Back To CourseBusiness 104: Information Systems and Computer Applications
11 chapters | 100 lessons
Jill has taught college-level business and IT. She has a Doctorate in Business Administration and an M.S. in Information Technology & Leadership.
As with any business asset, information systems hardware, software, networks, and data resources need to be protected and secured to ensure quality, performance, and beneficial use. Security management is the accuracy, integrity, and safety of information resources. When effective security measures are in place, they can reduce errors, fraud, and losses.
There are intentional and unintentional threats. Unintentional threats are considered to be human error, environmental hazards, and computer failures. Most people don't purposely cause harm. Intentional threats refer to purposeful actions resulting in the theft or damage of computer resources, equipment, and data. Intentional threats include viruses, denial of service attacks, theft of data, sabotage, and destruction of computer resources. Most intentional threats are viewed as computer crimes when executed.
To protect computer networks and resources, there are a number of security measures individuals and organizations can take to protect their assets, such as encryption, firewalls, anti-virus, anti-spyware, passwords, back-ups, and biometric security.
Bill has a great deal of knowledge concerning computers and computer networks. He works for a large technology company and has become disillusioned with the organization. He dislikes what they stand for and the way they conduct business. He's tired of his job, and he can't stand his boss. Before Bill quits his job, he decides to cause a bit of mayhem with the computer network. He has all the skills needed to easily hack into his organization's computer network and do all the damage he wants.
Bill would be considered a cracker. A cracker is a term used to describe someone who intentionally breaches security to break into someone else's computer or network for a malicious purpose. Many people mistakenly use the term hacker to describe someone who breaks into computer systems for their own agenda, usually to cause harm. Popular media has fueled this misconception. A hacker is actually a term used to describe a computer programmer with advanced knowledge of computers and computer networks. A hacker finds weaknesses in a computer or a network so that they can be corrected.
The Internet increases the vulnerability of information systems and networks so that they can be used to facilitate attacks by criminals and crackers. Bill starts his assault with a denial of service (DoS) attack. A DoS attack floods a network with traffic, rendering the network useless to its intended users. The attack will either force the target network to reset or consume its resources so that it is unable to provide its intended service. Bill plans his attack for a busy Monday morning to make the impact harsher. Recently, major banks, such as Bank of America, Wells Fargo, and PNC, have experienced cyber-attacks. Crackers used a denial of service attack method. While private information was not stolen, the attacks still posed a security threat and inconvenience for customers and the organization.
Next, Bill uses computer viruses to unsuspectingly attack the computer systems and cause harm. A virus is a program that infects a computer without the user's knowledge. It can replicate itself and easily spread from one computer to another. Bill develops a computer virus that will erase files and lock up company computers. He spreads it through a mass company email. The virus will attach itself to other computer programs, causing them to become viruses themselves. For instance, it could attach itself to a spreadsheet file. Anytime that spreadsheet is opened, the virus has the opportunity to replicate and spread. Email is a prime medium for spreading viruses. Emails with attachments can contain unwelcomed viruses that, when opened, will infect the user's computer.
Bill knows his previous attacks have caused some damage for the organization. He wants to do even more damage to the company. He hacks into the accounting files and bank account information and changes some of the data. Data tampering refers to entering false, fabricated, or fraudulent data into the computer or changing or deleting existing data. This type of threat is orchestrated by insiders. It can cost organizations a great deal of money.
One of the fastest-growing crimes has been identity theft. Identity theft is the stealing of another person's social security number, credit card number, or other personal information for the purpose of borrowing money, making purchases, and running up debts. Since many private organizations and governments keep information about individuals in accessible databases, there is endless opportunity for thieves to retrieve it and misuse the information. Since Bill dislikes his boss so much, he obtains his corporate credit card information through the network and fraudulently uses the credit card to make extravagant purchases.
Because of the large number of threats, a great deal of defensive strategies and tools have been developed. Bill may have to contend with some of these as he attacks his organization's computer network, but as an insider, he will likely have the knowledge needed to bypass them. This is why insiders can be so dangerous to computer security.
