Mgt 4322 - Home   Spring 2010   Email to Dr. Lyons     PatLyons Home
[ Calendar10:10 | PortWebsite | StuWebs  | Port1 | 2 | 3 | 4 | 5 | 6 | Showcase | Presentation ]
[ Ch 1 || 3 || 5 || 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 || AppDatabase | Ex1 || 3 | 4 | 5 | 6 | 7 ]
[ HW 1| 2 | 3 | 4 | | Career1| 2 | 3 ] [ SJU | TCB | CareerCtr | StuInfo | CareerLinks ] [ SJU Closing ] [H1N1SelfAssessment]

  Ch 8 - Securing Information Systems

  1. System Vulnerability     (p295)
    1. Malicious Software
      1. Def - Virus - a software program that attaches itself to other software programs or data files in order to be executed, usually without user knowledge or permission.
      2. Def - Worm - an independent computer program that copies itself from one computer to other computers over a network.
      3. Viruses and worms are often spread over the Internet from downloaded software or e-mail attachments.
      4. Viruses and worms have caused billions of dollars of damage.  See Table 8-1, p301.
      5. Spyware - see Ch4, outline III.A.2.b.
    2. Hackers and Cybervandalism
      1. Def - Hacker - an individual (or group) who intends to gain unauthorized access to a computer system.
      2. Def - Denial-of-service Attack - occurs when hackers flood a network server with thousands of false requests, making it impossible to respond to legitimate requests.
    3. Computer Crime      (p303)
      1. Def - Identity Theft - theft of personal information, such as credit card or Social Security numbers, in order to obtain merchandise in the name of the victim or to obtain false credentials.
      2. In 2007, 8 million Americans were victims of identity theft and suffered losses of $49 billion.
      3. Def - Phishing - using fake email addresses and/or websites to obtain sensitive customer data.
    4. Internal Threats: Employees
      1. End users introduce errors by entering faulty data
      2. Internal IT specialists create software errors (bugs)
    5. Software Vulnerability
      1. Commercial software contains errors or security vulnerabilities, which require corrective software called patches.
         
  2. Business Value of Security and Control - skip     (p307)
     
  3. Establishing a Framework for Security and Control - skip     (p310)
     
  4. Technologies and Tools for Security     (p315)

    1. Access Control

      1. Def - Biometric Authentication - using human traits, such as fingerprints, (eye) irises, voice, and/or facial image, to grant access to computer system.

    2. Firewalls, Intrusion Detection Systems, and Antivirus Software

      1. Def - Firewall - a software program or hardware device that filters the flow of incoming and outgoing network traffic.  It is generally placed between the organization's private internal networks and distrusted external networks, such as the Internet.

      2. Firewall filters are customizable. This means that you can add or remove filters based on several conditions such as:
        IP addresses, domain names, specific words and phrases -         "losing weight"
        See http://computer.howstuffworks.com/firewall.htm.

      3. Personal Firewall - a firewall for one PC.

      4. Antivirus and Antispyware Software

        1. Def - Antivirus Software - software designed to detect, and eliminate, computer viruses.

        2. Leading antivirus software vendors, such as McAfee - us.mcafee.com, and Symantec - www.symantec.com, have enhanced their products to include antispyware, intrusion prevention, and a personal firewall.

    3. Encryption

      1. Def - Encryption - the process of scrambling plain text or data to prevent (or lessen the probability of) their being read without authorization.  The data are encrypted by using an encryption key.  A simple key is to translate any letter one higher in the alphabet.  The word "plain" would be encrypted to "qmbjo".

      2. Def - S-HTTP - a form of http (hypertext transfer protocol, see Ch7 outline IV.D.2) that has an additional secure encryption and authentication layer.

      3. The URL for the SJU email is https://email.stjohns.edu/exchange/.

      4. Note: Whenever you provide online sensitive personal information, such as your credit card number, make sure the Web page URL begins with https://, instead of http://, to ensure secure communication.
        See http://www.mysecurecyberspace.com/encyclopedia/index/https.html.
         

    4. MySecureCyberspace - www.mysecurecyberspace.com - a helpful website created by Carnegie Mellon University CyLab.  A public-private partnership to develop new technologies for secure, trustworthy, and sustainable computing and communications systems, and to educate individuals at all levels. Supported by the National Science Foundation.

                                            (This page was last edited on January 17, 2010 .)