Controls
Methods, policies, and organizational procedures that ensure the safety of the organization’s assets, the accuracy and reliability of its records, and operational adherence to management standards.
Threats to Internet and other networks
Tapping, sniffing, message alteration, theft and fraud, radiation
Threats to corporate servers
Hacking, malware, theft and fraud, vandalism, DoS attacks
Threats to corporate systems
Theft of data, copying data, alteration of data, hardware failure, software failure.
War driving
Eavesdroppers drive by buildings or parks outside and try to intercept wireless network traffic.
Malware
Malicious software programs like viruses, worms, and Trojan horses
Computer virus
Rogue software program that attaches itself to other software programs or data files to be execuuted, usually without user knowledge or permission
Worms
Independent computer programs that copy themselves from one computer to other computers over a network. Can operate on their own.
Drive-by downloads
Malware that comes with a downloaded file that a user intentionally or unintentionally requests.
SQL injection attack
Exploit vulnerabilities in poorly coded web application software to introduce malicious program code into a company’s systems and networks. These vulnerabilities occur when a web application fails to validate properly or filter data a user enters on a web page.
Ransomware
Attempts to extort money by taking control of computers, blocking access to files, or displaying annoying pop-up messages.
Spyware
Monirot a user’s web-surfing activity and serve up advertising
Keyloggers
Record every keystroke made on a computer to steal serial numbers for software, to launch Internet attacks, to gain access to email accounts, to obtain passwords to protect computer systems, or to pick up personal information.
Spoofing
Hiding true identity with fake email addresses or web links
Sniffer
Eavesdropping program that monitors information traveling over a network
Evil twins
Wireless networks that pretend to offer trustworthy Wi-Fi connections
Pharming
Redirects users to a bogus web page
Click fraud
When an individual or computer program fraudulently clicks an online ad without any intention of learning more about the advertiser or making a purchase
Zero-day vulnerabilities
Holes in software that are unknown to its creators
Gramm-Leach Bliley Act
Also known as the US Financial Services Modernization Act of 1999. It requires financial institutions to ensure the security and confidentiality of customer data. Data must be stored on a secure medium, and special security measures must be enforced to protect such data on storage media and during transmittal.
Sarbanes-Oxley Act
It imposes responsibility on companies and their management to safeguard the accuracy and integrity of financial information that is used internally and released externally.
Computer forensics
The scientific collection, examination, authentication, preservation, and analysis of data held on or retrieved from computer storage media in such a way that the information can be used as evidence in a court of law.
General Controls
Govern the design, security, and use of computer programs and the security of data files in general througout the organization’s information technology infrastructure.
Application Controls
Specific controls unique to each computerized application, such as payroll or order processing. They can be classified as input controls, processing controlls, or output controls.
-
Chapter 1 - Information Systems in Global Business Today35
-
Chapter 2 - Global E-business and Collaboration34
-
Chapter 3 - Information Systems, Organizations, and Strategy43
-
Chapter 4 - Ethical and Social Issues in Information Systems37
-
Chapters 1-6 Quizzes95
-
Chapter 8 - Securing Information Systems47
-
Chapters 8, 10, and 11 Question Pool45
