CSC 408 Management Information Systems by Nur Izzaty Hussin

CSC 408 Management Information Systems by Nur Izzaty Hussin https://padlet.com/izzatynur72/csc408revision Chapter 7/8 Securing Information Systems en-us 2018-12-20 15:53:38 UTC 2025-12-01 20:45:55 UTC hello@padlet.com https://padlet-assets.s3.amazonaws.com/icons/Thunder.png Question 2: (A) Distinguish the two (2) methods for encrypting network traffic on the Web. izzatynur72 https://padlet.com/izzatynur72/csc408revision/wish/316199163 a) Symmetric key encryption: Sender and receiver use single encryption key, shared key

b) Public key encryption (more secure): Use two, mathematically related keys which are Public Key and Private Key. Public key is kept in directory while private key is kept secret.

]]> 2018-12-20 15:53:38 UTC https://padlet.com/izzatynur72/csc408revision/wish/316199163 Question 4: Describe four (4) types of malicioussoftware. izzatynur72 https://padlet.com/izzatynur72/csc408revision/wish/316199164 1. Virus: Rogue software program that attaches itself to other software programs of data files in order to be executed.

2. Worm: Independent programs that copy themselves from one computed to other computers over a network.

3. Ransomware: Proliferating on both desktop and mobile devices; tries to extort money from users by taking control of their computers or displaying annoying pop up messages.

4. Spyware: Small programs install themselves surreptitiously on computers to monitor user Web surfing activity and serve up advertising.

]]> 2018-12-20 15:53:38 UTC https://padlet.com/izzatynur72/csc408revision/wish/316199164 Question 3: (B) Contrast between General Controls and Application Controls. izzatynur72 https://padlet.com/izzatynur72/csc408revision/wish/316199165 a. General controls: Govern design, security and use of computer programs and security of data files in general throughout organization’s information technology infrastructure. It applies to all computerized applications. For example is hardware control, computer operation control, data security control and implementation control.

b. Application controls: It specific controls unique to each computerized application, such as payroll or order processing. It includes both automated and manual procedures. It also ensure that only authorized data are completely and accurately processed by that application. For example is input control, processing control and output control.

]]> 2018-12-20 15:53:38 UTC https://padlet.com/izzatynur72/csc408revision/wish/316199165 Question 3: (A) Briefly explain these three (3) tools. izzatynur72 https://padlet.com/izzatynur72/csc408revision/wish/316199166 a. Firewalls: A combination of hardware and software that prevents unauthorized users from accessing private networks. For example is state inspection, application proxy filtering and Network Address Translation (NAT).

b. Intrusion detection system: It monitors hot spots on corporate networks to detect and deter intruders. It examines events as they are happening to discover attacks in progress.

c. Antivirus software: It checks computers for presence of malware and can be often eliminate it as well. It requires continual updating.

]]> 2018-12-20 15:53:38 UTC https://padlet.com/izzatynur72/csc408revision/wish/316199166 Question 2: (B) Briefly explain the following terms. izzatynur72 https://padlet.com/izzatynur72/csc408revision/wish/316205024 i. Cyber warfare: State sponsored activity designed to cripple and defeat another state or nation by penetrating its computers or networks for the purposes of causing damage and disruption. It have become such more widespread, sophisticated and potentially devastating.

ii. Computer Forensic: Scientific collection, examination, authentication, preservation and analysis of data from computer storage media for use as evidence in court of law. It includes recovery of ambient and hidden data. ]]> 2018-12-20 16:10:56 UTC https://padlet.com/izzatynur72/csc408revision/wish/316205024 Question 1: Briefly explain the following computer crimes. izzatynur72 https://padlet.com/izzatynur72/csc408revision/wish/316240985 a) Sniffer: Eavesdropping program that monitors information traveling over network. It enables hackers to steal proprietary information such as email, company files and so on. b) Phishing: Setting up fake Web sites or sending email messages that look like legitimate businesses to ask users for confidential personal data.
c) Pharming: Redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser.
d) Spoofing: Misrepresenting oneself by using fake email address or masquerading as someone else. It is redirecting Web link to address different from intended one, with site masquerading as intended destination. ]]> 2018-12-20 17:52:31 UTC https://padlet.com/izzatynur72/csc408revision/wish/316240985 Question 5: (A) Define computer crime and provide an appropriate example. izzatynur72 https://padlet.com/izzatynur72/csc408revision/wish/316242248 Computer crime is any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation or prosecution. For example is phishing which is setting up fake Web sites or sending email messages that look like legitimate businesses to ask users for confidential personal data.]]> 2018-12-20 17:56:23 UTC https://padlet.com/izzatynur72/csc408revision/wish/316242248 Question 5: (B) Three (3) reasons why information systems are vulnerable to destruction, error and abuse? izzatynur72 https://padlet.com/izzatynur72/csc408revision/wish/316244113 a. Internet vulnerabilities: This is because network are open to anyone. Size of internet means abuses can have wide impact.

