LIU Information Security Discussion

User Generated

Evfuvcngry

Business Finance

Long Island University

Description

Unformatted Attachment Preview

Chapter Four Ethics and Information Security – MIS Business Concerns © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. CHAPTER FOUR OVERVIEW SECTION 4.1 – Ethics • Information Ethics • Developing Information Management Policies SECTION 4.2 – Information Security • Protecting Intellectual Assets • The First Line of Defense - People • The Second Line of Defense - Technology © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. SECTION 4.1 ETHICS © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. SECTION 4.1 LEARNING OUTCOMES 1. Explain the ethical issues in the use of the information age 2. Identify the six epolicies an organization should implement to protect themselves © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. INFORMATION ETHICS1 Ethics – The principles and standards that guide our behavior toward other people Information ethics – Govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of information itself © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. INFORMATION ETHICS2 Business issues related to information ethics • Intellectual property • Copyright • Pirated software • Counterfeit software • Digital rights management © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Intellectual property - Intangible creative work that is embodied in physical form https://ethicsunwrapped.utexas.edu/case-study/digitaldownloads Copyright - The legal protection afforded an expression of an idea, such as a song, video game, and some types of proprietary documents Fair use doctrine - In certain situations, it is legal to use copyrighted material Pirated software - The unauthorized use, duplication, distribution, or sale of copyrighted software Counterfeit software - Software that is manufactured to look like the real thing and sold as such Digital rights management – A technological solution that allows publishers to control their digital media to discourage, limit, or © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. NAPSTER CASE: Digital Downloads Copyright laws exist to protect authors’ and publishers’ rights, but also to balance that protection with access and innovation. In 1999, two teenagers created the file-sharing program Napster. Within its first year, the service surpassed 20 million users. Many Napster users shared music files with each other, but without any compensation to the artists and producers who made the music, sparking a series of legal battles over copyright and distribution. In 2001, an appellate panel upheld a previous ruling that Napster violated copyright laws, stating that, “Repeated and exploitative unauthorized copies of copyrighted works were made to save the expense of purchasing authorized copies.” © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. NAPSTER CASE: Artists were divided on the benefits and harms of Napster. Over 70 artists formed “Artists Against Piracy” in coalition with major record companies to combat the piracy occurring on Napster and other peer-to-peer internet services. In contrast, some established artists such as Neil Young saw piracy as the “new radio” and applauded the potential to reach larger audiences and drive additional sales through increased popularity. Seeing both the benefits and detriments of piracy, singer Norah Jones stated, “If people hear it I’m happy…it’s great that young people who don’t have a lot of money can listen to music and be exposed to new things… But I also understand it’s not ideal for the record industry, and a lot of young artists who won’t make any [money] off their album sales, but at least they can tour.” © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Although court rulings forced Napster to terminate its filesharing business, Napster’s innovations stimulated payment-based services, such as iTunes, Pandora, and many others. But the availability of such services has not put an end to the debate surrounding artist compensation with digital music, as seen with Taylor Swift’s open letter to Apple in 2015. Swift’s albums, along with the music of many other artists, were going to be streamed at no cost to new Apple Music customers over the first three months of service without any compensation to the artists. In her open letter, Swift stated, “I’m not sure you know that Apple Music will not be paying writers, producers, or artists for those three months. I find it to be shocking, disappointing, and completely unlike this historically progressive and generous company.” Within a few hours, Apple responded by changing the terms of its agreement in order to compensate artists at a reduced rate © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. 