accessories for “war driving” can be easily built using ... › ~liush › bdss ›...
TRANSCRIPT
![Page 1: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/1.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
10-1
Accessories for “war driving” can be easily built usingsimple parts.
Chapter 10Securing Information Systems
![Page 2: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/2.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Learning Objectives10-2
1. Define computer crime and describe several types of computer crime.
2. Describe and explain the differences between cyberwar and cyberterrorism.
3. Explain what is meant by the term “IS security” and describe both technology and human-based safeguards for information systems.
4. Discuss how to better manage IS security and explain the process of developing an IS security plan.
5. Describe how organizations can establish IS controls to better ensure IS security.
![Page 3: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/3.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Learning Objectives10-3
1. Define computer crime and describe several types of computer crime.
2. Describe and explain the differences between cyberwar and cyberterrorism.
3. Explain what is meant by the term “IS security” and describe both technology and human-based safeguards for information systems.
4. Discuss how to better manage IS security and explain the process of developing an IS security plan.
5. Describe how organizations can establish IS controls to better ensure IS security.
![Page 4: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/4.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Primary Threats to Information Systems Security
10-4
Natural disasters Power outages, hurricanes,
floods, and so on
Accidents Power outages, cats walking
across keyboards
Employees and consultants
Links to outside business contacts Travel between business
affiliates
Outsiders Viruses
![Page 5: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/5.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Computer Crime
Computer crime—The act of using a computer to commit an illegal act. Targeting a computer while committing an offense.
Using a computer to commit an offense.
Using computers to support a criminal activity.
Overall trend for computer crime has been declining over the past several years (CSI, 2009).
Many incidents are never reported.
10-5
![Page 6: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/6.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Computer Virus Attacks
Financial impact of virus attacks, 1995–2006, and beyond.
Source: Based on: http://www.computereconomics.com.
10-6
![Page 7: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/7.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Federal and State Laws
The two main federal laws against computer crime are: Computer Fraud and Abuse Act of 1986
Stealing or compromising data about national defense, foreign relations, atomic energy, or other restricted information
Violating data belonging to banks or other financial institutions
Intercepting or otherwise intruding on communications between states or foreign countries
Threatening to damage computer systems in order to extort money or other valuables from persons, businesses, or institutions
Electronic Communications Privacy Act of 1986 makes it a crime to break into any electronic communications
service, including telephone services
prohibits the interception of any type of electronic communications
10-7
![Page 8: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/8.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Other Federal Laws
Patent protection
U.S. Copyright Act amended in 1980 for computer software
Financial Privacy Act protects information: credit card, credit reporting , bank loan
applications
Enforcement responsibilities FBI—espionage, terrorism, banking, organized crime, and
threats to national security
Secret Service—crimes against U.S. Treasury Department computers and against violations of the Right to Financial Privacy Act
10-8
![Page 9: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/9.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Hacking and Cracking
Hackers—individuals who are knowledgeable enough to gain access to computer systems without authorization. Term first used in the 1960s at MIT
Often the motivation is curiosity, not crime
Crackers—those who break into computer systems with the intention of doing damage or committing a crime.
Hacktivists—Those who attempt to break into systems or deface Web sites to promote political or ideological goals
10-9
![Page 10: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/10.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Types of Criminals10-10
No clear profile as to who commits computer crimes
Four groups of computer criminals1. Current or former employees
85–95% of theft from businesses comes from the inside
2. People with technical knowledge committing crimes for personal gain
3. Career criminals using computers to assist them in crimes
4. Outside crackers hoping to find information of value About 12 percent of cracker attacks cause damage
![Page 11: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/11.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Unauthorized Access10-11
Examples Employees do personal business on
company computers. Intruders break into government Web
sites and change the information displayed.
Thieves steal credit card numbers and Social Security numbers from electronic databases, then use the stolen information to charge thousands of dollars in merchandise to victims.
An employee at a Swiss bank steals data that could possibly help to charge the bank’s customers for tax evasion, hoping to sell this data to other countries’ governments for hefty sums of money.
![Page 12: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/12.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Information Modification10-12
User accesses electronic information.
User changes information. Employee gives
herself a raise.
![Page 13: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/13.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Other Threats to IS Security
Many times, computer security is breached simply because organizations and individuals do not exercise proper care in safeguarding information.
