<?xml version="1.0"?>
<rss version="2.0">
   <channel>
      <title>CSC408 by </title>
      <link>https://padlet.com/adinaish11/mbviv4xhpt9d</link>
      <description>For : Madam Sri Yusmawati Binti Yunus</description>
      <language>en-us</language>
      <pubDate>2018-12-21 05:46:09 UTC</pubDate>
      <lastBuildDate>2026-01-25 14:14:27 UTC</lastBuildDate>
      <webMaster>hello@padlet.com</webMaster>
      <image>
         <url>https://padlet-assets.s3.amazonaws.com/icons/Ninja.png</url>
      </image>
      <item>
         <title>CHAPTER 7/8 REVISION</title>
         <author>adinaish11</author>
         <link>https://padlet.com/adinaish11/mbviv4xhpt9d/wish/316343704</link>
         <description><![CDATA[<div><strong>QUESTION 1<br>Briefly explain the following computer crimes.<br><br>a)Sniffer</strong> – an eavesdropping program that monitors information traveling over network. It also enables hackers to steal proprietary information such as e-mail, company files, and many more.</div><div><strong>b)Phishing</strong> – setting up fake Web sites or sending e-mail messages that look like legitimate businesses to ask users for confidential personal data. </div><div><strong>c)Pharming</strong> – redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser.</div><div><strong>d)Spoofing</strong> – misrepresenting oneself by using fake e-mail addresses or masquerading as someone else. It is redirecting Web link to address different from intended one, with site masquerading as intended destination.<br><br><strong>QUESTION 2<br>a) Distinguish the TWO (2) methods for encrypting network traffic on the Web.</strong></div><div><strong>i)Secure Sockets Layer (SSL)</strong> and successor Transport Layer Security (TLS) enables client &amp; server computers to manage encryption &amp; decryption activities; so they communicate with each other during a secure web session. </div><div><strong>ii)Secure Hypertext Transfer Protocol (S-HTTP)</strong> is another protocol used for encrypting data flowing over the Internet, but it is limited to individual messages. <br><br><strong>b) Briefly explain the following terms.<br>i)Cyber warfare</strong> - State-sponsored activity designed to cripple &amp; defeat another state or nation by penetrating its computers or networks for the purposes of causing damage &amp; disruption <br><strong>ii) Computer Forensic</strong> - Scientific collection, examination, authentication, preservation, and analysis of data from computer storage media for use as evidence in court of law and it includes recovery of ambient and hidden data.<br><br><strong>QUESTION 3<br>a)Briefly explain these THREE (3) tools.<br>i) Firewall- </strong>a combination of hardware and software that prevents unauthorized users from accessing private networks which technologies include Static packet filtering, stateful inspection, network adress translation (NAT)<br><strong>ii)Intrusion detection system-</strong> to<strong> </strong>monitors hot spots on corporate networks to detect and deter intruders and examines events as they are happening to discover attacks in progress.<br><strong>iii)Antivirus software-</strong> it checks computers for presence of malware and can often eliminate it as well. It requires continual updating. <br><br><strong>b)Contrast between General Controls and Application Controls.</strong><br><strong>i)General Controls <br></strong>These are policies and procedures that relate to many applications and support the effective functioning of application controls by helping to ensure the continues proper operation of information systems. It governs design, security and use of computer programs and security of data. It basically applies to all computerized applications. Example of the type are implementation controls and software controls.<br><strong>ii)Application Controls<br></strong>Application controls are the controls specific to a particular accounting application. It is a specific control unique to each computerized applications such as payroll or order processing. It includes automated and manual procedures and IPO controls. Example of the type are input and output controls.<br><br><strong>QUESTION 4 <br>Malicious Software programs are referred to as Malware. Describe FOUR (4) types of malicious software.</strong></div><div><strong>i)SQL injection attacks- </strong>hackers submit data to web forms that exploit site's unprotected software and sends rogue SQL query to database.</div><div><strong>ii)Virus</strong> is a rogue software  programs that attaches itself to other software programs or data files in order to be executed</div><div><strong>iii)Worm</strong> is a independent programs that copy themselves from one computer to other computers over a network</div><div><strong>iv)Trojan horses</strong> is a software that appears benign but does something other than expected. it is also a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the certain area on your hard disk. <br><br> <strong>QUESTION 5 <br>a)Nowadays securing information systems has become an important issue in organization to protect itself against computer crime. Define computer crime and provide an appropriate example. <br></strong>Computer crime means any<strong> </strong>violations of criminal law that involves knowledge of computer technology for their perpetration, investigation, or prosecution. Some examples are breaching confidentiality of protected computerized data and accessing a computer system without authority. <br><br><strong>b) Briefly explain THREE (3) reasons why information systems are vulnerable to destruction, error and abuse?</strong><br><br><strong>i)internet vulnerabilities </strong><br>it is because the network is open to anyone and the internet is designed to be an open system and make internal corporate systems more vulnerable to actions from outsiders.