1. Artists generally agree that piracy causes financial harm, but some artists recognize that piracy creates exposure for the artist and access for the listener. Do you think the benefits of piracy outweigh the harms done? Why or why not? 2. Along with other file-sharing services, Napster helped to stimulate payment-based services such as iTunes, Pandora, and many others. Do you think this positive outcome justifies Napster’s illegal activities? Why or why not? 3. If Apple had not agreed to compensate artists in response to Swift’s open letter, do you think it would be ethically questionable to subscribe to their service? Are you, as a consumer, more likely to subscribe as a result of Apple’s response? Why or why not? © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. INFORMATION ETHICS3 Privacy is a major ethical issue • Privacy – The right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent • Confidentiality – the assurance that messages and information are available only to those who are authorized to view them © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. INFORMATION ETHICS4 Individuals form the only ethical component of MIS • Individuals copy, use , and distribute software • Search organizational databases for sensitive and personal information • Individuals create and spread viruses • Individuals hack into computer systems to steal information • Employees destroy and steal information © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. What is Technology Ethics? Technology ethics is the application of ethical thinking to the practical concerns of technology. The reason technology ethics is growing in prominence is that new technologies give us more power to act, which means that we have to make choices we didn't have to make before © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Student Tracking Software Universities are increasingly using predictive analytics to—essentially—stalk a candidate. Some college websites use software that reveals the name, age, ethnicity, address and contact information of a candidate, as well as which specific college sub-pages he/she visited and how long was spent on each web page. The college then uses these factors to determine an “affinity score” that decides how likely a candidate is to accept an offer from the college. But, Baron says, when colleges assign scores to students based on income and interest, it strips applications of much of their context and it also discriminates against lowincome students or those without dedicated Internet access. The analytics have the potential to harm a prospective student’s college admission based on an algorithm that assumes ideal candidates. © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Class Dojo and Classroom Surveillance ClassDojo is a popular online tool that, through recording in the classroom, scores children on their behavior, and then shares that with the class, as well as parents. The system’s company says it is meant to foster positive behavior in the classroom, but pundits raise more than a few concerns, including: 1) can the information be hacked; 2) how is good behavior quantified/defined?; and 3) does it promote anxiety/shame among students? © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. INFORMATION ETHICS5 Acting ethically and legally are not always the same © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. INFORMATION DOES NOT HAVE ETHICS, PEOPLE DO Information does not care how it is used, it will not stop itself from sending spam, viruses, or highly-sensitive information Tools to prevent information misuse • Information management • Information governance • Information compliance • Information Secrecy • Information Property © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. DEVELOPING INFORMATION MANAGEMENT POLICIES Organizations strive to build a corporate culture based on ethical principles that employees can understand and implement © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. ETHICAL COMPUTER USE POLICY Ethical computer use policy – Contains general principles to guide computer user behavior The ethical computer user policy ensures all users are informed of the rules and, by agreeing to use the system on that basis, consent to abide by the rules © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. INFORMATION PRIVACY POLICY The unethical use of information typically occurs “unintentionally” when it is used for new purposes Information privacy policy - Contains general principles regarding information privacy © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. ACCEPTABLE USE POLICY Acceptable use policy (AUP) – Requires a user to agree to follow it to be provided access to corporate email, information systems, and the Internet Nonrepudiation – A contractual stipulation to ensure that ebusiness participants do not deny their online actions Internet use policy – Contains general principles to guide the proper use of the Internet © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. EMAIL PRIVACY POLICY1 Organizations can mitigate the risks of email and instant messaging communication tools by implementing and adhering to an email privacy policy Email privacy policy – Details the extent to which email messages may be read by others © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. EMAIL PRIVACY POLICY2 © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. EMAIL PRIVACY POLICY3 Spam – Unsolicited email Anti-spam policy – Simply states that email users will not send unsolicited emails (or spam) © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. SOCIAL MEDIA POLICY Social media policy – Outlines the corporate guidelines or principles governing employee online communications © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. WORKPLACE MONITORING POLICY1 Workplace monitoring is a concern for many employees Organizations can be held financially responsible for their employees’ actions The dilemma surrounding employee monitoring in the workplace is that an organization is placing itself at risk if it fails to monitor its employees, however, some people feel that monitoring employees is unethical © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. WORKPLACE MONITORING POLICY2 Information technology monitoring – Tracks people’s activities by such measures as number of keystrokes, error