ITM 100 Class 9: Securing Information Systems

Questions and Answers

What is the primary function of a firewall?

• To prevent unauthorized access to networks (correct)
• To encrypt sensitive data
• To monitor internal network traffic
• To detect malware on devices

Which of the following best describes an intrusion detection system?

• Hardware that stores backup data
• A system that monitors networks for unauthorized access (correct)
• Software that repairs damaged files
• A tool that encrypts data for secure transmission

What is the role of antivirus and antispyware software?

• To prevent physical damage to computers
• To manage network traffic
• To backup data in case of loss
• To check for and eliminate malware (correct)

What does encryption do to plaintext?

Transforms it into ciphertext (B)

Which process is the reverse of encryption?

Decryption (B)

Why is continual updating important for antivirus and antispyware software?

To keep up with emerging threats (A)

What field of study refers to encoded information?

Cryptography (D)

Which statement correctly describes ciphertext?

It is the result of the encryption process. (A)

What best describes computer crime?

A violation of criminal law that involves technology for various purposes. (B)

Which of the following represents a way in which computers can be the target of crime?

Accessing a system without authority. (B)

What is a primary challenge regarding wireless security?

Scanning of radio frequency bands. (C)

What does 'war driving' refer to in the context of wireless security?

Driving by locations to detect wireless networks. (D)

Which of the following is a common internet vulnerability?

Interception of network communications. (B)

What is one potential risk of using email for communication?

Attachments may contain malware. (B)

Why are fixed Internet addresses considered vulnerable?

They provide a consistent target for hackers. (A)

Which of the following is NOT a method through which computers can be used as instruments of crime?

Utilizing social media for promotions. (B)

What is the expected annual loss due to user error, based on the data provided?

$19,698 (B)

What is the probability of occurrence for power failure?

30 (A)

Which of the following is a focus of business continuity planning?

Restoring business operations after a disaster (C)

Which risk has the highest expected annual loss according to the data presented?

Power failure (A)

Which type of analysis is crucial in both disaster recovery planning and business continuity planning?

Business impact analysis (C)

What role does identity management play in security policy?

It helps in identifying valid users and controlling access. (C)

Based on the information given, which statement about embezzlement is true?

The expected annual loss is $1,275. (C)

Which method is NOT considered a type of biometric authentication?

Smart cards (D)

Why is it important for management to determine which systems to restore first?

To identify the firm's most critical systems. (D)

What is a key guideline for creating a secure password?

Include a mix of uppercase letters, lowercase letters, digits and special characters (A)

Which of the following is an example of two-factor authentication?

Entering a password followed by a verification code sent to your phone (A)

What is a potential risk of biometric authentication like fingerprint analysis?

User characteristics can be easily replicated or stolen (A)

Which practice should be avoided to maintain password security?

Telling friends about passwords for convenience (C)

What characteristic makes a password easier to remember yet harder to guess?

A combination of uppercase letters, lowercase letters, digits, and special characters (B)

Why should a user not leave their computer logged in when away?

It increases the risk of unauthorized access (C)

What is a fundamental reason for using a smart card in authentication?

It contains an embedded memory chip for secure identification (D)

What is the primary purpose of general controls in information systems?

To govern the design, security, and use of computer programs (D)

Which of the following describes application controls?

Controls that are unique to each computerized application (D)

What aspect does the CIA Triad primarily focus on?

Ensuring data confidentiality, integrity, and availability (A)

What is the role of identity management software in information security?

To authenticate users and manage access controls (A)

Which of the following best describes software patches?

Small updates that repair flaws in software (D)

What is the main challenge associated with software patches?

Exploits are often developed faster than patches can be rolled out (C)

Which of the following options is an example of an input control?

Validation of data entered into a system (C)

Which is NOT a component of general controls?

Input controls (B)

What is the primary role of spyware in a computer system?

To monitor user activity and capture sensitive information. (C)

Which of the following best describes a cracker?

A hacker with the intent to commit criminal acts. (A)

What is the definition of phishing in the context of computer crime?

Creating fake websites to collect personal data. (D)

Which method is used in pharming attacks?

Redirecting users to fraudulent websites. (D)

What is a 'back door' in the context of computer security?

