Concept explainers
Explanation of Solution
System security is to prevent information from unauthorized access. The goals of information systems are to prevent from information violations, identification of the attacks, and response for developing strategies.
Threat:
A threat is a thing that can cause damage to the organization, IT systems or other networks.
Vulnerability:
It is a path for threats to attack a system. It is a way to increase the availability of accessing individual or organizational assets.
Safeguard:
It is a measurement by an individual or organization to protect occurrence of threats. “Encryption” is a method which acts as a safeguard that encrypt the information of the company so that others can’t access the data.
Target:
Target is the output of threats which can be in the form of assets, bank accounts and statements.
Example:
If the user wants to transact amount through online, he/she must provide the bank details like account number and password over the web to access an account.
Threat in above example: The details of an account may be accessed by any intruder without user’s knowledge which leads to loss of information is one of the threats.
Vulnerability in above example: The same example that was mentioned on “threat”, the vulnerable point is the internet point used to access the user information.
Safeguard in above example: Safeguard is a protection shield that hides the user data from illegal access from threats.
Target in above example: The target of the above example is login the bank account by the intruder without user’s permission.
Types of threats:
There are three types of threats in system security. They are as follows:
- Human error
- Computer crime
- Natural disasters
Human error:
Human error is an error which is caused by a single person like employees or customers. For example, if an employee can accidentally removes or edits customer details.
Computer crime:
It is an illegal access by the hacker via internet or web. This crime can install viruses on computers to corrupt systems and hack information.
Natural disasters:
This threat caused due to natural disasters like accidents, floods or earthquakes. It may cause loss of capability and services.
Types of security losses:
There are five types of security losses in system security are as follows:
- Unauthorized data disclosure
- Incorrect data modification
- Faulty service
- Denial of service(DOS)
- Loss of infrastructure
Unauthorized data disclosure: The data disclosure is nothing but data was accessed by unauthorized people may result in loss of information. It might occur accidentally or intentionally.
Incorrect data modification: If the data has been modified incorrectly then the data loss occurred in any organization is termed as incorrect data modification...
Want to see the full answer?
Check out a sample textbook solutionChapter 10 Solutions
Using MIS (10th Edition)
- Where does an organization's information security begin and finish, in your opinion? To put it another way, when does a company's security policy and measures go into action, and when do they stop? Do you think any of these restrictions will be lifted in the future? Explain how and why if this is the case. What would be the cause if not?arrow_forwardC. List the components of PKI, then describe each component and its function. What are certification and accreditation when applied to information systems security management? List and describe at least two certification or accreditation processes. You've been hired by an investment company with 500 employees to serve as their Information Systems Security Manager. Your first task from the Chief Information Officer is to write a series of policies and procedures as the company has nothing in place. Where is a good place to start your research? List at least 3 policies and procedures that you would work on first and explain why these three should be considered early. Recommend a password policy. If the C.I.A. triangle is incomplete, why is it so commonly used in security? Explain what value an automated asset inventory system has for the risk identification process?arrow_forwardExactly where do you think the responsibility for a company's information security ends and where does it begin, according to you? When does a company have complete say over the activation and deactivation of its various layers of security protection? Let me know if you think any of these outlines need to be adjusted upwards.arrow_forward
