IT Systems Securing Information Systems

What are the key measures for securing information systems?

Security prevents unauthorized access/damage, and controls protect assets and ensure accuracy.

What are the major vulnerabilities in information systems?

Network Accessibility (open networks).2. Hardware/Software Issues (breakdowns, errors).3. Disasters/Device Theft (unexpected data loss).

Name two major areas of security challenges and examples for each.

• Internet Vulnerabilities: Open networks, unencrypted data, malicious emails.

• Wireless Security: Rogue access points, war driving, unauthorized access, radio frequency bands easy to scan

What are examples of malicious software (malware)?

Viruses, worms, Trojans, spyware, ransomware, SQL injection, and keyloggers.

what are viruses and worms

• Malicious programs that attach to legitimate files or programs and spread when those are executed.

• Standalone malware that replicates itself to spread across networks, often exploiting security vulnerabilities, without needing a host file or user action.

How do worms and viruses spread?

Through downloads, email attachments, and social networks.

Differentiate hackers and crackers.

• Hackers: Skilled individuals who explore and improve systems.

• Crackers: Break into systems and bypass security for malicious purposes.

both can intrude on systems and damage them

Name common computer crimes

Identity theft, phishing, cyberterrorism, DoS attacks.

What are examples of Software vulnerability

bugs, flawa, zero day vulnerabilities, and patches

Why are employees a significant security risk?

They may have insider knowledge, fall victim to social engineering, or lack security training.

What is the impact of a security breach on a business?

Loss of business functions, legal liability, and decreased market value.

What are key regulations for securing information systems?

• HIPAA: Medical data security.

• Gramm-Leach-Bliley Act: Customer financial data.

• Sarbanes-Oxley Act: Financial accuracy.

Define electronic evidence and computer forensics

• Digital data for legal cases usually white collar crimes, saves money

• Analyzing data for legal purposes, recovering for ambient data

Differentiate between general and application controls.

• General Controls: Hardware, software, data security, govern design

• Input, processing, and output controls for applications.

What is the purpose of risk assessment?

To evaluate risks if certain activities aren't controlled.

What are examples of security policies?

• Ranks risks and sets goals.

• AUP: Defines appropriate resource use.

• Identity Management: Controls user access.

What is the difference between disaster recovery and business continuity?

• Disaster Recovery: Restores disrupted services.

• Business Continuity: Ensures operations continue after a disaster.

What is the purpose of security audits?

To test disaster response and identify control weaknesses.

Name key tools for securing information systems.

Identity management software, firewalls, intrusion detection, antivirus, UTM (unified threat mamagement).

Compare WEP and WPA2.

• WEP: Basic encryption, vulnerable to attacks.

• WPA2: Stronger, dynamic encryption, replaces WEP.

What are the types of encryption?

• Symmetric Key: Shared key for encryption and decryption

• Public Key: Key pair for secure exchanges.

What ensures 100% system availability?

Fault-tolerant systems with redundant components, online reansaction processing

What are key security measures for the cloud and mobile platforms?

Data protection, legal compliance, device management, and encryption.

How is software quality maintained?

Through metrics, early testing, and debugging.