse that log everything you do 2. Logic Bomb: Virus that spreads and is activated on a certain time 3. Back Door: Programmers can bypass security to work on software iii. Non-user Actions 1. Denial-of-Service Attack: sends so many information requests to a target computer system that the target cannot handle them successfully and typically crashes 2. Distributed Denial-of-Service Attack: Attacker takes over many computers (called zombies or bots) a. Uses these bots to deliver a stream of information to crash a target computer h. Alien Software i. Secret software that is installed via dishonest methods 1. Adware: software that causes pop-up advertisements to appear on your screen 2. Spyware: software that collects personal information about users without their consent 3. Spamware: pestware that uses your computer as a launch pad for spammers 4. Spam: unsolicited e-mail, usually advertising for products and services 5. Cookies: small amounts of information that Web sites store on your computer, temporarily or more or less permanently i. Keystroke Loggers i. Track all the keystrokes on the computer, can be used to access accounts by tracking when you put in username and passwords j. SCADA i. A large-scale, distributed measurement and control system 1. are used to monitor or to control chemical, physical, and transport processes such as those used in oil refineries, water and sewage treatment plants, electrical generators, and nuclear power plants k. Cyberterrorism and Cyberwarfare i. Malicious acts in which attackers use a target’s computer systems, particularly via the Internet ii. Used to cause physical, real-world harm or severe disruption 4. What Organizations are doing to Protect Information Resources a. Risk Management: Identifies, controls and minimizes impact of threats i. Analysis 1. Assesses value of assets 2. Estimate probability of compromise 3. Used to compare costs to protect vs not protecting ii. Mitigation 1. Takes concrete actions against risk a. Two Functions i. Implement controls to prevent identified threats from occurring ii. Develop a means of recovery if the threat becomes a reality iii. Controls Evaluation 1. Testing to see if security works 5. Information Security Controls a. Physical Controls i. Prevent unauthorized individuals from gaining access to a company’s facilities 1. Common: Walls, Doors, Fencing/Gates, Locks, Alarms, etc. 2. More Sophisticated: Pressure Sensors, Temp Sensors, Motion Detectors b. Access Controls i. Restrict unauthorized individuals from using information resources 1. Authentication Confirms Identity of the person requiring access a. Something the User Is: Biometrics (Face, Retina, etc.) i. Examines a person’s innate physical characteristics b. Something the User Has: ID Cards, Tokens, Etc. c. Something the User Does: Voice and Signature Recognition d. Something the User Knows: Passwords and Passphrases i. Good Passwords: Hard to Guess, Long, Not a Name or anything Familiar to you c. Communication/Network Controls i. Secure the movement of data across networks 1. Firewall: System that prevents a specific type of information from moving between untrusted networks 2. Anti-malware (Anti-virus): software packages that attempt to identify and eliminate viruses and worms, and other malicious software 3. Whitelisting: process in which a company identifies the software that it will allow to run on its computers and permits acceptable software a. Either prevents any other software from running b. Or lets new software run only in a quarantined environment until the company can verify its validity 4. Blacklist: Includes types of software that are not allowed to run in the company environment 5. Encryption: Converts the original message into a form that cannot be read by anyone except the intended receiver 6. Virtual Private Network (VPN): private network that uses a public network to connect users d. Business Continuity i. Chain of events linking planning to protection and to recovery ii. Business Continuity Plan: provide guidance to people who keep the business operating after a disaster occurs e. Information Systems Auditing i. Audit: An examination of Info Systems, their inputs, outputs and processing ii. Internal and External Audits iii. Is Auditing Procedures – 3 Categories 1. Auditing Around the Computer: Verifying processing by checking for known outputs using specific inputs 2. Auditing Through the Computer: auditors check inputs, outputs, and processing a. review program logic, and they test the data within the system 3. Auditing With the Computer: using a combination of client data, auditor software, and client and auditor hardware a. Enables the auditor to perform tasks such as simulating payroll program logic using live data


Buy Material

Are you sure you want to buy this material for

25 Karma

Buy Material

BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.


You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

Why people love StudySoup

Jim McGreen Ohio University

"Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."

Jennifer McGill UCSF Med School

"Selling my MCAT study guides and notes has been a great source of side revenue while I'm in school. Some months I'm making over $500! Plus, it makes me happy knowing that I'm helping future med students with their MCAT."

Steve Martinelli UC Los Angeles

"There's no way I would have passed my Organic Chemistry class this semester without the notes and study guides I got from StudySoup."

Parker Thompson 500 Startups

"It's a great way for students to improve their educational experience and it seemed like a product that everybody wants, so all the people participating are winning."

Become an Elite Notetaker and start selling your notes online!

Refund Policy


All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email


StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here:

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.