rate, and number of transactions processed Employee monitoring policy – Explicitly state how, when, and where the company monitors its employees © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Monitoring Employee email: Efficient Workplaces Vs. Employee Privacy Does a company have the right to monitor employee email? Does a company have the right to monitor personal email used on a corporate device or corporate network? © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. WORKPLACE MONITORING POLICY3 Common monitoring technologies include: • Key logger or key trapper software • Hardware key logger • Cookie • Adware • Spyware • Web log • Clickstream © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Key logger, or key trapper software A program that, when installed on a computer, records every keystroke and mouse click Hardware key logger A hardware device that captures keystrokes on their journey from the keyboard to the motherboard. Cookie A small file deposited on a hard drive by a website containing information about customers and their Web activities. Cookies allow websites to record the comings and goings of customers, usually without their knowledge or consent Adware Software generates ads that install themselves on a computer when a person downloads some other program from the Internet. © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Spyware (sneakware or stealthware) Software that comes hidden in free downloadable software and tracks online movements, mines the information stored on a computer, or uses a computer’s CPU and storage for some task the user knows nothing about Web log Consists of one line of information for every visitor to a website and is usually stored on a Web server Clickstream Records information about a customer during a Web surfing session such as what websites were visited, how long the visit was, what ads were viewed, and what was purchased © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. SECTION 4.2 INFORMATION SECURITY © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. SECTION 4.2 LEARNING OUTCOMES 3. Describe the relationships and differences between hackers and viruses 4. Describe the relationship between information security policies and an information security plan 5. Provide an example of each of the three primary security areas: (1) authentication and authorization, (2) prevention and resistance, and (3) detection and response © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. https://www.youtube.com/watch?v=_GzE99AmAQU&t=172s PROTECTING INTELLECTUAL ASSETS1 Organizational information is intellectual capital - it must be protected https://www.aclu.org/ordering-pizza Information security – The protection of information from accidental or intentional misuse by persons inside or outside an organization Downtime – Refers to a period of time when a system is unavailable © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Do you agree that information requires protection? What happens if all sales information for a business falls into the hands of its customers? What happens if all employee pay rates and bonus information are distributed to all employees? What happens if customer credit card numbers are posted to a website for anyone to view? These are a few of the reasons why it is critical that information must be highly-protected © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. PROTECTING INTELLECTUAL ASSETS2 Sources of Unplanned Downtime © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. PROTECTING INTELLECTUAL ASSETS3 How Much Will Downtime Cost Your Business? © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. SECURITY THREATS CAUSED BY HACKERS AND VIRUSES1 Hacker – Experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge • Black-hat hacker • Cracker • Cyberterrorist • Hactivist • Script kiddies or script bunnies • White-hat hacker © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. White-hat hackers—work at the request of the system owners to find system vulnerabilities and plug the holes Black-hat hackers—break into other people’s computer systems and may just look around or may steal and destroy information Hactivists—have philosophical and political reasons for breaking into systems and will often deface the website as a protest Script kiddies or script bunnies—find hacking code on the Internet and click-and-point their way into systems to cause damage or spread viruses Cracker—a hacker with criminal intent Cyberterrorists—seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. SECURITY THREATS CAUSED BY HACKERS AND VIRUSES2 Virus - Software written with malicious intent to cause annoyance or damage • Worm • Malware • Adware • Spyware • Ransomware • Scareware © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Worm—a type of virus that spreads itself, not only from file to file, but also from computer to computer. The primary difference between a virus and a worm is that a virus must attach to something, such as an executable file, in order to spread. Worms do not need to attach to anything to spread and can tunnel themselves into computers. • Malware - Software that is intended to damage or disable computers and computer systems Adware is software that, although purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements without the consent of the computer user. © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Spyware is a special class of adware that collects data about the user and transmits it over the Internet without the user’s knowledge or permission. Ransomware is a form of