Q1: What are the threats to information security?
A security threat is a challenge to the integrity of information systems that arises from one of three sources: human error and mistakes, malicious human activity, and natural events and disasters. These can cause five types of security problems: unauthorized data disclosure, incorrect data modification, faulty service, denial of service, and loss of infrastructure.
Human Error | Malicious Activity | Natural Disasters | |
Unauthorized data disclosure | Procedural mistakes | Pretexting, phishing, spoofing, sniffing | Disclosure during recovery |
Incorrect data modification | Procedural mistakes, incorrect procedures, ineffective acct control, system errors | Hacking, computer crime | Incorrect data recovery |
Faulty service | Procedural mistakes, development and installation errors | Computer crime, usurpation | Service improperly restored |
Denial of service | Accidents | DOS attacks | Service interruption |
Loss of infrastructure | Accidents | Theft, terrorist activity | Property loss |
Q2: What is senior management’s security role?
Senior managements security role is to set the security policy, balance the costs of a security system against the risk of security threats. A security policy has three elements: the first is a general statement of the organization’s security program. It becomes the foundation for more specific security measures throughout the organization. The second element is the issue-specific policy. Third is the system-specify policy, which concerns specific information systems. Risk is the likelihood of an adverse occurrence. Management can limit the security consequences of an attack by creating a backup processing facility at a remote location.
Q3: What technical safeguards are available?
Technical safeguards involve the hardware and software components of an information system. The primary technical safeguards are: identification and authentication, encryption, firewalls, malware protection, and design for secure application. Identification and authentication involve passwords, smart cards, biometric authentication, and single sign-on for multiple systems. Encryption types include symmetric, asymmetric, SSL/TLS, digital signatures, and digital certificates. A firewall is a computing device that prevents unauthorized network access. A firewall can be a special-purpose computer or it can be a program on a general-purpose computer or on a router. Malware his viruses, worms, Trojan horses, spyware, and adware.
Q4: What data safeguards are available?
Data safeguards are measures used to protect databases and other organizational data. The organization should specify user data rights and responsibilities and those rights should be enforced by user accounts that are authenticated at least by passwords. A key escrow is when a copy is kept of the encryption key.
Q5: What human safeguards are available?
There are safeguards for employees where positions are well-defined; there are hiring procedures, dissemination and enforcement, and friendly termination. Safeguards for nonemployee personnel are hardening a site, to take extraordinary measures to reduce a system’s vulnerability.
Q6: How should organizations respond to security incidents?
Computer facilities should be in locations that are not prone to natural disasters. Also, the organization should create backups for the critical resources at the remote processing center. A hot site is an expensive utility company that can take over another company’s processing with no forewarning. Cold sites provide computers and office space. Incident response that includes: Have plan in place, centralized reporting, specific responses, and practice.
Q7: What is the extent of computer crime?
It is not known to the full extent just how much computer crime there really is. Of reported events, the highest average incident cost is $463,100 and losses due to bots averages $345,600.
Q8: 2020?
Computer criminals find vulnerability and exploit it. Computer security forces discover that vulnerability and create safeguards to thwart it. And it goes on and one. The next challenge is how to protect smart phones and other mobile devices from computer criminals. The number of computer security jobs is projected to increase by 27% by 2016.
Kroenke, David. "Chapter 12: Information Security Management." Using MIS. Upper Saddle River, NJ: Prentice Hall, 2011. 442-471. Print