Examples: Keeping passwords or access codes in plain sight
Failing to install antivirus software or keep up-to-date
Continue to use default network passwords
Careless about letting outsiders view computer monitors
Failure to limit access to company files and system resources
Failure to install effective firewalls or intrusion detection systems, or they install but fail to monitor them regularly
Failure to provide proper employee background checks
Unmonitored employees
Disgruntled workers
10-13
![Page 14: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/14.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Computer Viruses and Other Destructive Code10-14
Malware—short for “malicious software” such as viruses, worms, and Trojan horses.
Virus—a destructive program that disrupts the normal functioning of computer software.
![Page 15: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/15.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Worms, Trojan Horses, and Other Malware
Worm
variation of a virus that is targeted at networks, taking advantage of security holes
Trojan Horse
Does not replicate, but causes damage. Codes are hidden.
Logic bombs or time bombs
Variations of Trojan horses
Time bombs are set off by specific dates; logic bombs are set off by certain types of operations.
10-15
![Page 16: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/16.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Denial of Service Attack10-16
Attackers prevent legitimate users from accessing services.
Zombie computers Created by viruses or
worms
Attack Web sites
Servers crash under increased load. MyDoom attack on
Microsoft’s Web site
![Page 17: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/17.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Spyware10-17
Hidden within freeware or shareware, or embedded within Web sites
Gathers information about a user Credit card information Behavior tracking for marketing purposes
Eats up computer’s memory and network bandwidth
Adware Free software paid by advertisements Sometimes contains spyware Collects information for banner ad customization
![Page 18: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/18.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Spam10-18
Electronic junk mail Advertisements of
products and services Eats up storage space Compromises network
bandwidth 90 percent of all
Internet e-mail is spam!
Spam filters can help. Spim—spam in text
message form
![Page 19: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/19.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Phishing (Spoofing)
Attempts to trick users into giving away credit card numbers
Phony messages
Duplicates of legitimate Web sites
Examples: eBay, PayPal have been used.
10-19
![Page 20: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/20.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
CAPTCHA10-20
Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA)
CAPTCHA uses images that computers cannot read.
Combination of techniques is needed to stop spammers.
![Page 21: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/21.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Cookies10-21
Cookies are messages passed to a Web browser from a Web server.
They are stored in a text file. They are used for Web site customization. Cookies may contain sensitive information. Managing cookies
Cookie killer software Web browser settings
![Page 22: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/22.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Cyberattack Supply Chain
85 percent of all e-mail spam is sent out by only six major botnets.
Sample phishing attack: A programmer writes and sells a phishing attack template.
A phisher who wants to run an attack purchases the template and designs an attack.
The phisher contracts with a cracker to provide hosting space for the phishing Web sites.
The phisher contacts a bot herder to send out the spam e-mail that carries the attack.
The phisher provides the stolen personal information to a collector who removes funds from the affected financial institutions.
The collector works with a criminal called a mule herder who carries out the withdrawals.
10-22
![Page 23: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/23.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Identity Theft10-23
Fastest growing “information crime”
Stealing another person’s: Credit card number
Social Security number
Other personal information
Results in bad credit for victim
![Page 24: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/24.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Internet Hoaxes10-24
False messages circulated online New viruses (that don’t exist)
Collection of funds for certain group Example: Haiti earthquake victims
Possible consequences Spammers harvesting e-mail addresses from hoaxes
Web sites, such as Hoaxbusters (www.hoaxbusters.org), Symantec, or McAfee, publish lists of known hoaxes.
![Page 25: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/25.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Cybersquatting10-25
The practice of registering a domain name and later reselling it.
Some of the victims include: Eminem Panasonic Hertz Avon
Anti-Cybersquatting Consumer Protection Act in 1999 Fines as high as $100,000 Some companies pay the cybersquatters to speed up the process
of getting the domain.
![Page 26: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/26.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Cyber Harassment, Stalking, and Bullying10-26
Cyber harassment—Crime that broadly refers to the use of a computer to communicate obscene, vulgar, or threatening content.
Cyber stalking Making false accusations that damage reputation of another
Gaining information on a victim by monitoring online activities
Using the Internet to encourage others to harass a victim
Attacking data and equipment of a victim by sending e-mail viruses or other destructive code
Using the Internet to place false orders for goods or services
![Page 27: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/27.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Cyber Bullying10-27
Cyber bullying is the deliberate cause of emotional distress to a victim
Online predator Typically target vulnerable population for sexual or financial
purposes
Social networking sites have become the playground for online predators.
