Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 5 Protecting information resources (1) - Coggle Diagram
Chapter 5
Protecting information resources (1)
3 Aspects of security
Integrity
Accuracy of information resources within organisation
Availability
-Authorized users have access when needed
-Computers and network in working order
-Quick recovery in event of system failure or disaster
Confidentiality
System must prevent disclosing information to unauthorized users
Risks associated with IT
IT can be misused:
-Invade users' privacy
-Commit computer crimes
Mitigate risks:
-Regular updating of operating system
-Anti-virus, anti-spyware
-E-mail security measures
Physical security controls
Control access to computers and networks and include devices for securing computers and peripherals from theft
Types of physical security
-Cable shielding
-Corner bolts
-Electronic trackers
-ID badges
-Proximity release door openers
-Room shielding
-Steel encasements
Computer and network security
Critical for most organizations:
-Hackers - types of hackers
-Sensitive information on computers
Comprehensive security system:
Protects information in 3 different states:
-Transmission
-Storage
-Processing
Security measures
Callback-modems (non-biometric)
verifies if a users' access is valid by loggin the user off after an attempt to connect to the network and then calling the user back at a predetermined number
Firewalls (non-biometric)
-Combination of hardware and software that acts as a filter or barrier between a private network and external computers or networks (including the internet)
-Network administrator defines the rules for access and blocks other traffic
-Can examine data passing into or out of a network and decide whether to allow it
-Filters incoming and outcoming data
Biometric security
-Use a physiological element that is unique to a person
-Only gains access if details are already stored on database
Types of biometric security:
-Facial recognition
-Fingerprint reader
-Hand-geometry
-Iris-analysis
-Palm prints
-Vein analysis
-Voice recognition
Intrusion detection systems (non-biometric)
-Protects against internal and external intrusions
-Places in front of a firewall - identifies attack - notifies the network administrator - ends connection with suspect source
Types of threats
Logic bombs
-Type of trojan-program used to release a virus, worm or other destructive code
-Activated at specific time or event
-E.g. When an employee is dismissed
Backdoors
-Built in programmers
-Enables the programmer to bypass security and sneak back into the system to access program or files
Trojans
-Contains code intended to disrupt computer, network or website
-Hidden in popular program
-Users use the popular program, unaware that malicious software is running in the background
Blended threats
Security threat that combines the characteristics of computer viruses, worms and other malicious codes with vulnerabilities found on public and private networks
Worms
-Travels from computer to computer in the network
-Usually do not wipe data - corrupts data
-Unlike a virus, a worm is an independent program
-Can spread itself without being attached to a host program
-Eats up computing resources
Distributed denial of service attack (DoSS)
Floods a network or server with service requests to prevent legitimate users' access to the system
Virus
-Consists of self propagating program code
-Sometimes activated by specific event or time
-When program or operating system containing the virus is used, the virus attaches itself to other files
-Cycle continues
-Can be transmitted through e-mail attachments or a network
Social engineering
-Using people skills to trick others into revealing private information
-Takes advantage of human element of security systems
Types of risks
Phishing
-Sends fraudulent e-mails that seem to come from legitimate sources
-Refers the user to false websites to obtain personal information
Keystroke loggers
-Hardware and software devices that monitor keyboard commands and keep record
-Steals passwords and bank details
-Trade secrets
Adware
Form of spyware which collects information from the user in order to display advertisements in the Web browser without the user's permission
Sniffing
Capturing and recording of network traffic
Spyware
Software which secretly gathers information about users while they are on the web
Spoofing
Attempt to gain access to network by appearing to be an authorized user in order to gain access to sensitive information
Cookies
-Small text files with unique ID tags embedded in Web browser and stored
on user's hard drive
-Provide information about a user's location and computer equipment = violation of privacy
Computer crime and fraud
-Unauthorized use of computer data for personal gain
-Transfer of money from another person's account
-Identity theft
-Piracy software
Classification of threats
Unintentional
Structural failures
Accidental deletion of data
Natural disasters
Intentional
Hacker attacks
Attacks by disgruntled employees
Spreading of virus (ransomware)
Types of threats
Share passwords with co-workers
Hackers steal or change information
Leave a logged in computer unattended
Physical damage to equipment (coffee spill)