Managing IS/IT Security Behaviour Flashcards
Identity theft
Identity theft is a form of stealing someone’s identity in which someone pretends to be someone else by assuming that person’s identity, typically in order to access resources or obtain credit and other benefits in that person’s name. The victim can suffer adverse consequences if they are held accountable for the perpetrator’s actions.
Internet troll
Someone who posts inflammatory, extraneous, or off-topic messages in an online community, such as a forum, chat room, or blog, with the primary intent of provoking readers into an emotional response or of otherwise disrupting normal on-topic discussion.
commercial computer security breach?
A commercial computer security breach is a security incident in which sensitive, protected or confidential data/information is copied, transmitted, viewed, stolen or used by an individual unauthorised to do so. This may involve financial information such as credit card or bank details.
Two types of security control
Physical
Logical
Physical
Physical security control (e.g. restrict access to the computer room, locks, alarms, guards)
Logical
Logical security control (e.g. control access to data through passwords, control access to networks with firewalls, protect data from malicious damage with virus protection)
How can transactions, that must be secure, be conducted over an insecure network like the Internet?
Authentication Authorisation Verification Encryption Malicious Attacks
Authentication
The process by which a person accessing a system proves who they are
A strong authentication protocol usually requires two means of identification (e.g. password + security token)
Good password practice
Use passwords that are:
Easy to remember BUT Hard to guess
Security token
e.g. A small electronic device that displays numbers on a small screen (e-banking devices)
The number changes periodically, the sequence of which is only known to the authenticating server
These may also be combined with biometric data (e.g. the user’s fingerprint)
Authorisation
Processes whereby a person gains access only to the resources they are entitled to use:
Can be achieved with:
Access control lists
Computer system permissions
Verification
Processes to ensure data is not changed without authorisation
Encryption
Protection against unauthorised invasion/interception
Encryption systems
Symmetric (Shared) Key Encryption
e.g. The Advance Encryption Standard (AES)
Public Key Encryption
Private key decryption
Malicious attacks
Denial of service
Malicious damage (Viruses, hackers)
Denial of service
Activities that deny authenticated users access to resources to which they should have authorised access
Malicious damage
Virus: A program that infects other programs and is designed to cause damage to the computer system when activated
Hacker: A person who spends time learning and using computer systems with ill intent
Protection:
Virus protection systems
Network firewalls
Viruses
A Computer Virus is a man-made program designed
to damage your data and software
reproduce itself, slowly growing and spreading, usually without the knowledge of the computer user
Protecting against viruses
Backup data on a regular basis
Increase use of write-protect functionality on external storage devices
Avoid use of software/computer games from bulletin board services
Be cautious about who you share software with
MOST IMPORTANT: Install anti-viral software (and update this on a regular basis)
Most computer security systems are based on a two-step process – authentication and authorisation. Which of the following statements best explains the difference between Authentication and Authorization?
The first stage is authentication, which ensures that a user is who he or she claims to be. The second stage is authorization, which allows the user access to various resources based on their identity
Recovery Measures: Backup
What should you back up? Data always Software sometimes Back up generations of files Backups should be regular and automated Tape, Disk/USB Drive, Another computer File server, Zip disk, Removable hard disks Back up off-site
How to formulate an organisational security plan
Identify the threats to which your organisation is exposed IDENTIFY
Assess the probability of each particular threat occurring, and the consequences which would result from its occurrence PROBABILITY
Select countermeasures, usually on the basis of cost-effectiveness COUNTERMEASURES
Draw-up contingency measures to deal with events which do occur CONTINGENCY
Monitor, and periodically review, these arrangements
MONITOR
How does identity theft occur
Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.