Most social networking and chat sites provide ways to report abuse.
![Page 28: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/28.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Software Piracy
Legal activities Making one backup copy for personal use Sharing free software (shareware or public domain
software) Illegal activities Making copies of purchased software for others Offering stolen proprietary software (warez peddling)
Intellectual property Patents: process or machine inventions Copyrights: creations of the mind Various copyright laws applicable to software
10-28
![Page 29: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/29.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Software Piracy Is a Global Business
Worldwide losses exceeded $53 billion in 2008
Some factors influencing piracy around the world Concept of intellectual property differs between countries
Economic reasons for piracy
Lack of public awareness about the issue
10-29
![Page 30: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/30.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Learning Objectives10-30
1. Define computer crime and describe several types of computer crime.
2. Describe and explain the differences between cyberwar and cyberterrorism.
3. Explain what is meant by the term “IS security” and describe both technology and human-based safeguards for information systems.
4. Discuss how to better manage IS security and explain the process of developing an IS security plan.
5. Describe how organizations can establish IS controls to better ensure IS security.
![Page 31: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/31.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Cyberwar
Cyberware—Military’s attempt to disrupt or destroy another country’s information and communication systemsGoal is to diminish opponent’s communication capabilities.
It is used in concert with traditional methods.
10-31
![Page 32: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/32.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Cyberwar Vulnerabilities
Systems at risk: Command and control systems
Intelligence collection and distribution systems
Information processing and distribution systems
Tactical communication systems and methods
Troop and weapon positioning systems
Friend-or-foe identification systems
Smart weapons systems
Propaganda Web vandalism
Cyber propaganda
10-32
![Page 33: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/33.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
The New Cold War10-33
A 2007 McAfee report on Internet security listed a cyber cold war as an imminent threat.
Reminiscent of the Cold War between the United States and the Soviet Union from the mid-1940s until the early 1990s —intelligence agencies are testing networks for possible weaknesses.
Patriot Hackers—independent
citizens that attack perceived
enemies of the state.
![Page 34: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/34.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Cyberterrorism10-34
Governments are not involved.
Attacks can be launched from anywhere in the world.
Goal is to cause fear, panic, and destruction.
Cyberterrorism will likely become weapon of choice.
![Page 35: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/35.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Categories of Potential Cyberterrorist Attacks10-35
![Page 36: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/36.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Use of Internet in Terrorist Attacks10-36
![Page 37: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/37.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Assessing the Cyberterrorism Threat10-37
Internet infrastructure is extremely vulnerable to cyberterrorism. Some successful attacks
1991—Gulf War Dutch crackers stole information about the movement of U.S. troops
and offered it for sale to Iraq. The Iraqis turned down the offer.
2000—U.S. presidential elections Web sites were targeted by crackers with political motives. DoS attacks launched.
2007—Government and bank networks within Estonia came under attack for the removal of a Soviet-era memorial.
2010—Chinese-based hackers attacked Google who threatened to remove Chinese filter searches from the search engine.
![Page 38: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/38.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Obstacles to Cyberterrorism10-38
1. Computer systems are complex and attacks may not have desired outcome.
2. Security measures are fast-changing.
3. Cyberattacks rarely cause physical harm to victims.
![Page 39: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/39.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
The Globalization of Terrorism10-39
Increasing dependence on technology Increasing possibilities of cyberterrorism International laws and treaties must evolve. However: likelihood of large attacks is small. Successful large attack would require:
Intelligence information Years of preparation At least $200 million
![Page 40: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/40.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Learning Objectives10-40
1. Define computer crime and describe several types of computer crime.
2. Describe and explain the differences between cyberwar and cyberterrorism.
3. Explain what is meant by the term “IS security” and describe both technology and human-based safeguards for information systems.
