Using Your Knowledge – Security Threats Chapter 12 page 491 Q2 MGS 3040-03 Group B Omotayo Adeniyi, Micale Baptiste, Robert Kuhl Claudia Murcia, Deborah Stroud

Consider the 15 categories of threat in Figure 12-1 below Source Human Error Malicious Activity Natural Disasters Unauthorized data disclosure Procedural mistakes Pretexting Phishing Spoofing Sniffing Computer crime Disclosure during recovery Problem Incorrect data modification Procedural mistakes Incorrect procedures Ineffective accounting controls System errors Hacking Incorrect data recovery Faulty service Procedural mistakes Development and installation errors Usurpation Service improperly restored Denial of Service Accidents DOS attacks Service interruption Loss of infrastructure Theft Terrorist activity Property loss

Using Your Knowledge Describe the three most serious threats to each of the following businesses: Local Workout Studio Neighborhood accounting firm Dentist’s office Honda dealership

The three most serious threats to a local workout studio are:   Unauthorized data disclosure  Human Error - when someone inadvertently releases data in violation of policy Computer crime - breaking into networks to steal data such as customer information, or employee's personal information   Human Error - It can happen by just clicking send.  Maybe you are sending an updated member list to your corporate office from your laptop thinking it was secure.  But your company does not have establised security guidelines  when working out of the office.  The list can be accessed by others and potentially create a security threat.   Computer Crime - is more common.  Most of the press reports are about outside attacks on computer systems.  It is estimated that 75% of computer crime is perpetrated by insiders, such as stealing security codes and credit card numbers.  Also customer's  personal information for malicious intent such as identity theft.  Companies also store personal information about employees.  Not just info in your employment application.  For a small fee employers can find out about your credit  card standing, telephone usage, insurance coverage.  They may also ask you to take a drug and psycological tests; the results of which are the property of the company can be accessed for malicious purposes.

The three most serious threats to a local workout studio con't   Incorrect data modification System errors - caused by employees when procedures are followed incorrectly or procedures have been designed incorrectly Faulty service - service impropertly restored System Errors - may cause the company delays in receiving payments.   Faulty Service - when the system fails and recovery plans are not propertly in place; it can cause the company loss in revenue and permanently loose valuable information.

Using Your Knowledge The three most serious threats in a neighborhood accounting firm are: Hacker- A person or thing that hacks. Also it’s when a person doesn’t have the authority or official power to have the access to a computer system. Viruses- A segment of self- replicating code planted illegally in a computer program, often to damage or shut down a system or network. Inside threats Losing client records Theft of client records Unauthorized discussions with third parties about client information

Using Your Knowledge What to do about threats: One of the most important aspects in dealing with internal threats is through control. You want to control access to only those who should have access. Document control can take several forms: Using passwords to gain access to network resources as well as within a document in order to maintain security Using document management software to control access to documents Using the file security system built into the server operating system to secure documents in folders with access for those users who require access

Using Your Knowledge Dentist’s office - The three most serious threats   Procedural mistakes Human error Improper internal control of systems that process financial data Computer crime  Hacking - attempts to steal customer data Denial of service attacks Inadvertent shutdown of Web server by starting a computationally intensive application Malicious hacker can flood a Web server with artificial traffic so legitimate traffic can't get through    Human error example:   Employee accidentally deletes customer records or mistakenly overwrites the current database with an older one during backup process or Someone inadvertently releases data in violation of policy - health/dental record details - violation of privacy rights - HIPAA (Health Insurance Portability and Accountability Act) Improper Internal control: Lack of separating duties and authority - checks and balances

Using Your Knowledge Honda dealership -The three most serious threats       Unauthorized data disclosure        Human Error             occuring by human error when someone             inadvertently releases data in violation of             policy.     Loss of infrastructure         Accidents             human accidents can cause loss of                        infrastructure

Using Your Knowledge Honda dealership-The three most serious threats   Honda dealership-The three most serious threats     Incorrect data Modification          Malicious Activity                 Hacking-Although some people hack                 for the sheer joy of doing it, others                 hack for  the malicious purpose of                 stealing or modifying data.                           

Using Your Knowledge - Security Threats Chapter 12 Group B The End!! Thank you for your time!