<?xml version="1.0"?>
<rss version="2.0">
   <channel>
      <title>CSC408 REVISION by Siti Aisyah Azman</title>
      <link>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6</link>
      <description>FOR : MADAM YUSMAWATI BINTI YUNUS</description>
      <language>en-us</language>
      <pubDate>2018-12-19 05:37:41 UTC</pubDate>
      <lastBuildDate>2025-06-21 12:19:28 UTC</lastBuildDate>
      <webMaster>hello@padlet.com</webMaster>
      <image>
         <url></url>
      </image>
      <item>
         <title>CSC 408 Management Information Systems</title>
         <author>azmansitiaisyah</author>
         <link>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315769742</link>
         <description><![CDATA[<div><strong><mark>Chapter 7/8 Securing Information Systems</mark></strong></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-19 05:44:17 UTC</pubDate>
         <guid>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315769742</guid>
      </item>
      <item>
         <title>QUESTION 1</title>
         <author>azmansitiaisyah</author>
         <link>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315770015</link>
         <description><![CDATA[<div>A) <mark>Sniffer</mark>-  It is eavesdropping program that monitors information traveling over networks. it also enables hackers to steal proprietary information such as email<br><br>B)<mark>Phishing-</mark> Setting up fake Web sites or sending e-mails messages that look like legitimate businesses to ask users for confidential personal data<br><br>C)<mark>Pharming</mark>- Redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser<br><br>D)<mark>Spoofing</mark>- it is misrepresenting oneself by using fake e-mails addresses or masquerading else Redirecting Web link to address different from intended one, with site masquerading as intended destination.</div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-19 05:49:59 UTC</pubDate>
         <guid>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315770015</guid>
      </item>
      <item>
         <title>QUESTION 2</title>
         <author>azmansitiaisyah</author>
         <link>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315771311</link>
         <description><![CDATA[<div> a) Distinguish the TWO (2) methods for encrypting network traffic on the Web. <br><br>i) <mark>Sockets Layer (SSL) and successor Transport Layer Security (TLS)</mark><br>- It enable client and server cSecure omputers to manage encryption and decryption activities so they can communicate with each other during a secure web session<br><br>ii)<mark>Secure Hypertext Transfer Protocol (S-HTTP)</mark><br>- It used for encrypt data flowing over the internet but it is limited to individual messages whereas SSL and TLS are designed to establish a secure connection between 2 computers<br><br>b)  Briefly explain the following terms<br><br> i. <mark>Cyber warfare</mark><br>- State- sponsored activity designed to cripple and defeat another state or nation by penetrating its computers or networks for the purposes of causing damage and disruption. it also become more widespread, sophisticated and potentially devastating.<br><br> ii. <mark>Computer Forensic </mark><br>- it is scientific collection, examination, authentication, preservation, and analysis of data from computer storage media for use as evidence in court of law. it also include recovery of ambient and hidden data<br><br></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-19 06:10:36 UTC</pubDate>
         <guid>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315771311</guid>
      </item>
      <item>
         <title>QUESTION 3</title>
         <author>azmansitiaisyah</author>
         <link>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315772965</link>
         <description><![CDATA[<div> a) Without protection against malware and intruders, connecting to the Internet could be very dangerous. Firewalls, intrusion detection system and antivirus software have become the tools to overcome this problem. Briefly explain these THREE (3) tools.<br><br>- <mark>Firewalls</mark><br>It is combination of hardware and software that prevents unauthorized users from accessing private networks. the technologies include Static packet filtering, Stateful inspection, NAT, Application proxy filtering.<br><br>-<mark>Intrusion detection system</mark><br>It monitors hot spots on corporate networks to detect and deter intruders. Examine events as they are happening to discover attacks in progress<br><br>-<mark>Antivirus software</mark><br>Checks computers for presence of malware and can often eliminate it as well. it also requires continual updating<br><br><br> b) Information systems controls is one of the components of an organizational framework for security and control. Information systems controls consist of two - general and application control. A company must know how and where to deploy security tools and security personnel must know what controls a company must have in place to protect its information system. Contrast between General Controls and Application Controls. <br><br></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-19 06:28:08 UTC</pubDate>
         <guid>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315772965</guid>
      </item>
      <item>
         <title></title>
         <author>azmansitiaisyah</author>
         <link>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315775891</link>
         <description><![CDATA[]]></description>
         <enclosure url="https://padlet-uploads.storage.googleapis.com/343775920/541798ac321de91c5e86503c028dcefd/ss_csc.png" />
         <pubDate>2018-12-19 07:02:45 UTC</pubDate>
         <guid>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315775891</guid>
      </item>
      <item>
         <title>QUESTION 4</title>
         <author>azmansitiaisyah</author>
         <link>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315776031</link>
         <description><![CDATA[<div> Malicious Software programs are referred to as Malware. Describe FOUR (4) types of malicious software. <br>i) <mark>Viruses</mark><br>- Rogue software program that attaches itself to other software programs or data files in order to be executed<br>ii)<mark> Worms</mark><br>- Independent programs that copy themselves from one computer to other computers over a network<br>iii) <mark>Trojan Horses</mark><br>-Software that appears benign but does something other than expected and example is Zeus Trojan which runs on computer with MS Windows OS and used to steal login credentials for baking<br>iv) <mark>Spyware</mark><br>-Small programs install themselves surreptitiously on computers to monitor users Web surfing activity and serve up advertising.<br><br></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-19 07:04:26 UTC</pubDate>
         <guid>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315776031</guid>
      </item>
      <item>
         <title>QUESTION 5</title>
         <author>azmansitiaisyah</author>
         <link>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315777350</link>
         <description><![CDATA[<div> a) Nowadays securing information systems has become an important issue in organization to protect itself against computer crime. Define computer crime and provide an appropriate example. (3 marks)<br>- Computer crime is any violation criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution. one of example is accessing computer system without authority permission<br><br> b) Briefly explain THREE (3) reasons why information systems are vulnerable to destruction, error and abuse? (6 marks)<br><br><mark>i)internet vulnerabilities</mark><br>it is because the network is open to anyone and the internet is designed to be an open system and make internal corporate systems more vulnerable to actions from outsiders.<br><br><mark>ii) malware</mark><br>it is represented in the form of a computer virus, a worm and Trojan Horse. Computer viruses and worms can spread rampantly from system to system, clogging computer memory or destroying programs and data.<br><br><mark>iii)wireless security challanges</mark><br>because many wifi networks can be easily penetrated easily by intruders using sniffer program to obtain an address to access the resources of a network without authorization.<br><br></div><div> c) Discuss the THREE (3) most important tools and technology for safeguarding information resources <br><br>i)<mark>Firewall</mark><br>it is combination of hardware and software that prevents unauthorized users from accessing private networks<br><br>ii)<mark>Intrusion detection systems</mark><br>it monitors hot spots on corporate networks to detect and deter intruders. it also examines events as they are happening to discover attacks in progress<br><br>iii)<mark>antivirus and antispyware software</mark><br>it checks  computers  for presence of malware and can often eliminate it as well ad it also require continual updating</div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-19 07:17:11 UTC</pubDate>
         <guid>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315777350</guid>
      </item>
      <item>
         <title>QUESTION 6</title>
         <author>azmansitiaisyah</author>
         <link>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315777532</link>
         <description><![CDATA[<div> a) Identity management software automates the process of keeping track of all information systems users and their system privileges, assigning each user a unique digital identity for accessing each system.<br><br> Define authentication. (2 marks)<br>it is a process of recognizing a user's identity.it is the process or action of verifying the identity of a user or process. a common example is entering username and password when you log in to a website.<br><br> b) Identify and briefly describe FOUR (4) authentication technologies. (8 marks) <br><br>i) <mark>Password Based Technologies</mark><strong><mark> <br></mark></strong><strong> </strong>the most common form of authentication. Password may be of any form (String of alphabets, numbers and special characters). This password is necessarily to be known by the entity or the thing or a person that is being authenticated.<br><br>ii) <mark>E-Token Based Technologies</mark><br>which is a small device that develop/generates a new odd/random value every time it is used. This random value becomes the basis for authentication (an alternative to a password). It can be implemented on a USB key fob or on a smart card. Data is protected on the device itself.<br><br>iii)<mark>Biometric Based Technologies </mark><br> an authentication mention to the realization/recognition/identification of humans by their personality/characteristics such as Face, fingerprint, human voice, Retina, Iris pattern of the eye, vein pattern etc. It's used in computer science as a form of realization/recognition and access control. <br><br>iv)<mark> Two Factor Authentication </mark><br>also known as multi-step verification, which adds another layer of security, supplementing the username and password model with a code that only a specific user has access to (typically sent to something they have immediately to hand). </div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-19 07:18:40 UTC</pubDate>
         <guid>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315777532</guid>
      </item>
      <item>
         <title>QUESTION 7</title>
         <author>azmansitiaisyah</author>
         <link>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315777687</link>
         <description><![CDATA[<div> a) Describe ransomware. (3 marks)<br><br>Ransomware is proliferating on both desktop &amp; mobile devices that try to extort money from users by taking control of their computers or displaying annoying pop-up messages such as CryptoLocker that encrypts an infected computer files, forcing users to pay hundreds of dollars to regain access.<br><br> b) State how do we prevent and protect our computer from ransomware. (3 marks)<br><br>i) Make sure one must installed up to date anti-malware or anti virus tool<br>ii) Scan attachments<br>iii) Ask before you open the email<br><br> c) Discuss the effects of computer crime to an organization. (4 marks) <br>i)<mark>  Reputational damage</mark></div><div>Trust is an essential element of customer relationship. Computer crime can damage business' reputation and erode the trust that customers have for the organization. This could potentially lead to loss of customer, loss of sales and reduction in profits</div><div>The effect of reputational damage can even impact on suppliers, or affect relationships with partners, investors and other third parties vested in the business.</div><div> <strong><br></strong><mark>ii) Legal consequences of computer crime</mark></div><div>Data protection and privacy laws require organizations to manage the security of all personal data they hold whether on the staff or their customers. If this data is accidentally or deliberately compromised, and they have failed to deploy appropriate security measures, they may face fines and regulatory sanctions.</div><div><strong><br></strong><br></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-19 07:19:45 UTC</pubDate>
         <guid>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315777687</guid>
      </item>
      <item>
         <title>PART B</title>
         <author>azmansitiaisyah</author>
         <link>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315786753</link>
         <description><![CDATA[<div>1. <strong>Security isn’t simply a technology issue, it’s a business issue. Discuss.</strong><br><br>Security is no longer just a technology issue, it is also a business issue as well because majority of the companies out there today rely on computer systems to keep their employees information secure as well as their customers’ information, sales transactions, and the details on their vendors, their success is dependent on the secureness of this information. For a non-technologies business especially, they need to understand enough about security that they can take ownership of security approval processes. Ultimately it is because the business themselves that will bear the consequences of a poorly secured system. It is difficult to say that a case of internal fraud or financial misstatement is a purely IT issue. However, such incidents are preventable through a well-defined security structures allocated to the appropriate business users. Since the business bears the risk it is logical that they should be fully engaged in the design of the solutions to prevent the occurrence of such risks. Without adequate understanding and design of the computer security structures, users are not able to use the functions that they require in order to run the business processes. If incorrectly designed, the same security structures will allow users access data and functions that they should not be using including system administration functions, access to sensitive personal data or commercially sensitive data such as sales figures. <br><br></div><div>2. <strong>Who poses the biggest security threat: insiders or outsiders?</strong><br><br>Insiders is the person who poses the biggest security threat because the insiders have the knowledge about the security of an organization. one of the things that the insiders to is hacking the security because they know better the flow of the organization compared to the outsiders. this is because the insiders have already entrusted with authorized access to at least some systems and applications on a corporate network. It can be very hard for those in IT to decipher whether he’s just performing his regular job tasks, or carrying out something sinister. An angry employee who already has access to company files could be secretly leaking documents to competitors, or he could be sabotaging systems or corrupting data because he is miffed at his employer.<br><br></div><div>3. <strong>Suppose your business had an e-commerce Web site where it sold goods and accepted credit card payments. Discuss the major security threats to this Web site and their potential impact. What can be done to minimize these threats?<br><br></strong> Malware which is the malicious software that attackers insert into the web files or pages once they have gained access to the site. Malware may be found on an individual’s computer if they have themselves fallen victim to a phishing attack or otherwise been compromised, or it may be inserted directly onto the website after a successful SQL injection or if administrative account access has been granted to a harmful entity. As with software, malware can perform an extremely wide range of activities, from turning the computer into a botnet that can be part of a DDoS attack, to stealing credit card and account information from the website users. One type of malware that targeted Magento site<strong> </strong>was able to take credit card information and store it in images so that the attacker could easily access it without flags being raised. In order to minimize these threats, ones need to update the computer operating systems and patch regularly in order to defend against malware and phishing. This will help prevent vulnerabilities from being exploited and help detect and block threats from entering the system. </div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-19 08:14:08 UTC</pubDate>
         <guid>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315786753</guid>
      </item>
      <item>
         <title>CASE STUDY</title>
         <author>azmansitiaisyah</author>
         <link>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315787138</link>
         <description><![CDATA[<div><strong>1. Is cyberwarfare a serious problem? Why or why not?<br><br></strong>Yes, cyberwarfare is a serious problem because Cyberwarfare is more complex than conventional warfare. Although many potential targets are military a country’s power grids, financial systems, and a communication network can also be crippled. Non-state actors such as terrorist ore criminal groups can mount attacks, and it is often difficult to tell who is responsible. Nations must constantly to be on the alert for new malware and other technologies that could be used against them, and some of these technologies develop by skilled hacker groups are openly for sale to interested government. it can make one of the government destroy in term of their financial or education. it is a serious matter to be look and must been solved because there are a lot of hackers that can obtain others government information.</div><div><br></div><div><strong>2. What solutions are available for this problem? Do you think they will be effective? Why or why not?</strong></div><div>the solution that available for this problem is by working through the existing global security framework. NATO allies, for example, could collaborate by sharing forensic intelligence from cyberattacks and building better detection and response techniques. Separately, countries could create international working groups to discuss how to react to attacks and what to do in the days or weeks before we know where they came from. It’s unrealistic to expect that any single country will unilaterally disarm its cyberarsenals while the threats remains. But governments could begin to discuss what constitutes a reasonable response when one state is attacked by another in cyberspace.<br><br>The process needs to be transparent; an effective framework to govern international behavior cannot be created or administered in secret. Since most cyberwar is conducted covertly, governments avoid any public acknowledgment of their own abilities and shy away from engaging in any sort of “cyberdiplomacy.” Statecraft conducted in secret fails to create public norms for deterrence.</div><div><strong><br><br></strong><br></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-19 08:16:01 UTC</pubDate>
         <guid>https://padlet.com/azmansitiaisyah/ahql3mqfr2e6/wish/315787138</guid>
      </item>
   </channel>
</rss>