Bill's boss, John, takes security seriously. He relies upon encryption for any data he sends to others. Encryption is a method for securing data by using special mathematical algorithms to convert the data into scrambled code before transmission. The data is decoded when an authorized user accesses it. There are a number of software encryption standards, but the two main ones are RSA by RSA Data Security and PGP, or Pretty Good Privacy, available on the Internet.
John's organization uses firewalls to help prevent outside attacks. Bill was easily able to bypass this security measure as an insider because firewalls are designed for external threats. A firewall is hardware or software designed to keep threats and unintended visitors from accessing a private network. A firewall is like a security officer standing guard at a gate. The security officer can either allow or deny access. Firewalls are used to not only secure and limit access to internal data but also to authenticate users. A hardware firewall will inspect incoming traffic from the Internet or network and allow it to pass or block it based on predefined rules. A software firewall will prevent crackers and malicious software from gaining access to the network and compromising information. However, it is not an effective defense against insiders attacking their own network.
Virus and spyware defenses are an important part of maintaining a healthy computer network. Anti-virus software is a program that prevents, detects, and removes computer viruses, adware, spyware, Trojan Horses, and worms. Anti-viruses could catch Bill's virus assault via the email system. Spyware is a small computer program stored on the user's hard drive that collects the user's habits and transmits that information to a third party all without the user's consent. Spyware is not a virus but can still be harmful because it uses computer memory and resources the can cause crashes or instability with your computer system. Anti-spyware is a program specifically designed to detect and remove spyware from a computer system. It works similarly to an anti-virus and is even included as part of most anti-virus software.
John is able to access his office, computer systems, and highly sensitive files using biometric security. Biometric security are methods of identity verification for computer devices that measure unique physical traits. This includes voice verification, finger imaging, hand geometry, face recognition, keystroke dynamics, and retina scanning. Bill would have a difficult time bypassing these security measures without forcing John to participate.
How many user IDs and passwords do you have? User identification and passwords are often used for security management. An end user can gain access to sensitive information using a user ID and password. This helps secure the information and prevent unintended users from gaining access. Passwords should be changed frequently and be comprised of an unusual combination of letters, numbers, and characters so that they are not easily guessed. Bill was able to gain access to the accountant's files without much effort. He knew the standard user ID format the company utilized and the accountant was so predictable that it didn't take Bill long to crack the password.
System security monitors are specialized software packages that monitor the use of computer systems and networks and protect them from unauthorized use, fraud, and destruction. Security monitors control the use of hardware, software, and data resources. This software can collect statistics on attempts at improper use and produce reports that can assist in strengthening data security. Information security experts will likely receive a report on the activities and will realize that Bill has been up to no good.
What if your house burnt down or was flooded? What data could you potentially lose on your computer? Imagine how detrimental an unforeseen event could be to a business. Disaster recovery is a plan to protect and recover data lost due to uncontrollable circumstances. The purpose for having a plan is to keep the business up and running after a disaster. Data should be backed up at regular intervals to prevent data loss. An extra copy of the data can be stored in another location or offsite and accessed in the event of a disaster or system failure. This also applies to individuals. If you were to lose your personal data and files, having a back-up in another location could be a lifesaver.
Threats to security are a constant concern for individuals and businesses. Security management is the accuracy, integrity, and safety of information resources. When effective security measures are in place, they can reduce errors, fraud, and losses.
There are intentional and unintentional threats. Unintentional threats are considered to be human error, environmental hazards, and computer failures. Most people don't purposely cause harm. Intentional threats refer to the purposeful actions resulting in theft or damage of computer resources, equipment, and data. Intentional threats include viruses, denial of service attacks, theft of data, sabotage, and destruction of computer resources.
There are a number of defensive strategies and tools that have been developed to assist in preventing threats. These include encryption, firewalls, anti-virus software, biometric security, user identification and passwords, security monitors, and disaster recovery.
To unlock this lesson you must be a Study.com Member.
Create your account
Did you know… We have over 100 college courses that prepare you to earn credit by exam that is accepted by over 2,900 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.
To learn more, visit our Earning Credit Page
Not sure what college you want to attend yet? Study.com has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.
Back To CourseBusiness 104: Information Systems and Computer Applications
11 chapters | 100 lessons