An unauthorized way to access a system without detection. (B)

Spoofing is characterized by which of the following actions?

Redirecting communications to appear as a trusted source. (D)

What does sniffing refer to in cyber security?

Eavesdropping on network traffic to capture sensitive data. (C)

Identity theft entails which of the following actions?

Unauthorized acquisition of personal information for fraudulent purposes. (C)

Flashcards

Computer Crime

Any criminal act that uses technology as a tool for its execution, investigation, or prosecution.

Unauthorized Access

An act of accessing a computer system without authorization, potentially leading to data breaches or unauthorized modifications.

Data Breach

The act of stealing confidential information stored on a computer system, often with the intention of gaining an advantage or causing harm.

Man-in-the-Middle Attack

Exploiting the open nature of the internet to intercept communication and steal sensitive data.

Communication Interception

Unauthorized interception of communication over networks like email, P2P, or IM.

Fixed Target for Hackers

Using fixed Internet addresses, often associated with cable or DSL modems, to target and attack specific computer systems.

War Driving

Identifying and gaining access to wireless networks by detecting SSIDs (service set identifiers) broadcast by access points.

Radio Frequency Vulnerability

The ease with which radio frequency bands used for wireless communication can be scanned and intercepted.

What is a firewall?

A combination of hardware and software designed to block unauthorized access to private networks.

What is packet filtering?

A security technology used by firewalls to analyze incoming network traffic and block packets based on predefined rules.

What is an intrusion detection system?

A system that continuously monitors network activity for suspicious patterns and alerts administrators about potential security breaches.

What is antivirus software?

Software designed to detect and remove malicious programs like viruses, worms, and Trojans from computer systems.

What is antispyware software?

Software designed to detect and remove spyware, a type of malware that secretly monitors and collects user data.

What is cryptography?

The study of methods for encoding information to conceal its contents from unauthorized individuals.

Authentication

A method of verifying a user's identity, typically using a combination of credentials like passwords or tokens.

What is encryption?

The process of transforming plaintext into ciphertext using an encryption algorithm.

What is decryption?

The process of transforming ciphertext back into plaintext using the corresponding decryption key.

Token

A small physical device that generates a unique code used for login, enhancing security.

Smart card

A card with a built-in memory chip that stores personal information, used for identification.

Biometric authentication

Using unique biological traits like fingerprints, voice patterns, or retinal scans for user verification.

Two-factor authentication

A security measure that requires two separate forms of authentication to access a system, significantly increasing security.

Strong password

A password that is easy to remember for you but difficult for others to guess.

Fingerprint analysis

A technique that uses fingerprint analysis to verify a user's identity, providing a more secure authentication method than usernames and passwords.

Preventing Unauthorized Access

The process of safeguarding information systems and data against unauthorized access, modification, or destruction.

Spyware

Software that secretly monitors your computer activities, often to steal personal information.

Key logger

Spyware that records every keystroke you make, potentially revealing passwords and sensitive information.

Hacker

An individual who attempts to gain unauthorized access to a computer system.

Cracker

A hacker with criminal intent who aims to steal information or disrupt systems.

Identity theft

A crime where someone steals your personal information, like credit card details or social security number.

Phishing

Setting up fake websites or sending emails that appear legitimate to trick people into revealing confidential information.

Pharming

Redirecting users to a fake website, potentially stealing their logins or personal data.

Backdoor

A hidden way to access a system, typically used by hackers to bypass security measures.

General Controls

General controls are safeguards that apply across all computerized applications within an organization. They ensure the security and integrity of computer programs, data files, and overall system operations.

Application Controls

Application controls are specific safeguards designed for individual software applications. They ensure the accuracy, completeness, and validity of data processed in each application.

Confidentiality

Confidentiality refers to protecting sensitive information from unauthorized access. It ensures that only authorized individuals can view or modify the data.

Integrity

Integrity ensures that data is accurate, complete, and reliable. It prevents unauthorized modifications and ensures the data remains trustworthy.

Availability

Availability ensures that information systems and data are readily accessible to authorized users when needed. This means the systems are up and running when required.

Software Patches

Software patches are small updates released by software developers to fix flaws or vulnerabilities in their programs. These patches help prevent attackers from exploiting weaknesses in the software.

