Answered| GRADED A+
Describe the goal of information systems security - ANSWER-1. Threat - person or organization seeks to
obtain data or other assets illegally, without owner's permission and often without owner's knowledge
2. Vulnerability - opportunity for threats to gain access to individual or organizational assets; for
example, when you buy online, you provide your credit card data, and as data is transmitted over
Internet, it is vulnerable to threats
3. Safeguard - measure individuals or organizations take to block threat from obtaining an asset; not
always effective, some threats achieve their goal in spite of safeguards
4. Target - asset desired by threat
5. Risk - The probability of a threat exploiting a vulnerability and the resulting cost.
6. Exploit- Tools or techniques that take advantage of a vulnerability.
Explain the prevalence of the computer security problem - ANSWER--No one knows the exact cost of
computer crimes
-Data loss single most expensive consequence of computer crime
-80% of respondents believe data on mobile devices poses significant risks
Sources of threats to digital security - ANSWER-Unauthorized data disclosure
-Human error: procedural mistakes
-Computer crime: pretexting, phishing, spoofing, sniffing, hacking
Incorrect data modification
-Human error: procedural mistakes, incorrect procedures, ineffective accounting
-Computer crime: hacking
Social Engineering - ANSWER-hackers use their social skills to trick people into revealing access
credentials or other valuable information
, Phishing - ANSWER-the fraudulent practice of sending emails purporting to be from reputable
companies in order to induce individuals to reveal personal information, such as passwords and credit
card numbers.
Spoofing - ANSWER-a situation in which a person or program successfully identifies as another by
falsifying data, to gain an illegitimate advantage
Sniffing - ANSWER-technique for intercepting computer communications
Hacking - ANSWER-unauthorized access, modification, or use of an electronic device or some element of
a computer system
Describe why DOS or DDOS attacks are difficult to defend against - ANSWER--sites don't know where the
attacks are coming from
-firewalls aren't designed to handle DDoS attacks
-the defense can't be mounted on the hosting provider's infrastructure
Explain how one should respond to security threats and practice safe computing - ANSWER-- Take
security seriously
- Create strong passwords
- Use multiple passwords
- Send no valuable data via email or IM
- Use https at trusted, reputable vendors
- Remove high-value assets from computers
- Clear browsing history
Describe how organizations should respond to security threats. - ANSWER-Senior management creates
company-wide policies:
- What sensitive data will be stores?
- How will data be processed?
- Will data be shared with other organizations?