Chapter 8, Problem 1RQ

Program Plan Intro

System vulnerability:

• When huge amount of data is kept in electronic form, it becomes susceptible to many threats.
• The information systems in many locations are been interconnected through communication networks.
• The unauthorized access can occur at many access points in network and is not limited to a single location.
• The data flowing over networks could be accessed; valuable information could be stolen while transmission or data could be altered without authorization.
• The denial-of-service attacks are launched by intruders to disrupt website operations.
• Internets are vulnerable than internal networks as it is open to everyone.

Explanation of Solution

 Threats against contemporary information systems:

The most common threats against contemporary information systems are as follows:

• Technical threats:
  • It includes unauthorized access and introducing errors.
• Communications:
  • It includes tapping of conversations.
  • Message alteration, radiation, fraud and theft.
  • Denial of service attacks.
• Corporate Systems:
  • Theft of data
  • Data copying
  • Data Alteration
  • Hardware failure
  • Software failure
  • Power failure
  • Natural disasters
• Poor management decisions:
  • Poor design of safeguard
  • It causes valuable data being lost or destroyed.

Explanation of Solution

Malware:

• A malware denotes a program that is harmful to a computer user.
• It includes viruses, worms, Trojan horses and spyware programs that gather information without user permission.

Difference between a virus, a worm, and a Trojan horse:

Virus	Worm	Trojan horse
A program that would replicate itself by being copied.	It denotes a virus that is self-replicating and does not alter files but resides in active memory.	A program in which malicious code is contained inside data or programming that is harmless.
It may initiate copying to another program, document or computer boot sector.	It duplicates itself without human intervention.	It is not a virus as it does not replicate, but it denotes a way for other malicious code to be introduced into system.

Explanation of Solution

Hacker:

• A hacker denotes an individual who gains unauthorized access to computer system.
• It does so by finding security protection weakness in websites and computer systems.

Security problems created by hacker:

• A hacker threatens computer system security, steals information, damages systems and commits cyber vandalism.
• They disrupt, deface or destroy a website or information system intentionally.

Explanation of Solution

Computer crime:

• A computer crime denotes any violations of criminal law that involves knowledge of computer technology for perpetration, investigation or prosecution.
• It is defined as commission of illegal acts through use of a computer or against computer system.

Examples of crime in which computers are targets:

The examples with computers as crime targets are shown below:

• Confidentiality breach for protected computerized data.
• Unauthorized access to computer systems.
• Accessing protected computers for committing fraud.
• Accessing protected computers for causing damage intentionally.
• Transmission of a program that causes damage to protected computer.

Examples of crime in which computers are used as instruments of crime:

The examples with computers as instruments of crime are shown below:

• Trade secrets theft.
• Defraud schemes.
• Using threatening mails.
• Attempt to intercept electronic communication intentionally.
• Illegal access of stored communications including voice mail and email.
• Transmission of child pornography using computer.

Explanation of Solution

Identity theft and phishing:

• Identity theft denotes a crime in which personal information pieces are obtained.
• It includes social security number, license number or credit card number to act as behalf of someone else.
• The information might be used for obtaining credit, merchandise or services in name of victim.
• It is a big problem today as internet has made easy for identity thieves to use stolen information.
• The goods could be purchased online without any personal interaction.
• The e-commerce sites become sources for personal information that criminals uses to establish a new identity.
• Phishing denotes setting up fake websites or sending fake mails that look like those from legitimate business.
• It asks users for confidential personal data.
• The user may ask recipients to confirm records by providing social security numbers, credit card information and other personal details.

Explanation of Solution

Security and system reliability problems created by the employees:

• The employees create financial threats to business. It includes destruction of e-commerce sites, diversion of credit data and personal information.
• Employees has access to privileged information and in presence of weak security procedures, they can check all personal details.
• The system compromise happens when an employee lets coworker use the system.
• Malicious intruders may trick employees into password revealing pretending to be legitimate company members.
• The faulty data could be entered by employees and can introduce errors.
• Information specialists can create software errors while designing and development of new software.

Explanation of Solution

Software defects affecting system reliability and security:

• The software could fail to perform well or gives erroneous result because of undetected bugs.
• A control system may fail to carry messages or allow internet access.
• The customers may be wrongly charged due to such failures.
• The business may order more inventory than it requires.
• The bugs or defects caused by incorrect designs denote major quality problems.
• The maintenance of old programs that is caused by changes in organization, system design flaws and software complexity denotes a problem.
• The small bugs in middle of complex programs may create serious issues in testing.