8.1 Why are information systems vulnerable to destruction, error, and abuse?
List and describe the most common threats against contemporary information.
Information systems are vulnerable to destruction, error and abuse because they are susceptible to unauthorized users who can gain access to company networks. Common threats against contemporary information can occur in communication lines, with clients, communication lines, corporate servers and corporate systems.
Threats to users/ client access which can involve errors and unauthorized access.
Threats can also occur with communication. This can stem from communication lines such as wire-tapping, and sniffing, message modifications, fraud/ theft, and radiation.
Threats can also occur on corporate servers. This occurs with hacked servers, planted viruses and worms, theft and fraud, and denial- of-service attacks.
Threats also occur on corporate systems. This includes, stolen, copied and manipulated company data. As well as crashes in hardware and software.
Define malware and distinguish among a virus, a worm, and a Trojan
Malware is a malicious software, which is any program or file that can be harmful to a computer user. Malwares can perform a variety of functions, including stealing, encrypting or deleting sensitive data, altering or hijacking core computing functions and monitoring users' computer activity without their permission. Malwares can include a computer virus, worm, a trojan and spyware. A virus is the most common malware. It is a malicious program that can spread by piggy backing off of files and programs that are already on the computer. A worm, is a malware that can self-replicate without a host program. Worms can also spread without directives from malware authors. A trojan, is a program that is designed to appear as a legitimate program but can only perform its functions until after it is downloaded.
Define a hacker and explain how hackers create security problem and damage systems.
A hacker is an individual who gains unauthorized access to a computer system by finding flaws within a security protection used by websites and computer systems. Hackers create security problems and damage systems by stealing goods and information. They also can damage systems and commit cyber vandalism by disrupting, defacing and destroying company website or corporate information system.
Define identify theft and phishing and explain why identity theft is such a big problem today.
Identity theft is when someone gains information about an individual and uses the information to act as if they were that person. This involves the use of the person’s social security number, credit card information, driver’s license or other pieces of personal information. Phishing, is a technique that is used to perform identity theft. The technique involves creating a fake website or sending e-mails that resemble a business in order to ask for confidential and personal information from the victim. Identity theft is such a big problem today because the stolen information can be used to acquire merchandise and services worldwide.
8.2 What is the business value of security and control?
Explain how security and control provide value for businesses.
The business value of control refers to the measurements that a company takes in order to prevent intrusions from hackers or unauthorized individuals. The business value of control pertains to the measurements that a company takes in order to keep their assets safe. Security and control can provide value for business because measurements taken in security can create policies and procedures that will aim to eliminate threats of identity theft or damage to a company’s system. Measurements in the business value of control can be used to create policies and procedures that check the accuracy and reliability of the company’s information and data.
Describe the relationship between security and control