Information Systems Security Chapter 8

Questions and Answers

What is the main function of an Intrusion Detection System (IDS) in network security?

An IDS monitors hotspots on corporate networks to detect and deter intruders.

Describe the difference between symmetric key encryption and public key encryption.

Symmetric key encryption uses a single shared key for both sender and receiver, while public key encryption uses two related keys: a public key for encryption and a private key for decryption.

Why is it important to continually update antivirus and antispyware software?

Continual updates are necessary to protect against new strains of malware and ensure effective detection and elimination.

What security advantages does the WPA2 specification offer over WEP?

WPA2 provides stronger security standards with continually changing, longer encryption keys compared to the static keys of WEP.

What are the two main protocols used for encryption in network communications?

The two main protocols are Secure Sockets Layer (SSL) and Transport Layer Security (TLS).

What is the primary function of a firewall in safeguarding information systems?

To prevent unauthorized users from accessing private networks.

How does two-factor authentication enhance security in information systems?

It requires two forms of verification before granting access to a system.

What role does identity management software play in network security?

It automates the tracking of users and their privileges within the system.

Describe the purpose of intrusion detection systems (IDS) in network security.

Intrusion detection systems monitor network traffic for suspicious activities.

What is Public Key Infrastructure (PKI) and its significance in encryption?

PKI is a framework that manages digital keys and certificates for secure communication.

What are encryption methods and why are they important in data security?

Encryption methods convert data into unreadable formats to protect it.

What are Network Security Protocols and their function in communication security?

Network security protocols are rules that govern the secure transmission of data over networks.

Explain the concept of stateful inspection in firewall technology.

Stateful inspection monitors the state of active connections and determines which network packets to allow or block.

What are the primary risks associated with wireless security that make it easier to breach networks?

Radio frequency bands are easy to scan, leading to unauthorized detection of SSIDs and the potential for war driving.

How do worms and viruses generally spread in a networked environment?

Worms and viruses spread through downloads, drive-by downloads, and email attachments.

Define cybervandalism and give an example of how it can manifest in a digital environment.

Cybervandalism is the intentional disruption or destruction of a website or corporate information system, such as defacing a webpage.

What are denial-of-service (DoS) attacks intended to achieve?

Denial-of-service attacks aim to make a system or network unavailable to its intended users by overwhelming it with requests.

What is phishing and how does it relate to identity theft?

Phishing is a fraudulent attempt to obtain sensitive information by masquerading as a trustworthy entity, which can lead to identity theft.

Explain the role of a firewall in network security.

A firewall acts as a barrier between a trusted internal network and untrusted external networks, controlling incoming and outgoing traffic.

In the context of encryption methods, what is the significance of public key infrastructure (PKI)?

Public key infrastructure enables secure data exchange by using pairs of cryptographic keys, enhancing authentication and data integrity.