b. Wireless security challenges: Radio frequency bands easy to scan.

c. Software vulnerability: Commercial software contains flaws that create security vulnerabilities.

]]> 2018-12-20 18:02:28 UTC https://padlet.com/izzatynur72/csc408revision/wish/316244113 Question 5: (C) Three (3) most important tools and technology for safeguarding information resources. izzatynur72 https://padlet.com/izzatynur72/csc408revision/wish/316244516 a. Firewalls: A combination of hardware and software that prevents unauthorized users from accessing private networks. For example is state inspection, application proxy filtering and Network Address Translation (NAT).

b. Intrusion detection system: It monitors hot spots on corporate networks to detect and deter intruders. It examines events as they are happening to discover attacks in progress.

c. Antivirus and Antispyware system: It checks computers for presence of malware and can be often eliminate it as well. It requires continual updating.

]]> 2018-12-20 18:03:44 UTC https://padlet.com/izzatynur72/csc408revision/wish/316244516 Question 6: (A) Define authentication. izzatynur72 https://padlet.com/izzatynur72/csc408revision/wish/316245620 The process of identifying an individual, usually based in username and password. In security systems, authentication is distinct from authorization, which is the process of giving individual access to system objects based on their identity. ]]> 2018-12-20 18:06:51 UTC https://padlet.com/izzatynur72/csc408revision/wish/316245620 Question 6: (B) Identify and briefly describe four (4) authentication technologies. izzatynur72 https://padlet.com/izzatynur72/csc408revision/wish/316246445 a) Password system: When using passwords, it’s important to use strong passwords. A strong password has a mixture of upper case, lower case, numbers, and special characters.

b) Smart card: A smart card is a credit-card sized card that has an embedded certificate used to identify the holder.

c) Token: A token is a hand-held device with an LED that displays a number and the number is synchronized with an authentication server.

d) Biometric authentication: Some of the biometric methods that can be used are fingerprints, hand geometry, retinal or iris scans, handwriting, and voice analysis.

]]> 2018-12-20 18:09:30 UTC https://padlet.com/izzatynur72/csc408revision/wish/316246445 Question 7: (A) Describe ransomware. izzatynur72 https://padlet.com/izzatynur72/csc408revision/wish/316247120 Proliferating on both desktop and mobile devices; tries to extort money from users by taking control of their computers or displaying annoying pop-up messages.]]> 2018-12-20 18:11:31 UTC https://padlet.com/izzatynur72/csc408revision/wish/316247120 Question 7: (C) Discuss the effects of computer crime to an organization. izzatynur72 https://padlet.com/izzatynur72/csc408revision/wish/316247510 An organization suffers losses due to computer crime when a hacker steals confidential information and future plans of the organization. And he simply sells the information to a competitor organization and they use the information to get benefits.

Wastage of time is another problem because many IT personals spend a lot of time on handling harmful incidents which may be caused due to computer crimes. This time should be spend on the development. And if the organization is attacked by a computer criminal it would cost a lot and much time is needed to recover from the loss.

]]> 2018-12-20 18:12:45 UTC https://padlet.com/izzatynur72/csc408revision/wish/316247510 Part B Question 1: Security isn’t simply a technology issue, it’s a business issue. Discuss. izzatynur72 https://padlet.com/izzatynur72/csc408revision/wish/316264139 1. Security pertains to the measurements that a company takes in order to help prevent intrusions from hackers or other unauthorized individuals.

2. These measurements can be certain policies and procedures that will ultimately aim to eliminate the threats of identity theft or possible damage to a company’s system.

