Security

    avatar
    Created by
    Zama Dlamini

    Cards (36)

    • Principles
      • Policies and procedures must be established to avoid computer waste and mistakes
      • Computer crime is a serious and rapidly growing area of concern requiring management attention
      • Jobs, equipment, and working conditions must be designed to avoid negative health effects
      View source
    • Computer waste

      • Inappropriate use of computer technology and resources
      • Computer-related mistakes: Errors, failures, and other computer problems that make computer output incorrect or not useful, caused mostly by human error
      View source
    • Causes of computer waste

      • Improper management of information systems and resources
      • Discarding old software and computer systems when they still have value
      • Building and maintaining complex systems that are never used to their fullest extent
      • Using corporate time and technology for personal use
      • Spam
      View source
    • Common causes of computer-related mistakes

      • Failure by users to follow proper procedures
      • Unclear expectations and a lack of feedback
      • Program development that contains errors
      • Incorrect data entry by data-entry administrators
      View source
    • Preventing computer-related waste and mistakes

      1. Establish effective policies and procedures
      2. Implement policies and procedures
      3. Monitor policies and procedures
      4. Review policies and procedures
      View source
    • Establishing policies and procedures

      • Establish policies and procedures regarding efficient acquisition, use, and disposal of systems and devices
      • Identify most common types of computer-related mistakes
      • Training programs for individuals and workgroups
      • Manuals and documents on how computer systems are to be maintained and used
      • Approval of certain systems and applications before they are implemented and used
      View source
    • Implementing policies and procedures

      • Implementation of source data automation
      • Use of data editing to ensure data accuracy and completeness
      • Assignment of clear responsibility for data accuracy within each information system
      • Training is very important for acceptance and implementation of policies and procedures
      View source
    • Monitoring policies and procedures

      1. Monitor routine practices and take corrective action if necessary
      2. Implement internal audits to measure actual results against established goals
      View source
    • Reviewing policies and procedures
      1. Do current policies cover existing practices adequately?
      2. Were any problems or opportunities uncovered during monitoring?
      3. Does the organization plan any new activities in the future?
      4. If so, does it need new policies or procedures on who will handle them and what must be done?
      5. Are contingencies and disasters covered?
      View source
    • Computer crime

      • Often defies detection
      • Amount stolen or diverted can be substantial
      • Crime is "clean" and nonviolent
      • Number of IT-related security incidents is increasing dramatically
      • Computer crime is now global
      View source
    • Identity theft

      • Imposter obtains personal identification information such as Social Security or driver's license numbers in order to impersonate someone else
      • To obtain credit, merchandise, and services in the name of the victim
      • To have false credentials
      View source
    • Cyberterrorism
      • Cyberterrorist intimidates or coerces a government or organization to advance his or her political or social objectives by launching computer-based attacks against computers, networks, and information stored on them
      • Homeland Security Department's Information Analysis and Infrastructure Protection Directorate serves as governmental focal point for fighting cyberterrorism
      View source
    • Illegal access and use 1
      • Criminal hacker (also called a cracker) gains unauthorized use or illegal access to computer systems
      • Script kiddie is a cracker who lacks programming knowledge
      • Insider is an employee who comprises corporate systems
      • Malware: software programs that destroy or damage processing
      • Virus: program file capable of attaching to disks or other files and replicating itself repeatedly
      View source
    • Illegal access and use 2

      • Worm: parasitic computer program that can create copies of itself on infected computer or send copies to other computers via a network
      • Trojan horse: program that appears to be useful but purposefully does something user does not expect
      • Logic bomb: type of Trojan horse that executes when specific conditions occur
      • Variant: modified version of a virus that is produced by virus's author or another person
      View source
    • Using antivirus programs

      1. Run and update antivirus software often
      2. Scan all diskettes and CDs before using them
      3. Install software only from a sealed package or secure, well-known website
      4. Follow careful downloading practices
      5. If you detect a virus, take immediate action
      View source
    • Software and Internet software piracy

      • Software is protected by copyright laws
      • Copyright law violations: making additional copies, loading the software onto more than one machine
      • Software piracy: act of illegally duplicating software
      • Internet-based software piracy is the most rapidly expanding type of software piracy and most difficult form to combat
      View source
    • Examples of Internet scams