- You have suggested the use of the National Training Standard for Information Security Professional (NTSIS) / CNSS security model, also known as the McCumbers cube. - Using a University as an example, discuss the three dimensions of the said CNSS Security model, giving a brief explanation of each of the 27 cells in the modelarrow_forwardAssume you'll need a security model to safeguard the information in your class. Examine each cell using the CNSS model and give a brief remark on how you would manage the cell's three components.arrow_forwardThere's a fine line between white-hat and gray-hat hackers and between gray-hats and black-hats. For instance, some experts consider gray-hat hackers an essential part of securing the Internet because they often expose vulnerabilities before they're discovered by the security community. Research the "definitions" of each of these types of hackers and answer the following questions. 1. What is hacking? 2. At what point does hacking become illegal? 3. Give a specific, real-world example of when good was done by any form of hacking? 4. Give a specific, real-world example of when harm was done by any form of hacking? 5. Provide three (3) ways to protect yourself and your computing devices from hackers. Number your answers.arrow_forward
- Select one HIM function (e.g., coding, release of information, chart completion, transcription, filing/chart retrieval, document imaging, etc.). For this function, identify and describe one risk associated with this function. Elaborate on how each risk management principle could be applied to your identified risk: Risk assessment Risk mitigation Risk transference Risk avoidance Risk acceptance Describe your chosen risk in a sentence or two. Then provide one substantial and descriptive paragraph for each principle.arrow_forward1. You've just been hired as a Chief Information Security Officer for a small startup. They've written four applications and just got funding to go live. Before they do so, they realized they've never had a cybersecurity professional, so they've hired you. While there are hundreds of things to do, you are asked to come up with a list of your top TEN (10) items, in a bulleted list, to focus on in the first day or two. These can be questions to ask or actions to take, and aren't meant to be the full solution, but the initial things you'll do to get control of the situation. Provide a NUMBERED LIST of TEN (10) items that is your initial list of priority areas to focus on and potential actions to take. Do not use more than one line per item. Many aswers are correct, so credit is given for coming up with ten good and comprehensive focus areas based on what we've covered in class, in the labs, and in our readings.arrow_forwardExplain the importance of reviewing historical documentation, including past risk assessments, business impact analyses, security policies and procedures, and incident reports, as a foundation for risk mitigation planning. How can analyzing past vulnerabilities and threats inform the identification of similar risks in the present? Discuss the trade-off between focusing on specific risks and vulnerabilities for individual systems and functions (narrow focus) versus taking a broader organizational perspective (broad focus) when planning risk mitigation strategies. Highlight the benefits and limitations of each approach.arrow_forward
- Can you explain the differences between the top-down and bottom-up methods of information security?Can you explain why the top-down strategy is preferable than the bottom-up one?Put each concept through its paces, explaining in detail how it works within the larger framework of the company.arrow_forwardA computer-based system has three separate but valuable components: hardware, software, and data. Each of these assets offers value to different members of the community affected by the system. In security perspective we find ways to reduce or eliminate the vulnerabilities and threat towards these components. In your own word, define computer security and briefly describe what is vulnerability and threats in computer security. There are two techniques to disguise information. Explain the two techniques and give example. There are several methods of defence that can be applied to design a secure computer system infrastructure. If you are given a task to design one secure computer system infrastructure, what are the TWO (2) methods of defence that you must provide for securing the computer system infrastructure? Briefly describe each of the defence methods.arrow_forwardAssume that you will need a security model in order to maintain the confidentiality of the information pertaining to your class. Examine each of the cells with the use of the CNSS model, and then provide a brief remark on how you would approach the management of the three components that are found in that cell.arrow_forward
- Database System ConceptsComputer ScienceISBN:9780078022159Author:Abraham Silberschatz Professor, Henry F. Korth, S. SudarshanPublisher:McGraw-Hill EducationStarting Out with Python (4th Edition)Computer ScienceISBN:9780134444321Author:Tony GaddisPublisher:PEARSONDigital Fundamentals (11th Edition)Computer ScienceISBN:9780132737968Author:Thomas L. FloydPublisher:PEARSON
- C How to Program (8th Edition)Computer ScienceISBN:9780133976892Author:Paul J. Deitel, Harvey DeitelPublisher:PEARSONDatabase Systems: Design, Implementation, & Manag...Computer ScienceISBN:9781337627900Author:Carlos Coronel, Steven MorrisPublisher:Cengage LearningProgrammable Logic ControllersComputer ScienceISBN:9780073373843Author:Frank D. PetruzellaPublisher:McGraw-Hill Education