Comsci final

Risk Management

the process of placing safeguards in place to reduce the vulnerability to a risk.

IS Risk Assessment

Risk Assessment is the process of evaluating the potential vulnerability of IS systems. The same can be said for any technology-based system. In fact, we often use risk assessment for processes and projects

Pretexting

deceiving by pretending to be someone else

Phishing

obtaining unauthorized access to data via email

Spoofing

someone pretending to be someone else

Sniffing

intercepting computer communications

Usurping

invading a computer system and replacing legitimate programs with their own unauthorized programs that disrupt services unauthorized programs

Malware

Viruses, Worms, Trojan Horse, Spyware and Adware

Virus

s a computer program that replicates itself ultimately consuming the computer's resources

Worms

are viruses that propagate themselves using the Internet or other computer networks

Spyware/Adware

invade your computer and capture keystroke information. Spyware does so for malicious reasons and Adware just does so to report activity to allow for targeted ads.

Beacons

are tiny files that gather demographic information about you. Your info can then be sold several times a day and constitute a profile of your likes and habits. Lotame Solutions specializes in Beacons.

Bot

is a new term for the family of Viruses, Worms, Trojan Horse, Spyware and Adware

Bot Herder

refers to the individual or organization that controls the Bots. North Korean Army is responsible for most bots in the US since 2009. The Chinese Army is another primary source of Bots Army

Honeypots

are false targets for criminals to attack

Electronic counter measures to reduce vulnerabilities to cyber attacks

Firewalls Encryption Additional passwords Antispyware/anti-adware software backups/ RAID, off-site backup storage

Internet

A worldwide collection of networks that links millions of businesses, government agencies, educational institutions, and individuals

ARPANET's two main goals

Allow scientists at different physical locations to share information and work together

Function even if part of the network were disabled or destroyed by a disaster

Two ways to connect to the internet:

Wired connections, a computer or device physically attaches via a cable or wire to a communications device

Computers without a communications device can use a wireless modem hooked to USB port using a cellular connection

Three ways we make up a wired connection

Cabe Internet service

DSL (digital subscriber line)

Fiber to the Premises (FTTP)

Four ways to make up a wireless connection

Wi-Fi (wireless fidelity)

Mobile Broadband

Fixed Wireless

Satellite Internet Service

Cybercafé

A location that provides computers with Internet access, usually for a fee.

Hotspot

A wireless network that provides Internet connections to mobile computers and devices

Internet service provider (ISP)

is a business that provides individuals and organizations access to the Internet free or for a fee

Bandwidth

Represent the amount of data that travels over a network. A cable connection usually has a higher bandwidth than a wired bandwidth. AT&T provides a wired connection and Charter or Spectrum or Comcast provide a cable connection.

IP address

A sequence of numbers that uniquely identifies each computer or device connected to the Internet

Domain Name

A text-based name that corresponds to the IP address

DNS Server

Translates the domain name into its associated IP address

Popular TLDs

.com

.edu

.gov

.mil

.net

.org

.com

commercial organizations, businesses, and companies

.edu

educational institutions

.mil

military organizations

.net

network providers or commercial companies

.org

nonprofit organizations

The World Wide Web

The collection of Web sites and the Internet is the wire and routers that connects us to the WWW

Website

A collection of related webpages and associated items

Web server

A computer that delivers requested webpages to your computer

Web 2.0

Refers to websites that provide a means for users to share personal information, allow users to modify website content, and provide applications through a browser

Browser

An application that enables users with an Internet connect to access and view webpages on a computer or mobile device

Home page

The first page that a website displays

http://

Hypertext Transfer Protocol

www.

host name

nps.gov

domain name example

/history

path

/places.htm

webpage name

Search engine

A software that finds websites, webpages, images, videos, news, maps, and other information related to a specific topic

Subject directory

Classifies webpages in an organized set of categories, such as sports or shopping, and related subcategories

a graphic

A digital representation of data and information, designed to communicate quickly, simplify complex concepts, or present patterns or trends

Email

The transmission of messages and files via a computer network

Email program

Allows you to create, send, receive, forward, store, print, and delete email messages

Email List

A group of email addresses used for mass distribution of a message

Instant messaging

Real-time Internet communications service

Discussion Forum

An online area in which users have written discussions about a particular subject

VoIP

voice over internet protocol

FTP (File Transfer Protocol)

An Internet standard that permits file uploading and downloading to an from other computers on the Internet. Many operating system include FTP capabilities. An FT server is a computer that allows users to upload and/or download files using FTP.

Netiquette

the code of acceptable internet behavior

Three Functions of ISP

Provides you with an internet address, serves as a gateway to the internet, pays for your access service

Three ways you connect to the internet

Digital subscriber line (DSL), Cable Modem, and Wi-Fi

5 levels of protocol from the client to the internet

Computer to wireless or Ethernet switch, switch to modem, modem to ISP internet protocol, over the internet transmission control protocol, internet application level protocol HTTP (HyperText Transport Protocol) or SMTP (Simple Mail Transfer Protocol) or FTP (File Transfer Protocol)

IP address

Identifies a particular device on the internet. IP addresses can be on the public internet or private intranet

Uniform Resources Locator (URL)

An address on the internet, consists of the protocol (HTTP://) followed by the domain name (Google.com)

VPN

Virtual private network creats the appearance of a private point to point connection

LAN

Local area network is a network consisting of a series of clients connected through a router wifi/ router to a server in clsoe proximity to the clients

WAN

Wide area networks, designed to support networking separated over miles apart. The internet is the connectors and routers and servers that connect you the World Wide Web

Conducting a Risk Assessment

Identify all known risks Identify impact Assessment likelihood of risk Determine mitigation plan

Vulnerabilities that put IS systems at risk

Electronic intrusions (Hacking, Viruses, Adware, Trojans)

Electronic theft of data (stolen passwords, unprotected system access)

Human Error (software vulnerabilities)

Employee theft (Fraud, embezzlement)

Hardware failures (failure to backup and protect data, system server loss)

Computer Crime (Pretexting, Phishing, Spoofing, Sniffing)

Programming Errors (faulty code that generates accounting errors)

Database Applications

Forms, Reports, Queries, Application programs database Management System (DBMS)Database

DBMS

• a program used to create, process, and administer a database.

• a licensed product.

• different from a database (a database is a collection of tables, relationships and the metadata (description of the data elements))

Examples of DBMS

DB2, IBM, Access, Microsoft, SQL Server, Oracle, MySQL, Open Source

Functions of DBMS

• Create tables, relationships and other structures (see metadata contents)

• Process the database (read, insert, modify or delete data)

• Uses SQL to perform these operations

• Administration of database

• Security

• Permission

• Backup/ Recovery

Functions Performed by the Application Programs

• Process the database

• Forms can be used for data entry

• Reports are produced from contents

• Queries are used to access