<br><strong>ii)wireless security challenges<br></strong>because many wifi networks can be easily penetrated easily by intruders using sniffer program to obtain an address to access the resources of a network without authorization.<br><strong>ii)malware<br></strong>it is represented in the form of a computer virus, a worm and Trojan Horse. Computer viruses and worms can spread rampantly from system to system, clogging computer memory or destroying programs and data<br><br><strong>c) Discuss the THREE (3) most important tools and technology for safeguarding information resources <br>i)Firewall</strong><br>it is combination of hardware and software that prevents unauthorized users from accessing private networks<br><strong>ii)Intrusion detection systems</strong><br>it monitors hot spots on corporate networks to detect and deter intruders. it also examines events as they are happening to discover attacks in progress<br><strong>iii)antivirus and anti-spyware software</strong><br>it checks  computers  for presence of malware and can often eliminate it as well ad it also require continual updating<br><br><strong>QUESTION 6<br>a)Identity management software automates the process of keeping track of all information systems users and their system privileges, assigning each user a unique digital identity for accessing each system. Define authentication.</strong></div><div> </div><div>Authentication is the technique by which a system checks the identification of a end User who wants to access it. Since entrance or access control is normally based on the identification of the user who demands access to a resource. Authentication is essential to effective security. <br><br><strong>b)Four types of authentication technologies are<br>i)Password Based Technologies </strong>which is<strong> </strong>the most common form of authentication. Password may be of any form (String of alphabets, numbers and special characters). This password is necessarily to be known by the entity or the thing or a person that is being authenticated.</div><div><strong>ii)E-Token Based Technologies</strong> which is a small device that develop/generates a new odd/random value every time it is used. This random value becomes the basis for authentication (an alternative to a password). It can be implemented on a USB key fob or on a smart card. Data is protected on the device itself.<br><strong>iii)Biometric Based</strong> Technologies which is an authentication mention to the realization/recognition/identification of humans by their personality/characteristics such as Face, fingerprint, human voice, Retina, Iris pattern of the eye, vein pattern etc. It's used in computer science as a form of realization/recognition and access control. <br><strong>iv)Two Factor Authentication</strong> also known as multi-step verification, which adds another layer of security, supplementing the username and password model with a code that only a specific user has access to (typically sent to something they have immediately to hand). </div><div><br><strong>QUESTION 7 <br>a)Describe ransomware. </strong></div><div><strong> </strong>Ransomware is proliferating on both desktop &amp; mobile devices that try to extort money from users by taking control of their computers or displaying annoying pop-up messages such as CryptoLocker that encrypts an infected computer files, forcing users to pay hundreds of dollars to regain access.<br><strong>b) State how do we prevent and protect our computer from ransomware. </strong><br>i) Make sure one must installed up to date anti-malware or anti virus tool<br>ii) Scan attachments<br>iii) Ask before you open the email<br><strong>c) Discuss the effects of computer crime to an organization.</strong><br><strong>i)  Reputational damage</strong></div><div>Trust is an essential element of customer relationship. Computer crime can damage business' reputation and erode the trust that customers have for the organization. This could potentially lead to loss of customer, loss of sales and reduction in profits</div><div><strong> ii) Legal consequences of computer crime</strong></div><div>Data protection and privacy laws require organizations to manage the security of all personal data they hold whether on the staff or their customers. If this data is accidentally or deliberately compromised, and they have failed to deploy appropriate security measures, they may face fines and regulatory sanctions.</div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-21 05:56:20 UTC</pubDate>
         <guid>https://padlet.com/adinaish11/mbviv4xhpt9d/wish/316343704</guid>
      </item>
      <item>
         <title>CHAPTER 7</title>
         <author>adinaish11</author>
         <link>https://padlet.com/adinaish11/mbviv4xhpt9d/wish/316347854</link>
         <description><![CDATA[<div>Chapter 7: Securing Information Systems.<br><br><strong>1)Security isn’t simply a technology issue, it’s a business issue. Discuss</strong></div><div>IT Security should be seen as a task to minimize risk for an organization. This risk management is not just limited to the IT department or within the office because many people do work a little when we get home even if its just checking their emails. Employees use of unauthorized personal mobile devices can be a threat because it is an unknown object on the IT network. For example, if a user was to save business data onto an unauthorized device and then it was infected by malware, the data could end up in the wrong hands. However, it is not about the IT department forbidding personal devices. If devices are approved then it is safe to have on the network. It’s all about having policies in place and training employees on how to access business data securely.<br><br><strong>2)Who poses the biggest security threat: insiders or outsiders?<br></strong>Insiders poses the greatest security threat as they have access to sensitive information on a regular basis, and may know how that information is protected. If they want to steal it or leak it they can usually do so with far greater ease than outsiders. Furthermore, insiders may also accidentally leak data or otherwise put it at risk which is something that outsiders typically cannot do. Whether by attaching the wrong file to an email being sent, oversharing on social media, losing a laptop or USB drive, or through some other mistake, insiders can put an organization's data at risk with little effort. Policies and technology can help address this risk, but without it, problems are likely to occur<br><br><strong>3)Suppose your business had an e-commerce Web site where it sold goods and accepted credit card payments. Discuss the major security threats to this Web site and their potential impact. What can be done to minimize these threats<br><br></strong>E-commerce involves transactions that take place over the Internet. Therefore, e-commerce utilizes internal networks that interface with the World Wide Web. The nature of this kind of business, introduces internal and external risks to both the website and the business systems to which it is connected to. An E-commerce website can be faced with security threats such as fraud incidents that include credit card fraud, which exposes the website to threat from clients and any other external sources and internal fraud. Such transactions can also be introduced into the system by hackers or Trojan Horses, which resemble the real customers’ transactions. To prevent fraud, Fraud scoring must be used. Other than that, alicious software and computer viruses are some of the biggest security threats to any E-commerce website. Viruses are normally from external sources and can corrupt files on website if introduced into the internal network. Viruses can completely destroy a computer system and disrupt the operations of the website. Trojan horse is malicious software that has the ability to capture the clients’ information, before any encryption software can take effect. They can also impersonate a customer and pass over bad and malicious codes into the server running the website. To avoid these viruses, users should exercise reasonable precautions in order to minimize the introduction and spread of computer viruses. Virus scanning software should be used to check any software downloaded from the Internet or obtained from any questionable sources.</div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-21 07:00:38 UTC</pubDate>
         <guid>https://padlet.com/adinaish11/mbviv4xhpt9d/wish/316347854</guid>
      </item>
      <item>
         <title>CASE STUDY 1 THE LOOMING THREAT OF CYBER</title>
         <author>adinaish11</author>
         <link>https://padlet.com/adinaish11/mbviv4xhpt9d/wish/316349307</link>
         <description><![CDATA[<div><strong>1)Is cyberwarfare a serious problem? Why or why not?</strong><br>It shows that cyberware is a core problem as it is more complex than conventional warfare. Although many potential targets are military a country’s power grids, financial systems, and a communication network can also be crippled. Non-state actors such as terrorist ore criminal groups can mount attacks, and it is often difficult to tell who is responsible. Nations must constantly to be on the alert for new malware and other technologies that could be used against them, and some of these technologies develop by skilled hacker groups are openly for sale to interested government. it can make one of the government destroy in term of their financial or education. it is a serious matter to be look and must been solved because there are a lot of hackers that can obtain others government information.<br><strong>2)What solutions are available for this problem? Do you think they will be effective? Why or why not?<br></strong>This can be prevented prevent states from carrying out cyber attacks and  increase security of the networks which have the highest risk of being attacked. A lot of states have laws regulating computer crimes done by individuals or non-state actors to hopefully prevent any cyber attacks but other states are not bound to any rules yet. They would only have to be aware of the reaction of the attacked country. Computer crimes or rules should therefore be established, maybe in combination with an organization monitoring the cyberspace, with large and serious consequences against states violating these rules. Each state should increase its own security measures against cyber attacks. In order to do this as effectively as possible governments should establish, if not yet done so, an agency whose solely focus is on the cyberspace and cyber attacks. Moreover they should follow the example of the USA and conduct simulations on a regular basis, maybe even in cooperation with other countries, in order to analyse their current security measures. <br><br>Once they have done that, they will have a bigger insight into the strength of their security measures and should try to strengthen the most vulnerable parts. Governments should hence support these companies and organizations financially to protect their network as well as possible. If these gateways are protected well, then a large number of cyber attacks can be stopped and the government, banks, companies and all other entities threatened could handle the few remaining attacks more easily.<strong><br></strong><br></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-21 07:15:40 UTC</pubDate>
         <guid>https://padlet.com/adinaish11/mbviv4xhpt9d/wish/316349307</guid>
      </item>
   </channel>
</rss>
