Lecture 9: Security & Employers and Employees Flashcards
What is Creesseys hypothesis?
People in trusted positions can also become trust violators.
What are some Motives for Committing crime?
- Monetary gain - hacking financial institutions, identity theft, trade secrets
- strong emotions - love or despair (cyber stalking), hatred, dissatisfaction (customers), disgrunted employees, feuds
- Political or religious beliefs - crimes against minorities governments and society
- Sexual impulses - pornography, grooming, paedophillia
- Boredom or the desire for a “little fun”
What are some characteristics of cyber criminals?
- Some measure of technical knowledge
- Disregard the law or rationalisations about why particular laws are invalids or should not apply to them
- High tolerance for risk or need for “thrill factor”
- “Control freak” nature, enjoyment in manipulating or “outsmarting” others
What is IS audit?
IS auditing is about ensuring controls are present and assets are safeguarded, maintaned and operating effectively to achieve organisations objectives.
What is Control?
Defined as:
- policies
- procedures
- practices &
- organisational structures
designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented, detected or corrected.
What is controls 3 classifications?
- Preventive - deter problems before they arise
- Detective - detect and report the occurrence of an error, omission or malicious act
- Corrective - minimise the impact of a threat, remedy problems discovered by corrective controls and identify the cause of the problem.
What is organisational control?
The process of establishing and maintaining authority over and throughout an enterprise.
Are there written job descriptions for all jobs within the IT department?
Need a strategic plan
What are code maintaince and development?
- Are there written standards for program maintainance?
- Are changes to programs initiated by written request from user department and approved?
- Are their tests before system acceptance?
- are all program changes properly documented?
What are software purchases?
- Are there procedures addressing controls over selection, testing and acceptance of packaged software?
- is adequate documentation maintained for all software purchased?
- Are vendor warranties still in force?
What are access controls?
- Are there procedures or rules and regulations in place to ensure removal/termination of employees passwords and other authorisations?
- is application level security violations logged?
- Do termintals automatically log off after a set period of time?
- are keys, locks, cards or other physical devices used to restrict access to only authorised users?
List other controls?
- Visitor control
- Physical access
- Backup
- Disaster Recovery
- Personnel policies - training, ID cards
- Power suppy protection
What is the difference between wages and salary?
Wages:
- paid hourly.
- over time, weekends are a higher rate
- work roster is irregular
Salary
- Paid weekly, forthnightly, monthly
- Work is considered regular
- may contain non-cash components
what are other distinctions of employees?
- full time, part time
- ongoing/permanent, fixed-time contract
- part-time, casual
- salary, commision
- salary, bonuses (cash, shares)
- award, award-free
Employee or Contractor?
What is best for you?
Though career, financial, personal point of view?
Control Over Work
- E: can direct and control work
- C:has discretion over how to do work, unless specified in contract
Independence
- E: employees work is integral to the firm
- C: contractors work is complementary
Payment:
- E: based on the period of time worked, “piece rates” or commision
- C: depends on the performance of the contracted service
Commercial Risk:
- E: generally bears no legal risks in respect of work
- C: bears legal risk in respect to work, have potential to make profit or loss, must fix any faulty work at their own expense
Ability to delegate:
- E: performs the work personally and generally cannot subcontract the work to someone else
- C: unless otherwise specified in the contract. they can subcontract or delegate work
Tools and Equipments:
- E: usually provided with tools (ipones) etc…unless specified not to
- C:provides their own tools
Total Earnings package:
- E: will receive superannouation, annual leave, sick leave and long service leave in accordance with the award under which their employment is regulated
- C: will recieve a higher rate of pay to compensate for these additional payments to employees (superannuation)
What are the 8 steps of motivating employees?
- Focus
- Personalities
- Communication
- Leadership
- Expectations
- Cost
- Environment
- Emotions