4. Discuss how to better manage IS security and explain the process of developing an IS security plan.
5. Describe how organizations can establish IS controls to better ensure IS security.
![Page 41: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/41.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Information Systems Security10-41
All systems connected to a network are at risk. Internal threats
External threats
Information systems security Precautions to keep IS safe from unauthorized access and
use
Increased need for good computer security with increased use of the Internet
![Page 42: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/42.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Safeguarding Information Systems Resources10-42
Information systems audits Risk analysis
Process of assessing the value of protected assets Cost of loss vs. cost of protection
Risk reduction Measures taken to protect the system
Risk acceptance Measures taken to absorb the damages
Risk transfer Transferring the absorption of risk to a third party
![Page 43: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/43.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Technological Safeguards
Physical access restrictions
Firewalls
Encryption
Virus Monitoring and prevention
Audit-control software
Dedicated facilities
10-43
![Page 44: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/44.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Technological Safeguards
Physical access restrictions Authentication
Use of passwords
Photo ID cards, smart cards
Keys to unlock a computer
Combination
Authentication dependent on Something you have
Something you know
Something you are
10-44
![Page 45: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/45.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Biometrics10-45
Form of authentication Fingerprints
Retinal patterns
Facial features and so on
Fast authentication
High security
![Page 46: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/46.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Access-Control Software10-46
Access only to files required for work
Restriction of access level Read only, modify, delete
Certain time periods for allowed access
Business systems applications Built-in access control capabilities
![Page 47: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/47.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Wireless LAN Control10-47
Wireless LAN cheap and easy to install
Use on the rise
Signal transmitted through the air Susceptible to being
intercepted
Drive-by hacking
![Page 48: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/48.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Virtual Private Networks10-48
Connection constructed dynamically within an existing network
Tunneling Send private data over
public network
Encrypted information
![Page 49: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/49.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Firewalls10-49
Firewall—A system designed to detect intrusion and prevent unauthorized access
Implementation Hardware, software, mixed
![Page 50: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/50.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Encryption10-50
Message encoded before sending Message decoded when received
Cryptography—the science of encryption. It requires use of a key for decoding.
Certificate authority—manages distribution of keys on a busy Web site.
Secure Sockets Layer (SSL)—popular public key encryption method.
![Page 51: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/51.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Virus Monitoring and Prevention10-51
Virus prevention Purchase and install antivirus software.
Update frequently.
Do not download data from unknown sources. Flash drives, disks, Web sites
Delete (without opening) e-mails from unknown sources.
Do not blindly open e-mail attachments Even if they come from a known source.
Report any viruses to the IT department.
![Page 52: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/52.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Audit-Control Software10-52
Keeps track of computer activity
Spots suspicious action
Audit trail Record of users
Record of activities
IT department needs to monitor this activity.
![Page 53: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/53.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Secure Data Centers10-53
Specialized facilities are important.
Technical Requirements Power
Cooling
How do organizations reliably protect themselves from threats?
![Page 54: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/54.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Ensuring Availability10-54
High-availability facilities To ensure uninterrupted
service
Self-sufficient
Backup cooling systems
Raised floors (to more easily reconfigure systems)
Built to withstand storms
Collocation facilities
UPS servers need 24/7/365 reliability
![Page 55: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/55.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Securing the Facilities Infrastructure10-55
Backups Secondary storage devices Regular intervals
Backup sites Cold backup site Hot backup site
Redundant data centers Different geographic areas
Closed-circuit television (CCTV) Monitoring for physical intruders Video cameras display and record all activity Digital video recording
Uninterruptible power supply (UPS) Protection against power surges
![Page 56: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/56.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Human Safeguards10-56
Use of federal and state laws as well as ethics
![Page 57: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/57.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Computer Forensics
10-57
Use of formal investigative techniques to evaluate digital information Evaluation of storage devices for traces of illegal activity
Now common in murder cases
Restoration of deleted files
Honeypots used to entice and catch hackers and crackers Example: DarkMarket
Some criminals have special “booby-trap” programs to destroy evidence.
10-57
![Page 58: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/58.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Learning Objectives10-58
1. Define computer crime and describe several types of computer crime.
2. Describe and explain the differences between cyberwar and cyberterrorism.
3. Explain what is meant by the term “IS security” and describe both technology and human-based safeguards for information systems.
4. Discuss how to better manage IS security and explain the process of developing an IS security plan.
5. Describe how organizations can establish IS controls to better ensure IS security.
![Page 59: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/59.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Managing Information Systems Security10-59
Non-technical safeguards Management of
people’s use of IS Acceptable use policies
Trustworthy employees
Well-treated employees
![Page 60: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/60.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Developing an Information Systems Security Plan10-60
Ongoing five-step process
1. Risk analysisa. Determine value of electronic information.
b. Assess threats to confidentiality, integrity, and availability of information.
c. Identify most vulnerable computer operations.
d. Assess current security policies.
e. Recommend changes to existing practices to improve computer security.