Identity Management Software

Identity management software manages user identities and access rights within an organization. It tracks who has access to what, authenticates users, and controls their privileges.

Exploits

Exploits are techniques or methods employed by attackers to take advantage of vulnerabilities in software systems. They exploit weaknesses to gain unauthorized access or disrupt system operations.

Online Order Processing Risk Assessment

A method to assess the likelihood and potential impact of risks related to online orders.

Disaster Recovery Planning

A plan that outlines how to restore disrupted IT services following an unexpected event, like a power outage.

Business Continuity Planning

A plan designed to help an organization resume its critical business operations after a disruption.

Acceptable Use Policy (AUP)

A document that outlines the acceptable uses of an organization's IT resources and equipment.

Security Policy

A formal document that establishes a company's information security goals, their priorities, and the methods to achieve them.

Identity Management

The process of verifying the identity of users and controlling their access to information and systems.

Business Impact Analysis

A method used in disaster recovery and business continuity planning to determine the impact of an IT outage on the organization.

Expected Annual Loss

The potential cost of disruptions, such as power failures or user errors, during online order processing.

Study Notes

ITM 100 Class 9: Securing Information Systems

• This class focuses on securing information systems.
• The study material is adapted from Management Information Systems: Managing the Digital Firm, 17th Edition by Kenneth C. Laudon and Jane P. Laudon.

Real World Example - TJX

• In 2006, TJX experienced a significant computer system security breach, affecting up to 94 million customers.
• Albert Gonzalez received a 20-year prison sentence in 2010 for his role in the TJX breach.
• The potential financial impact of the breach, according to federal guidelines, exceeded $400 million.
• The breaches began in 2005 with war-driving expeditions to identify vulnerable wireless networks.
• Hackers entered the TJX network, moved upstream to the corporate network, and installed a packet sniffer to capture transaction data.
• Authorities discovered 16.3 million stolen credit card numbers on Gonzalez's Latvian server and another 27.5 million on a server in Ukraine.

Real World Example - Heartland Payment Systems

• In March 2008, a breach exposed 134 million credit cards at Heartland Payment Systems.
• Albert Gonzalez and two unnamed Russian accomplices were indicted in 2009 and Gonzalez was sentenced to 20 years in prison.
• The vulnerability to SQL injection was known, with security analysts warning retailers well in advance, of the potential risks for years.

Top 10 Data Breaches (2008-2019)

• This section provides a list of the top 10 data breaches between 2008 and 2019.
• The companies included are Yahoo!, MySpace, Marriott, LinkedIn, Equifax, Heartland Payment Systems, Target, Capital One, Sony.
• Data is provided on the service, the company involved, and dates.
• Example: Yahoo!, Web services provider, 3000 million (2013)

System Security

• Information systems play a crucial role in many organizations and are extremely vulnerable.
• System failures can significantly impact a firm's business functions and profitability.
• Critical organizational data, like confidential information, trade secrets, and new products are at risk if security measures are insufficient.
• Security breaches can dramatically reduce a company's market value and lead to liability issues.

Why Systems Are Vulnerable

• Hardware issues such as breakdowns, misconfigurations, and improper use can cause system vulnerabilities.
• Software flaws and programming errors, installation problems, and unauthorized modifications are another threat to system security.
• Systems located outside of a firm’s control also increase vulnerabilities.

Software Vulnerability

• Commercial software often has bugs (code defects).
• Achieving zero defects in software is not always possible due to the complexity of large programs.
• Security vulnerabilities frequently exist that enable intrusions. Buffer overflow is an example with such vulnerabilities.

Computer Crime

• Illegal acts against computer systems or using computers to commit crimes are considered computer crimes.
• Gaining unauthorized access, breaching confidentiality of data, or stealing trade secrets are all types of computer-related violations.

Internet Vulnerabilities

• The openness of the internet makes it susceptible to attacks like interception, person-in-the-middle attacks, malicious software, etc.
• The sheer size of the internet means a successful attack can have widespread impact.

Wireless Security Challenges

• The radio frequency spectrum used for wireless communication is easily accessible to eavesdroppers.
• Service set identifiers (SSIDs) can be easily detected through tools like sniffer programs.
• War-driving attempts to identify unprotected or vulnerable wireless networks.