Study Notes

Chapter 8: Securing Information Systems

• This chapter covers the security and control of information systems.
• Information systems are vulnerable to destruction, error, and abuse.
• Security includes policies, procedures, and measures to prevent unauthorized access, alteration, theft, or physical damage to information systems.
• Controls are methods, policies, and organizational procedures that ensure asset safety, accuracy, and reliability of accounting records, and adherence to management standards.
• System vulnerabilities include accessibility of networks, hardware problems (breakdowns, configuration errors), software problems (programming errors, installation errors), disasters, use of networks/computers outside the firm's control, and loss/theft of portable devices.
• Contemporary security challenges include unauthorized access, tapping, sniffing, message alteration, theft/fraud, radiation, hacking, malware, theft of data, theft/fraud, copying data, vandalism, denial-of-service attacks, hardware failure, and software failure.
• Internet vulnerabilities include an open network to anyone, the size of the Internet allowing wide-ranging abuses, use of fixed addresses with cable/DSL modems creating targets for hackers, unencrypted voice over IP (VOIP), email, P2P, IM interception, attachments with malicious software, and transmitting trade secrets.
• Wireless security challenges include easy-to-scan radio frequency bands, service set identifiers (SSIDs) broadcasting multiple times for identification by sniffer programs, war-driving, eavesdropping, and rogue access points.
• Malicious software includes malware, viruses, worms, Trojan horses, and spyware. Worms and viruses spread through downloads, drive-by downloads, email, and IM attachments.
• Other malicious software includes Trojan horses, SQL injection attacks, ransomware, spyware (including keyloggers and other types of reset/redirecting software), potentially slowing computer performance.
• Hackers and crackers include activities such as system intrusion, system damage, cybervandalism (intentional disruption, defacement, destruction of websites or corporate systems), spoofing, and sniffing. Other forms of cybercrime include denial-of-service attacks (DoS), distributed denial-of-service (DDoS) attacks, botnets, spam, computer crime (computer as target or instrument), identity theft (including phishing, evil twins, and pharming), click fraud, cyberterrorism, and cyber warfare.
• Internal threats include security threats originating within an organization, inside knowledge, sloppy security procedures (including user lack of knowledge), and social engineering.
• Software vulnerabilities include commercial software flaws, bugs, zero defect challenges, zero-day vulnerabilities, and the need for patches (small software pieces to repair flaws) and patch management.
• Business value of security and control includes failed computer systems leading to loss of business function and increased vulnerability of firms to data breaches. Breaches impact confidential data, trade secrets, and new products/strategies.
• Legal and regulatory requirements for electronic records management include HIPAA, Gramm-Leach-Bliley Act, and Sarbanes-Oxley Act.
• Electronic evidence encompasses evidence for white-collar crimes often in digital form, proper controls saving time and money with legal requests, computer forensics (scientific collection, examination, authentication, preservation, analysis of data from computer media as legal evidence; recovery of ambient data).
• Information systems controls include automated or manual controls, general controls (governing design, security, and use of computer programs and security of data files within an organization; software, hardware, computer operations, data security, and system development; administrative controls), and application controls (input, processing, output controls unique to computerized applications).
• Risk assessment determines the level of risk if a specific activity/process isn't properly controlled. It includes types of threats, the probability of occurrence, potential losses, value of threats, and expected annual loss.
• Security policy ranks information risks, identifies security goals, and defines mechanisms to achieve these goals, drives other policies (acceptable use policy [AUP]), and defines acceptable use of information resources. It also involves identity management (identifying valid users and controlling access).
• Access rules for a personnel system include security profiles, detailed user information, codes related to each user, data fields, restrictions, expected access allowed for each profile.
• Disaster recovery planning devises plans for restoration of disrupted services and focuses on restoring business operations post-disaster. This includes business impact analysis determining outage impact and management deciding which systems to restore first.
• The role of auditing examines the firm's overall security environment, controls governing information systems, reviews technologies, procedures, documentation, and training, simulating disaster to test response, ranks control weaknesses, and assesses financial/organizational threat impact.

Tools and Technologies for Safeguarding Information Systems

• Identity management software automates tracking of users, privileges.
• Authentication mechanisms like passwords, tokens, smart cards, biometric authentication, and two-factor authentication.
• Firewalls using hardware/software combination to prevent unauthorized users, packet filtering, stateful inspection, network address translation (NAT), and application proxy filtering.
• Intrusion detection systems monitor corporate networks for unauthorized intrusion, identifying hot spots and deterring intruders.
• Antivirus and antispyware software detects and eliminates malware.
• Unified threat management (UTM) systems integrate multiple security functions.

Securing Wireless Networks

• WEP security using static encryption keys (relatively easy to crack); improved with VPN.
• WPA2 replaces WEP with stronger standards, continuously changing, longer encryption keys.

Encryption and Public Key Infrastructure

• Encryption translates text/data into cipher text unreadable by unintended recipients; methods include Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Secure Hypertext Transfer Protocol (S-HTTP).
• Encryption method of messages include symmetric key encryption (sender and receiver using single, shared key), and public key encryption (using two related keys: public and private).

Ensuring System Availability

• Online transaction processing requires 100% availability.
• Fault-tolerant computer systems contain redundant components (hardware, software, and power supply) for uninterrupted service.
• Deep packet inspection and security outsourcing (employing managed security service providers [MSSPs]).

Security Issues for Cloud Computing and Mobile Digital Platforms

• Cloud security responsibility lies with the company owning the data; firms must ensure adequate provider protection. This includes data storage location, meeting corporate requirements, legal privacy laws, segregation of data, audits, and security certifications, and service-level agreements (SLAs).
• Mobile platform security policies should include requirements, including guidelines for use of platforms and applications, mobile device management tools (authorization, inventory, control updates), lock down/erase for lost devices, and encryption, and software for data segregation.

Ensuring Software Quality

• Software metrics assess systems with quantified measurements, including number of transactions, online response time, payroll checks per hour, and known bugs per hundred lines of code.
• Early and regular testing, walkthroughs of specifications/design documents, and debugging.

Description

This quiz focuses on Chapter 8 of securing information systems, examining the various types of threats and vulnerabilities that affect data integrity and reliability. It discusses the importance of implementing policies and control measures to safeguard against unauthorized access and damage. Test your understanding of contemporary security challenges and preventive measures in information systems.