Business Information Management PDF
Document Details
Uploaded by InvincibleAluminium3670
University of Limerick
Dr. Michael P. O'Brien
Tags
Related
- International Business Information Systems - Introduction to Computer Security PDF
- Information Security & Management PDF
- Operating System Concepts PDF
- HC1_2024 Security Essentials 1 week 2 - Begrippenkader PDF
- Information Systems for Business (BBA, Semester 6) PDF
- ITM 100 Class 9 Securing Information Systems PDF
Summary
This document is a lecture on business information management, focusing on computer security. It covers various threats and vulnerabilities, including viruses, worms, and social engineering. The lecture also explores the significance of cybersecurity in protecting business data. It contains definitions of concepts such as confidentiality, integrity, and availability.
Full Transcript
Business Information Management Dr. Michael P. O’Brien Module: MI4007 Week 9 (Lecture 1 of 2) 1 What is Computer Security? Computer security refers to techniques for ensuring that data stored in a computer cannot be read or compromised by any indivi...
Business Information Management Dr. Michael P. O’Brien Module: MI4007 Week 9 (Lecture 1 of 2) 1 What is Computer Security? Computer security refers to techniques for ensuring that data stored in a computer cannot be read or compromised by any individuals without authorisation. Most computer security measures involve data encryption and passwords. The purpose of computer security is to device ways to prevent the weaknesses from being exploited. We are addressing three important aspects of any computer-related system such as confidentiality, integrity, and availability. 2 Goals of Computer Security Confidentiality: ensures that computer- related assets are accessed only by authorized parties. Confidentiality is sometimes called secrecy or privacy. Integrity: means that assets can be modified only by authorised parties or only in authorised ways. Availability: means that assets are accessible to authorised parties at appropriate times. Loss of availability is the disruption of access to information. One of the challenges in building a secure system is finding the right balance among the goals, which often conflict. 3 Vulnerability, Threats & Attacks Vulnerability: – a weakness in the security system. – Weaknesses can appear in any element of a computer, in the hardware, operating system, and the software. Threat: – A threat to a computing system is a set of circumstances that has the potential to cause loss or harm. – There are many threats to a computer system, including human-initiated and computer-initiated ones. Attack: – A human who exploits a vulnerability perpetrates an attack on the system. – An attack can also be launched by another system, as when one system sends an overwhelming set of messages to another, virtually shutting down the second system's ability to function (denial-of-service). 4 Why We Need Security Good News: Your employees and partners can access your critical business information Bad News: Your employees and partners can access your critical business information Security deals with the protection of assets. The three main aspects are prevention, detection, re-action. Differences between traditional security and information security – Information can be stolen – but you still have it. – Confidential information may be copied and sold – but the theft might not be detected – The criminals may be on the other side of the world 5 Security vs. Safety Security: The way in which we protect access to our computers and information. E.g. Anti-virus software, firewall. Safety: The way we behave while using the internet. E.g. Safe email behaviour, safe software downloading behaviour. 6 Leading Threats Virus Worm Trojan Horse / Logic Bomb Social Engineering Botnets / Zombies Rootkit 7 Virus Computer viruses are software programs that are deliberately designed by online attackers to invade your computer, to interfere with its Program operation, and to copy, corrupt or delete your A data. These malicious software programs are called Extra Code viruses because they are designed not only to infect and damage one computer, but to spread to other computers all across the Internet. infects In order to recover/prevent virus/attacks: Avoid potentially unreliable websites/emails Program System Restore B Re-install operating system Anti-virus (i.e. Avira, AVG, Norton) 8 Worm Worms are more sophisticated viruses that can replicate automatically and send themselves to other computers by first taking To Joe control of certain software To Ann To Bob programs on your PC, such as email. Email List: [email protected] [email protected] [email protected] 9 Logic Bomb / Trojan Horse Logic Bomb: A set of instructions secretly incorporated into a program so that if a particular condition is satisfied they will be carried out, usually with harmful effects. – Example: an employee places a logic bomb inside a system to destroy data when his/her record is removed upon termination. Trojan Horse: Masquerades as beneficial program while quietly destroying data or damaging your system. – Download a game: Might be fun but has hidden part that emails your password file without you knowing. 10 Social Engineering Social engineering manipulates people into performing actions or divulging confidential information. Similar to a confidence trick or simple fraud, the term applies to the use of deception to gain information, commit fraud, or access computer systems. Email: AIB Bank has Phone Call: noticed a This is John, problem with the System your account… Admin. What is your In Person: I have come password? What’s your to repair mother’ maiden your name? and have machine… some software patches 11 Phishing = Fake Email Phishing: a ‘trustworthy entity’ asks via e- mail for sensitive information such as PPSN, credit card numbers, login IDs or passwords. 