      • Get-rich-quick schemes
      • "Free" holidays with huge hidden costs
      • Bank fraud
      • Fake telephone lotteries
      • Selling worthless penny stocks
      • Phishing: gaining access to personal information by redirecting user to fake site
      View source
    • Crime prevention by the state

      • Many "computer laws" have been passed by governments, e.g. Data Protection Act and Computer Misuse Act
      View source
    • Crime prevention by organizations

      • Encrypt sensitive data
      • Insist on strong passwords
      • Conduct audits
      • Restrict physical access
      View source
    • Crime prevention by individuals

      • Take steps to protect privacy and prevent computer-related crimes
      View source
    • Privacy
      With information systems, privacy deals with the collection and use or misuse of data
      View source
    • More and more information on all of us is being collected, stored, used, and shared among organizations
      Who owns this information and knowledge?
      View source
    • Privacy at work

      • Rights of workers who want their privacy versus interests of companies that demand to know more about their employees
      • Workers can be closely monitored via computer technology: track every keystroke, determine what workers are doing, estimate breaks
      • Many workers consider monitoring to be dehumanizing
      View source
      1. mail privacy
      • Most countries have a law that permits employers to monitor e-mail sent and received by employees
      • E-mail messages that have been erased from hard disks can be retrieved and used in lawsuits
      View source
    • Privacy and the Internet

      • Huge potential for privacy invasion on the Internet: e-mail messages, visiting Web sites, buying products
      • Platform for Privacy Preferences (P3P): screening technology
      • Potential dangers on social networking Web sites
      View source
    • Individual efforts to protect privacy

      1. Find out what is stored about you in existing databases
      2. Be careful when you share information about yourself
      3. Be proactive to protect your privacy
      4. Safeguard credit card numbers, passwords, and personal information when purchasing from Web sites
      View source
    • The work environment

      • Use of computer-based information systems has changed the workforce: jobs requiring IS literacy have increased, less-skilled positions have decreased
      • Despite increasing productivity and efficiency, computers and information systems can raise other concerns
      View source
    • Health concerns
      • Occupational stress
      • Repetitive stress injury (RSI)
      • Carpal tunnel syndrome (CTS)
      • Emissions from improperly maintained and used equipment
      • Increase in traffic accidents due to drivers using mobile phones, laptops, or other devices while driving
      View source
    • Ergonomics
      Science of designing machines, products, and systems to maximize safety, comfort, and efficiency of people who use them
      View source
    • Steps to reduce RSI and develop a better work environment

      • Taken by employers, individuals, and hardware manufacturing companies
      View source
    • Ethical issues in Information Systems 1

      • Laws do not provide a complete guide to ethical behaviour
      • Many IS-related organizations have codes of ethics for their members, e.g. British Computer Society
      View source
    • ACM's code of ethics and professional conduct
      • Be fair and take action not to discriminate
      • Honor property rights including copyrights and patents
      • Give proper credit for intellectual property
      • Respect the privacy of others
      • Honor confidentiality
      View source
    • Principles
      Fundamental truths or rules that serve as a foundation for behavior or thought; in the context of computer use, principles might include following established procedures to ensure proper use of equipment, adhering to policies that protect against computer crime, and prioritizing ergonomic considerations to promote positive health effects
    • Policies and procedures

      Established rules and guidelines that outline how an organization expects its members to behave; in the context of computer use, policies and procedures might include guidelines for disposing of outdated computer equipment to minimize waste, protocols for reporting and responding to computer crime, and standards for setting up workstations to promote employee health and comfort
    • Computer crime

      Illegal activity that involves a computer or network; examples of computer crime might include hacking or unauthorized access to a computer system, spreading malware or viruses, and using a computer to commit fraud or identity theft
    • Jobs, equipment, and working conditions

      Factors that can impact an employee's health and well-being while using a computer; considerations might include providing ergonomic equipment to promote good posture and reduce strain, encouraging regular breaks and stretching to prevent repetitive stress injuries, and ensuring that workspaces are well-ventilated and free from glare to reduce eye strain and fatigue
    See similar decks