![Page 61: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/61.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Security Plan: Step 210-61
2. Policies and procedures—actions to be taken if security is breached
a. Information Policy—handling of sensitive information.
b. Security Policy—technical controls on organizational computers.
c. Use Policy—appropriate use of in-house IS.
d. Backup Policy—explains backup requirements.
e. Account Management Policy—procedures for adding new users and removing user accounts.
f. Incident Handling Procedures—handling security breach.
g. Disaster Recovery Plan—restoration of computer operations.
![Page 62: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/62.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Security Plan: Remaining Steps10-62
3. Implementationa. Implementation of network security hardware and
software
b. IDs and smart cards dissemination
c. Responsibilities of the IS department
4. Training—organization’s personnel
5. Auditinga. Assessment of policy adherence
b. Penetration tests
![Page 63: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/63.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Disaster Planning
Disasters can’t be completely avoided. Need to be prepared.
Business continuity plan describes how a business resumes operation after a disaster
Disaster recovery plan Subset of business continuity plan
Procedures for recovering from systems-related disasters Two types of objectives
Recovery time objectives (Maximum time allowed to recover) Recovery point objectives (How current should the backup
material be?)
10-63
![Page 64: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/64.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Questions Addressed by Recovery Plan
What events are considered a disaster?
What should be done to prepare the backup site?
What is the chain of command, and who can declare a disaster?
What hardware and software are needed to recover from a disaster?
Which personnel are needed for staffing the backup sites?
What is the sequence for moving back to the original location after recovery?
Which provider can be drawn on to aid in the disaster recovery process?
10-64
![Page 65: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/65.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Responding to a Security Breach10-65
Restore lost data.
Perform new risk audit.
Implement additional safeguards.
Contact law enforcement. Computer Emergency Response Team Coordination Center
(Federal government center of Internet security expertise)
![Page 66: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/66.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
The State of Systems Security Management10-66
CSI Computer Crime and Security Survey (2009) findings: Financial losses of cybercrime are decreasing. Financial fraud attacks result in the greatest financial
losses. Only about 29 percent of organizations report intrusions to
the law enforcement. Fear of falling stock prices
Most organizations do not outsource security activities. Nearly all organizations conduct routine security audits. Most organizations agree security training is important.
Majority said they do not do enough training.
![Page 67: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/67.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Use of Security Technologies10-67
CSI Computer Crime and Security Survey (2009) find that most organizations use the following security measures: Activity logging and intrusion detection
Antivirus and antispyware software
Firewalls and VPNs
Encryption for data in transit and at rest
![Page 68: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/68.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Learning Objectives10-68
1. Define computer crime and describe several types of computer crime.
2. Describe and explain the differences between cyberwar and cyberterrorism.
3. Explain what is meant by the term “IS security” and describe both technology and human-based safeguards for information systems.
4. Discuss how to better manage IS security and explain the process of developing an IS security plan.
5. Describe how organizations can establish IS controls to better ensure IS security.
![Page 69: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/69.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
IS Controls, Auditing, and Sarbanes-Oxley Act10-69
Information Systems control specific IT processes designed to ensure reliability of informationControls should be a combination of three
types: Preventive controls Detective controlsCorrective controls
![Page 70: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/70.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Hierarchy of IS Controls10-70
![Page 71: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/71.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Types of IS Controls10-71
Policies Define aim and objectives.
Standards Support the requirements of policies.
Organization and management Define the lines of reporting.
Physical and environmental controls Protect the organization’s IS assets.
![Page 72: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/72.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Types of IS Controls (cont’d)10-72
Systems software controls Enable applications and users to utilize the systems.
Systems development and acquisition controls Ensure systems meet the organization’s needs.
Application-based controls Ensures correct input, processing, storage, and output of data; maintain
record of data as it moves through the system.
![Page 73: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/73.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
IS Auditing10-73
Information Systems audit Performed by external auditors to help organizations assess the state
of their IS controls. To determine necessary changes
To assure the IS availability, confidentiality, and integrity
Risk assessment Determine what type of risks the IS infrastructure faces.
Computer-Assisted Auditing Tools (CAAT) Specific software to test applications and data, using test data or
simulations.
![Page 74: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/74.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
The Sarbanes-Oxley Act10-74
The Sarbanes-Oxley Act was formed as a reaction to large-scale accounting scandals. WorldCom, Enron
It primarily addresses the accounting side of organizations.