3. Security make sure that a business is running very smoothly and free of any possible external threats.

4. Information can be kept confidential which would ensure great customer service and reliability.

]]> 2018-12-20 19:01:21 UTC https://padlet.com/izzatynur72/csc408revision/wish/316264139 Part B Question 2: Who poses the biggest security threat: insiders or outsiders? izzatynur72 https://padlet.com/izzatynur72/csc408revision/wish/316264700 Insiders, as they have access to sensitive information on a regular basis, and may know how that information is protected. If they want to steal it or leak it they can usually do so with far greater ease than outsiders. Furthermore, insiders may also accidentally leak data or otherwise put it at risk which is something that outsiders typically cannot do. Whether by attaching the wrong file to an email being sent, oversharing on social media, losing a laptop or USB drive, or through some other mistake, insiders can put an organization's data at risk with little effort.]]> 2018-12-20 19:03:00 UTC https://padlet.com/izzatynur72/csc408revision/wish/316264700 Part B: Question 3: Suppose your business had an e-commerce Web site where it sold goods and accepted credit card payments. Discuss the major security threats to this Web site and their potential impact. What can be done to minimize these threats? izzatynur72 https://padlet.com/izzatynur72/csc408revision/wish/316265187 E-commerce websites are vulnerable to fraud from internal and external sources. Fraud incidents include credit card fraud, which exposes the website to threat from clients and any other external sources and internal fraud. Any fraudulent transactions being entered into the system from employees. Such transactions can also be introduced into the system by hackers or Trojan Horses, which resemble the real customers’ transactions. To prevent fraud, Fraud scoring must be used. It is a system of predictive fraud detection models or technologies that payment processors use to identify the highest-risk transactions in card-not-present environment that require additional verification. All card-not-present transactions must be authorized before they are processed. The authorization response will typically be approval or decline.

Malicious software and computer viruses are some of the biggest security threats to any E-commerce website. Viruses are normally from external sources and can corrupt files on website if introduced into the internal network. Viruses can completely destroy a computer system and disrupt the operations of the website. Trojan horse is malicious software that has the ability to capture the clients’ information, before any encryption software can take effect. They can also impersonate a customer and pass over bad and malicious codes into the server running the website.to avoid these viruses, Users should exercise reasonable precautions in order to minimize the introduction and spread of computer viruses onto the Rhodes networks. Virus scanning software should be used to check any software downloaded from the Internet or obtained from any questionable source. Virus protection software has to be installed on the computer; check frequently for virus signature updates; and actually scan the files on the PC.

]]> 2018-12-20 19:04:26 UTC https://padlet.com/izzatynur72/csc408revision/wish/316265187 Question 7: (B) State how do we prevent and protect our computer from ransomware. izzatynur72 https://padlet.com/izzatynur72/csc408revision/wish/316265678 Install Antivirus and Antispyware system. It checks computers for presence of malware and can be often eliminate it as well. It requires continual updating.]]> 2018-12-20 19:05:47 UTC https://padlet.com/izzatynur72/csc408revision/wish/316265678 Case Study: Question 2: What solutions are available for this problem? Do you think they will be effective? Why or why not? izzatynur72 https://padlet.com/izzatynur72/csc408revision/wish/316270955 It can be prevented by increasing security of the networks which have the highest risked of being attacked. Most states have laws regulating computer crimes done by individuals or non-state actors to hopefully prevent any cyber. Besides definitions of cyber warfare, an internationally agreed list of computer crimes or rules should therefore be established, maybe in combination with an organization monitoring the cyberspace, with large and serious consequences against states violating these rules. Each state should increase its own security measures against cyber attacks. In order to do this as effectively as possible governments should establish, if not yet done so, an agency whose solely focus is on the cyberspace and cyber attacks.. It is effective because once they have done that, they will have a bigger insight into the strength of their security measures and should try to strengthen the most vulnerable parts. It is important to notice, that many internet networks are all connected to a big network which is like the gateway to the whole internet. These are in most cases not managed by the governments but by large technological companies or universities. Governments should hence support these companies and organizations financially to protect their network as well as possible.

]]> 2018-12-20 19:20:18 UTC https://padlet.com/izzatynur72/csc408revision/wish/316270955 Case Study: Question 1: Is cyberwarfare a serious problem? Why or why not? izzatynur72 https://padlet.com/izzatynur72/csc408revision/wish/316289112 Cyberwarfare is a serious problem that should be addressed. With technology being

utilized world wide to control missiles and warfare, having a cyber threat is as serious if

not more serious than a physical threat. Cyberwarfare can also act as a catalyst and

induce an all out strike of terror on other countries

]]> 2018-12-20 20:25:20 UTC https://padlet.com/izzatynur72/csc408revision/wish/316289112