Information Systems Security & Dark Side of IT and Digital Wellness Flashcards
Black hat hackers
use their hacking skills to gain unauthorized access to computer systems or networks for malicious purposes
Botnets
network of computers that are infected with malware and controlled by a single entity to carry out various activities such as stealing personal information, spamming, or launching DDoS attacks
Distributed denial of service (DDoS) attack
Multiple compromised systems are used to flood a targeted website or server with traffic, making it inaccessible to legitimate users
Encryption
scrambling/encoding data or messages in such a way that only authorized parties can read it
Firewalls
software or hardware-based network security system that monitors and controls incoming and outgoing network traffic based on predefined security rules
Malware
type of software designed to harm or exploit computer systems -> viruses, worms, Trojans, and spyware
Phishing
attempt to deceive individuals into providing personal or sensitive information by posing as a trustworthy entity via email, text message, or other forms of communication
Social engineering
art of manipulating people into revealing sensitive information or performing actions that are not in their best interest, often through deception or coercion
Spyware
type of malware that secretly gathers personal information from a computer system without the user’s knowledge or consent
White hat hackers
use their hacking skills for ethical purposes (hacktivist)
How can an employee or a vendor be the biggest threat to information security?
o Insiders can do greater harm
- Easier access
- Greater window of opportunity
- Through legitimate access -> go undetected by Perimeter-based security solutions
- detecting inside attacks -> harder and becoming more frequent
o Dramatic increase in the size and complexity of IT
- Cloud-based services (providers/servers)
- outsourced activity
- dark websites/cybercrime as a service
- employees using personal devices for work (BYOD)
- Millions of malware infected devices
o Explosion of social media
- Allows for leaks
- opportunities to recruit insiders (phishing/social engineering)
- external attacks may involve insiders (un)knowingly
What are the main motivations behind the inside cyber threat?
o Financial gain
o revenge
o desire for recognition and power
o response to blackmail loyalty to others
o political believes
o collaboration with organised crime
What are the key steps to safeguard the inside cyber attack?
Adopt a robust insider policy
Raise awareness
Look out for threats when hiring
Employ rigorous subcontracting processes
Monitor
(See Word Sheet)
What is technostress? What are its main effects?
o IT induced stress
- feel forced to rapidly multitask because info streams come in real time
- Remote work/flextime
- Short tech cycles -> constantly changing systems
- nearly 3/3 of employees worry that refraining from constant connectivity puts them at a disadvantage
- complex user interface that does not naturally fit with task workflows
- more stress when organisations embrace IT relentlessly & enthusiastically
- addiction to technology -> restriction hard with BYOD
What is misuse of IT?
o Inside attacks of authorised users -> malicious user behaviour
o unsanctioned behaviour (shadow IT/accessing unauthorised areas)
o naïve user interactions -> opening unknown email attachment
-> motivation to become more effective/to help others