Companies have to demonstrate that: controls are in place to prevent misuse and fraud,
controls are in place to detect potential problems, and
measures are in place to correct problems
COBIT (Control Objectives for Information and Related Technology) Set of best practices
Help organizations to maximize the benefits from their IS infrastructure
Establish appropriate controls
![Page 75: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/75.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
End of Chapter Content10-75
![Page 76: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/76.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Managing in the Digital World: Drive-by Hacking10-76
60–80 percent of corporate wireless networks do not use adequate security.
“War driving”—a new hacker tactic
“War spamming” Attackers link to an e-mail
server and send out millions of spam messages.
Businesses fight back using bogus access points.
Network scanners distinguish between real and fake Apps.
Fast Packet Keying—to fix shortcomings of Wired Equivalent Privacy (WEP)
![Page 77: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/77.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
ETHICAL DILEMMA
Ethical Hacking10-77
Mark Maiffret He started as a hacker.
He now designs and sells software for companies to secure their networks against hackers.
eEye Digital Security Maiffret—Chief Hacking Officer.
Software prevents unauthorized access.
Don’t hire anyone with a criminal record—“good” hackers don’t get caught.
![Page 78: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/78.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
NET STATS
Top Cyber Threats
In 1988, Robert Morris’s worm (actually, a bug) crashed 6,000 computers.
According to Kaspersky Lab, for 2010 and beyond they expect to see an increase in the following: File sharing network attacks Use of botnet services Fake antivirus programs More sophisticate malware Web services attacks Popular mobile handsets attacks Social networking site attacks Third-party software attacks
10-78
![Page 79: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/79.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
Hacking an Airplane10-79
Aircraft use more and more information technologies. For example, Boeing’s 787 Dreamliner has various onboard
networks. Network for providing in-flight Internet access is connected to
control, navigation, and communication systems.
Passengers could possibly access flight controls.
IT experts urge Boeing to separate flight controls and passenger systems.
“This is serious.”
In early 2010, the FAA issued a “special conditions alert” specifically aimed at Boeing 747-8/-8F.
![Page 80: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/80.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
COMING ATTRACTIONS
What Were You Thinking?
Some advertisements are considered too raunchy. When this happens, swift and decisive consumer backlash
results in the advertiser pulling the ad.
Emsense, a San Francisco-based company, has developed a headset for tracking brain activity. The headset uses algorithms that translate physiological data
into information about emotions.
Other applications: Toshiba, Neurosky, University of Maryland.
10-80
![Page 81: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/81.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
POWERFUL PARTNERSHIPS
Netscape’s James H. Clark and Marc Andreessen10-81
World Wide Web came into existence in 1993
1994—James H. Clark and Marc Andreessen founded Mosaic Communications Corporation (and Netscape browser)
Clark—PhD in computer science from University of Utah
Andreessen—Bachelors in computer science from University of Illinois in Urbana-Champaign
Made Netscape free
Competition with Microsoft
![Page 82: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/82.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
WHEN THINGS GO WRONG
Backhoe Cyberthreat10-82
Telecommunications infrastructure is vulnerable. Telephone lines, fiber-optic cables, water lines, gas pipelines
have been accidentally damaged. 675,000 incidents reported in 1 year
Underwater cables are frequently cut by accident. Cable cuts happen on average once every three days. Infrastructure information is publicly available. Most of Internet communication goes through cables buried
along major highways and railroads. Only two major routes across United States is for Internet traffic.
![Page 83: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/83.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
INDUSTRY ANALYSIS
Cybercops Track Cybercriminals10-83
Federal level Computer Crime and Intellectual Property Section Computer and telecommunications crime coordinator
Assistant U.S. attorney —every federal judicial district has at least one
State level Crime investigation unit
FBI Computer crime squads in 16 metropolitan areas National Infrastructure Protection Center
Available software Software Forensic Tool Kit Statewide Network and Agency Photos (SNAP) Automatic Fingerprint Identification System Classification System for Serial Criminal Patterns
![Page 84: Accessories for “war driving” can be easily built using ... › ~liush › BDSS › valacich_ist5_pp_10.pdf · The phisher contacts a bot herder to send out the spam e-mail that](https://reader033.vdocuments.us/reader033/viewer/2022060210/5f04ac367e708231d40f2275/html5/thumbnails/84.jpg)
IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012IS Today (Valacich & Schneider) 5/e Copyright © 2012 Pearson Education, Inc. Published as Prentice Hall8/28/2012
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic,
mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Printed in the United States of America.
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall