1. Provide an IT example that relates to the ethical issues for the ideas of privacy, accuracy, property, and accessibility.
Privacy: electronic surveillance, the tracking of people’s activities with the aid of computers
Accuracy: identity theft
Property: software piracy
Accessibility: hacking
2. What are the 5 general types of IT threats? Provide an example for each one
Three main:
Human error: poor password selection and use.
Natural disasters: earthquake damaging servers.
Malicious activity: hackers that log into system and destroy data
Another two:
Malicious code: a virus
Management negligence: managers fail to have a data recovery system in place
3. Describe/discuss three types of software attack and a problem that may result from them
A denial of service: the front end of the company’s internet page is flooded with a ‘ping of death’; the site is then held for ransom. The attackers keep flooding the page until some amount of money is paid.
Viruses: a type of malicious code, more recently viruses have been used to steal information, therefore a loss of information is usually the result.
Phishing: using fake sender personal details an attacker disguises themselves as representatives of a service provider and in an email asks for a person’s password and username. If successful the victim faces the problem of a criminal having access to their account.
4. Describe the four major types of security controls in relation to protecting information systems.
Physical controls: prevent unauthorized individuals from gaining access to a company’s facilities.
Access controls: restrict unauthorised individuals from using information resources.
Communications controls: secure the movement of data across networks.
Application controls: security counter measures that protect specific applications.
5. What is information system auditing?
The examination of information systems, their inputs, outputs and processing. System auditing is going through servers to ensure that who views or accesses the files is actually authorised to do so.
6. What is the difference between authentication and authorization and why are they important to e-Commerce/give an example of their relevance to e-Commerce
Authentication: is the system of knowing who the person is. Knowing a password is an authentication, having a proximity code and biometric scanners such as thumb printers all authenticate usage.
Authorisation: a process that determines which actions, rights, or privileges the person has, based on verified identity.
The difference is that authenticity is determined by the identity of a person, and authorisation relies on the status of the person.
They are both relevant to e-commerce, as they ensure that only the correct people access specific information. If an unauthorized person has access to information they shouldn’t, this can be potentially damaging to a business.
Privacy: electronic surveillance, the tracking of people’s activities with the aid of computers
Accuracy: identity theft
Property: software piracy
Accessibility: hacking
2. What are the 5 general types of IT threats? Provide an example for each one
Three main:
Human error: poor password selection and use.
Natural disasters: earthquake damaging servers.
Malicious activity: hackers that log into system and destroy data
Another two:
Malicious code: a virus
Management negligence: managers fail to have a data recovery system in place
3. Describe/discuss three types of software attack and a problem that may result from them
A denial of service: the front end of the company’s internet page is flooded with a ‘ping of death’; the site is then held for ransom. The attackers keep flooding the page until some amount of money is paid.
Viruses: a type of malicious code, more recently viruses have been used to steal information, therefore a loss of information is usually the result.
Phishing: using fake sender personal details an attacker disguises themselves as representatives of a service provider and in an email asks for a person’s password and username. If successful the victim faces the problem of a criminal having access to their account.
4. Describe the four major types of security controls in relation to protecting information systems.
Physical controls: prevent unauthorized individuals from gaining access to a company’s facilities.
Access controls: restrict unauthorised individuals from using information resources.
Communications controls: secure the movement of data across networks.
Application controls: security counter measures that protect specific applications.
5. What is information system auditing?
The examination of information systems, their inputs, outputs and processing. System auditing is going through servers to ensure that who views or accesses the files is actually authorised to do so.
6. What is the difference between authentication and authorization and why are they important to e-Commerce/give an example of their relevance to e-Commerce
Authentication: is the system of knowing who the person is. Knowing a password is an authentication, having a proximity code and biometric scanners such as thumb printers all authenticate usage.
Authorisation: a process that determines which actions, rights, or privileges the person has, based on verified identity.
The difference is that authenticity is determined by the identity of a person, and authorisation relies on the status of the person.
They are both relevant to e-commerce, as they ensure that only the correct people access specific information. If an unauthorized person has access to information they shouldn’t, this can be potentially damaging to a business.
Photo: Compliments of Prima Technologies, accessed at: http://www.primatechnologies.com.au/1178343/upload/f/image/computersecurity_joke.jpg
No comments:
Post a Comment