Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 8 - Coggle Diagram
CHAPTER 8
SECURING INFORMATION SYSTEMS
CONTEMPORARY SECURITY CHALLENGES AND VULNERABILTISE
HACKERS AND COMPUTERS CRIME
Hackers vs. crackers
• Activities include:
– System intrusion
– System damage
– Cybervandalism
▪ Intentional disruption, defacement, destruction of website or corporate information system
• Spoofing and sniffing
Denial-of-service attacks (DoS)
• Distributed denial-of-service attacks (DDoS) • Botnets
• Spam
• Computer crime
– Computer may be target of crime
– Computer may be instrument of crime
SECURING WIRELESS NETWORK
WEP security
– Static encryption keys are relatively easy to crack – Improved if used in conjunction with VPN
• WPA2 specification
– Replaces WEP with stronger standards – Continually changing, longer encryption keys
Hacker attack the SWIFT global banking network
PROBLEMS
tempting hacker target
uneven security and controls
loose management structure
SOLUTIONS
develop security policies, plan, procedures
Firewalls
Two-factor authentication
Anti-malware
WHY SYSTEMS ARE VURNERABLE
Security
Policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems
Controls
Methods, policies, and organizational procedures that ensure safety of organization’s assets; accuracy and reliability of its accounting records; and operational adherence to management standards
WIRELESS SECURITY CHALLENGES
Radio frequency bands easy to scan
• SSIDs (service set identifiers)
– Identify access points, broadcast multiple times, can be identified by sniffer programs
• War driving
– Eavesdroppers drive by buildings and try to detect SSID and gain access to network and resources – Once access point is breached, intruder can gain access to networked drives and files
• Rogue access points
Legal and Regulatory Requirements for Electronic Records Management
HIPAA
– Medical security and privacy rules and procedures
• Gramm-Leach-Bliley Act
– Requires financial institutions to ensure the security and confidentiality of customer data
• Sarbanes-Oxley Act
– Imposes responsibility on companies and their management to safeguard the accuracy and integrity of financial information that is used internally and released externally