malicious software that infects your computer and asks for money. Scareware is a type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software. © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. SECURITY THREATS CAUSED BY HACKERS AND VIRUSES3 Virus - Software written with malicious intent to cause annoyance or damage • Backdoor program • Denial-of-service attack (DoS) • Distributed denial-of-service attack (DDoS) • Polymorphic virus • Trojan-horse virus • Worm © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Denial-of-service attack (DoS)—floods a website with so many requests for service that it slows down or crashes the site Distributed denial-of-service attack (DDoS)—attacks from multiple computers that flood a website with so many requests for service that it slows down or crashes. A common type is the Ping of Death, in which thousands of computers try to access a website at the same time, overloading it and shutting it down. Trojan-horse virus—hides inside other software, usually as an attachment or a downloadable file Backdoor programs—viruses that open a way into the network for future attacks Polymorphic viruses and worms—change their form as they propagate © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. SECURITY THREATS CAUSED BY HACKERS AND VIRUSES4 How Computer Viruses Spread © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. SECURITY THREATS CAUSED BY HACKERS AND VIRUSES5 Security threats to ebusiness include • Elevation of privilege • Hoaxes • Malicious code • Packet tampering • Sniffer • Spoofing • Splogs • Spyware © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Elevation of privilege is a process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system. For example, an attacker might log on to a network by using a guest account, and then exploit a weakness in the software that lets the attacker change the guest privileges to administrative privileges. Hoaxes attack computer systems by transmitting a virus hoax, with a real virus attached. By masking the attack in a seemingly legitimate message, unsuspecting users more readily distribute the message and send the attack on to their co-workers and friends, infecting many users along the way. Malicious code includes a variety of threats such as viruses, worms, and Trojan horses Spoofing is the forging of the return address on an email so that the email message appears to come from someone other than the actual sender. This is not a virus but rather a way by which © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Spyware is software that comes hidden in free downloadable software and tracks online movements, mines the information stored on a computer, or uses a computer’s CPU and storage for some task the user knows nothing about. According to the National Cyber Security Alliance, 91 percent of the study had spyware on their computers that can cause extremely slow performance, excessive pop-up ads, or hijacked home pages. A snifferis a program or device that can monitor data traveling over a network. Sniffers can show all the data being transmitted over a network, including passwords and sensitive information. Sniffers tend to be a favorite weapon in the hacker’s arsenal. Packet tampering consists of altering the contents of packets as the travel over the Internet or altering data on computer disks after penetrating a network. For example, an attacker might place a tap on a network line to intercept packets as they leave the computer. The attacker could eavesdrop or alter the information as it leaves the network. © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Can you research the Internet to find the latest version of the CSI/FBI Computer Crime and Security Survey to find the newest information on computer crime and security breeches © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Review LIU school’s information security plan and policies. Have them answer the following questions: • What did the plan address that your students found surprising? • What is the plan missing or failing to address? • What policies were missing or not addressed appropriately? • What policies should be added to the plan? • How frequently should the plan be updated? • Who should be responsible for updating the plan? • Who should be asked for sign-off on the plan? • How should the plan be communicated with all students and staff? © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. THE FIRST LINE OF DEFENSE – PEOPLE Organizations must enable employees, customers, and partners to access information electronically The biggest issue surrounding information security is not a technical issue, but a people issue • Insiders • Social engineering • Dumpster diving • Pretexting © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. THE SECOND LINE OF DEFENSE - TECHNOLOGY There are three primary information technology security areas © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. AUTHENTICATION AND AUTHORIZATION1 Identity theft – The forging of someone’s identity for the purpose of fraud • Phishing • Pharming • Sock puppet marketing • Astroturfing © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. Phishing – A technique to gain personal information for the purpose of identity theft, usually by means of fraudulent email Pharming – Reroutes requests for legitimate websites to false websites Sock puppet marketing is the use of a false identity to artificially stimulate demand for a product, brand, or service. A false identity on the Internet is known colloquially as a sock puppet or catfish, depending upon