Malicious Software

• Malicious software, often abbreviated as malware, comes in several forms, including viruses, worms, and Trojans.
• This software can cause damage to computers.

Computer Viruses

• Viruses are designed to attach to other programs to execute unauthorized functions.
• They replicate and spread to other programs and computers, sometimes by email attachments. - They can cause data damage and theft.

Worms

• Worms replicate themselves across networks to spread across multiple computer systems.
• They don't require an active host program to run, unlike a Virus.

Trojan Horses

• Trojan horse programs often appear benign initially then carry out harmful actions.
• They frequently spread viruses or malware.

SQL Injection, Spyware

• Hackers use SQL injection attacks against database-driven applications. These attacks use maliciously crafted data submitted in web forms to execute unauthorized commands against databases.
• Spyware includes keyloggers, applications that record user keystrokes to capture sensitive data.

Hackers and Computer Crime

• Hackers are those individuals who attempt to gain unauthorized access to computer systems.
• Crackers are a subset of hackers with malicious intent.

Computer Crime (Continued)

• Identity theft, password guessing, phishing, and pharming are fraudulent activities that involve unauthorized access to personal information, which poses a significant threat.

Spoofing and Sniffing

• Spoofing includes masquerading as another person or redirecting web links to unintended destinations.
• Sniffing is a passive attack that observes data traveling across a network, enabling hackers to steal data like emails and company files.

Denial of Service (DoS) Attacks

• Hackers flood a computer system with extraneous communication to crash the service.
• Distributed DoS attacks utilize many computers to overwhelm the system.
• Botnets are often employed in DoS attacks: networks of compromised computer systems that carry out malicious activities on command from the attacker.

Internal Threats: Employees

• Security threats originate from within organizations, such as through insiders with inside knowledge.
• Sloppy security practices and inadequate user training can cause weaknesses.
• Social engineering tricks employees into revealing passwords or other sensitive data.
• Information systems specialists and end users alike are points of weakness.

Contemporary Security Challenges and Vulnerabilities

• Network security vulnerabilities can arise from numerous sources, including unauthorized access, tapping, message alteration, and radiation.

Security and Controls

• Security measures, encompassing policies and procedures, are steps taken to prevent unauthorized access, damage to data, and theft.

Information Systems Controls

• Controls are procedures employed over the entire organization's information systems, such as general controls, which address systems design or application controls which pertain to specific applications.

CIA Triad of Information Security

• Confidentiality, Integrity, and Availability (CIA) are the three pillars of information security: Confidentiality ensures data stays secret; Integrity ensures data's accuracy and reliability; Availability ensures authorized users can access data when needed.

Tools and Technologies for Safeguarding Information Systems

• Software patches address flaws in software programs.
• Identity management software helps manage user accounts and access privileges.
• Authentication methods such as password systems, tokens, smart cards, and biometric systems control access to sensitive information. Tools such as firewalls block unauthorized users. Intrusion detection systems monitor potential threats. Antivirus software checks for and removes malware.

Preventing Unauthorized Access

• Guidelines for passwords should be easy to remember but hard to guess. This advice includes mixing upper and lowercase letters, numbers, and special characters to avoid simple guessing tactics.

Risk Assessment

• Risk assessments are crucial to determine the probability and potential cost of system vulnerabilities.
• Risk assessment considers types of threats, potential losses, and expected annual losses.

Online Order Processing Risk Assessment

• An example demonstrates classifying exposure to risk with probability of occurrence and loss ranges.

Security Policy

• Security policies outline appropriate security goals, acceptable use policies, and computing equipment standards.

Disaster Recovery Planning and Business Continuity Planning

• Disaster recovery plans aim to restore disrupted services after a disaster.
• Business continuity plans address continuing business operations after a major disruption.

The Role of Auditing

• Information systems audits evaluate the organization’s overall security posture.
• Security audits review technologies, procedures, documentation, training, and personnel.
• Auditors can simulate disaster scenarios to test response capabilities.

Sample Auditor's List of Control Weaknesses

• This is an example of findings from an information systems audit.