Download presentation
Presentation is loading. Please wait.
Published byHomer Austin Modified over 9 years ago
1
Tutorial Chapter 5
2
2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
3
3 Answer: Adware: collects info about users to determine what adverts to display in browser Phishing: sending fraudulent e-mails to direct recipients to false web-sites to capture private info keystroke loggers: monitor and record keystrokes to collect credit card numbers while doing online shopping Sniffing: capturing and recording network traffic to intercept information Spoofing: attempt to gain access to a network by posing as an authorized user to find sensitive information.
4
4 Question 2: What are the three dimensions of the CIA triangle used to design a security system?
5
5 Answer: C- Confidentiality, I- integrity, and A- availability
6
6 Question 3: Give two examples of intentional threats to network security.
7
Answer: Hacker attacks and Attacks by disgruntled employees— spreading a virus or a worm on the company network. 7
8
Question 4: 1. Give four examples of biometric security. 2. Which one is the most effective? 8
9
Answer: Facial recognition, fingerprints, hand geometry, and Iris analysis. Iris analysis is probably most effective. 9
10
Question 5: What two types of encryption were introduced in this chapter? 10
11
Answer: Asymmetric (also called public key encryption) and symmetric. 11
12
Question 6: What is business continuity planning? Why is it used? 12
13
Answer: Outline procedures for keeping an organization operational in the event of a natural disaster or network attack. To lessen the effects of a natural disaster or a network attack or intrusion. 13
14
Question 7: 14 Assume you have been asked to put together a security policy for your local bank: Outline your top five recommendations to the bank. What are some of the risks to online banking? How can the security and privacy of online banking be improved?
15
Answer 1: Developing clear, detailed security policy and procedures Providing security training and security awareness for key decision makers and computer users Periodically assessing the security policy’s effectiveness Developing an audit procedure for system access and use 15
16
Cont: Overseeing enforcement of the security policy AND: designing an audit trail procedure for incoming and outgoing data. 16
17
Answer 2: Confidentiality: information can be accessed by other than sender or recipient Authentication: how can the recipient be sure that the data is actually from the sender Integrity: How can the recipient know that the contents have not be changed during transmission Nonrepudiation: the sender can denied sending the data The receiver can denied having received the data 17
18
Answer 3: Authentication: Is important because the person logging in isn’t necessarily the account holder What the receiver knows to be accurate, and what the sender is providing: mother’s maiden name, ID, DOB Confirmation: Verifying transaction, usually a digital signed confirmation with a private key 18
19
Cont: Non-repudiation Dispute over the transaction. Digital signatures are used to bind the two partners. The customer receives a proof of deposit/ withdrawal, and bank is assured of client’s identity. 19
20
True/False? A firewall is a combination of hardware and software that acts as a filter or barrier between a private network and external computers or networks, including the Internet. A Trojan program consists of self-propagating program code that is triggered by a specified time or event 20
21
Selection: 14. 15. 21
22
Case Study 1: what is it about? Destroyed files and stole passwords Around the world in 2 hours; 3 times faster than Melissa virus NASA and CIA Damages Tracing Cybercrime 22
23
Questions: Calculation of costs? Laws for prosecuting hackers? How can organizations guard against virusses? 23
24
Homework: Case Study 2 24
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.