the level of detail attached to the false identity. Typically, a sock puppet has very little (if any) detail attached to it and may simply be a fictional name attached to a new Google or Yahoo email account. Astroturfing, the practice of artificially stimulating online conversation and positive reviews about a product, service, or brand. Sock puppets can be created quickly and are frequently used on social media websites that rely on customer reviews © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. AUTHENTICATION AND AUTHORIZATION2 Authentication – A method for confirming users’ identities Authorization – The process of giving someone permission to do or have something The most secure type of authentication involves 1. Something the user knows 2. Something the user has 3. Something that is part of the user © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. SOMETHING THE USER KNOWS SUCH AS A USER ID AND PASSWORD1 This is the most common way to identify individual users and typically contains a user ID and a password This is also the most ineffective form of authentication Over 50 percent of help-desk calls are password related © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. SOMETHING THE USER KNOWS SUCH AS A USER ID AND PASSWORD2 Smart cards and tokens are more effective than a user ID and a password • Tokens – Small electronic devices that change user passwords automatically • Smart card – A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. SOMETHING THAT IS PART OF THE USER SUCH AS A FINGERPRINT OR VOICE SIGNATURE This is by far the best and most effective way to manage authentication Biometrics – The identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting Unfortunately, this method can be costly and intrusive © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. PREVENTION AND RESISTANCE1 Prevention and resistance technologies stop intruders from accessing and reading data Privilege escalation - A network intrusion attack that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications • Vertical privilege escalation • Horizontal privilege escalation © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. PREVENTION AND RESISTANCE2 Downtime can cost an organization anywhere from $100 to $1 million per hour Technologies available to help prevent and build resistance to attacks include 1. Content filtering 2. Encryption 3. Firewalls © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. PREVENTION AND RESISTANCE3 Spam – A form of unsolicited email Content filtering - Prevents emails containing sensitive information from transmitting and stops spam and viruses from spreading © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. PREVENTION AND RESISTANCE4 Personally identifiable information (PII) - Any data that could potentially identify a specific individual • Sensitive PII • Nonsensitive PII © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. PREVENTION AND RESISTANCE7 One of the most common defenses for preventing a security breach is a firewall • Firewall – Hardware and/or software that guards a private network by analyzing the information leaving and entering the network © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. PREVENTION AND RESISTANCE8 Sample firewall architecture connecting systems located in Chicago, New York, and Boston © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. DETECTION AND RESPONSE If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage Intrusion detection software – Features full-time monitoring tools that search for patterns in network traffic to identify intruders © McGraw Hill Education” but the suggested line is: “Copyright © McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education. LEARNING OUTCOME REVIEW • Now that you have finished the chapter please review the learning outcomes in your text Question 1 -- / 0.5 Class Exercise for Information Security 2/24/2022 There are various security threats listed in the textbook chapter 4 and on the PowerPoint slides. Please read the powerpoint slides from 39-49 (chapter 4) to generate ideas about the cyber threats. TASK 1: To learn about information security and protection, students search on the internet by “Cyber Crime Examples in the year 2020-2021” read those examples and discussion. List at least 5 Cyber Crimes that have taken place in the year 2020-21. Type your answer Question 2 -- / 0.25 Read the slide number in Chapter 4, from 56 - 59 Can you demonstrate an example that ensures users authentication and authorization? Type your answer Question 3 -- / 0.25 Read the slides from 62-65 (ch:4) demonstrate two examples (any software name) for prevention and resistance Type your answer
Purchase answer to see full attachment
Explanation & Answer:
300 Words
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

View attached explanation and answer. Let me know if you have any questions.

INFORMATION SECURITY

1

Information Security
Name:
Institution:
Course code:
Instructor:
Date:

INFORMATION SECURITY

2

Question 1
Cyber-crimes that have taken place in the year 2020-21
The year 2020-21 was a busy year for cybersecurity experts and IT professionals as there were
several cyberattacks in most businesses worldwide (Hussain,2021). That is the year recorded as
the record-breaking year. However, the number of attacks the intensity of the attacks are
expected to rise in 2022.
Phishing cases were mostly reported in the year 2021. Phishing is a social attack often
used to steal user data such as login credentials and credit numbers. It was respon...

Related Tags