12 Pharming = Fake Web Pages Another type of social engineering. A user’s session is redirected to a masquerading website. At the fake website, transactions can be mimicked and information like login credentials can be gathered. With this the attacker can access the real site and conduct transactions using the credentials of a valid user on that website. The fake web page looks like the real thing. 13 Botnet A botnet is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack. The compromised computers are called zombies 14 Rootkit A collection of programs that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network. May enable: Easy access for the hacker Keystroke logger Eliminates evidence of break-in Modifies the operating system 15 Recognising a Break-in or Compromise Symptoms include: - Antivirus software detecting a problem - Pop-ups suddenly appear (may sell security software) - Disk space disappears - Files or transactions appear that should not be there - System slows down to a crawl - Unusual messages, sounds, or displays on your monitor - Your mouse moves by itself - Your computer shuts down and powers off by itself 16 Malware Detection Spyware symptoms: – Change to your browser homepage/start page – Ending up on a strange site when conducting a search – System-based firewall is turned off automatically – Lots of network activity while not particularly active – Excessive pop-up windows – New icons, programs, favorites which you did not add – Frequent firewall alerts about unknown programs trying to access the Internet – Bad/slow system performance 17 Anti-Virus & Anti-Spyware Attackers are always creating new viruses, so it is important that anti-virus software stay updated. Anti-virus software detects malware and can destroy it before any damage is done Install and maintain anti-virus and anti-spyware software Should be set to auto update. Many free and pay options exist 18 Firewall A firewall acts as a wall between your computer/private network and the internet. Hackers may use the internet to find, use, and install applications on your computer. A firewall prevents hacker connections from entering your computer. Windows has a firewall built-in. Be sure to always have it on! Filters packets that enter or leave your computer 19 Protect the Operating System Microsoft regularly issues patches or updates to solve security problems in their software. If these are not applied, it leaves your computer vulnerable to hackers. The Windows Update feature built into Windows can be set up to automatically download and install updates. Avoid logging in as administrator 20 Creating a Good Password 21 Creating a Good Password Combine 2 unrelated Mail + phone = m@!lf0n3 words Abbreviate a phrase My favorite colour is blue= Mfciblue Music lyric Happy birthday to you, happy birthday to you, happy birthday dear John, happy birthday to you. hb2uhb2uhbdJhb2u 22 Password Techniques Private: it is used and known by one person only Secret: it does not appear in clear text in any file or program or on a piece of paper pinned to the terminal Easily remembered: so there is no need to write it down At least 8 characters, complex: a mixture of at least 3 of the following: upper case letters, lower case letters, digits and punctuation Not guessable by any program Changed regularly: a good change policy is every 3 months 23 Further Tips Do not open email attachments unless you are expecting the email with the attachment and you trust the sender. Do not click on links in emails unless you are absolutely sure of their validity. Only visit and/or download software from web pages you trust. 24 Further Tips Be sure to have a good firewall or pop-up blocker installed Pop-up blockers do not always block ALL pop- ups so always close a pop-up window using the ‘X’ in the upper corner. Never click “yes,” “accept” or even “cancel” 25 Regular Backups! No security measure is 100% What information is important to you? Is your back-up: Recent? Off-site & Secure? Automated? Tested? Encrypted? 26 Peer-to-Peer Payment Fraud: In recent years there has been a significant rise in the number of peer-to- peer (P2P) payment scams. Scammers exploit popular payment platforms with overpayment scams, fake payment notifications, and two-step authentication scams to steal money and credentials. Always double- check details before transferring money and never send or accept P2P payments from people you don’t know. Phishing attacks: Be cautious of emails or messages that ask for personal information or direct you to suspicious websites. 27 Potential Scams to Watch Out for in 2024/25 AI-enhanced scams: Cybercriminals use AI to create convincing texts, emails, and deepfakes, impersonating trusted figures to trick victims into sharing sensitive information or money. QR code scams: Cautiousness is the best way to avoid QR code scams and reduce security risks. Avoid scanning random QR codes, and scan one only if you must. Scammers can use fake QR codes to initiate phishing attacks, steal your credentials or financial information so you should always verify the source before scanning. If you think you have accessed a fraudulent site and given away financial information contact your bank immediately. For most QR codes, a URL will pop up when you scan them. Look at the URL carefully and open it only if you trust it. 28 Potential Scams to Watch Out for in 2024/25 Peer-to-Peer Payment Fraud: In recent years there has been a significant rise in the number of peer-to- peer (P2P) payment scams. Scammers exploit popular payment platforms with overpayment scams, fake payment notifications, and two-step authentication scams to steal money and credentials. Always double- check details before transferring money and never send or accept P2P payments from people you don’t know. Phishing attacks: Be cautious of emails or messages that ask for personal information or direct you to suspicious websites. 29 30