SPIM: Understanding Unwanted Instant Messages - Ethics, Security, and Privacy - Prof. Fais, Study notes of Information Technology

Download SPIM: Understanding Unwanted Instant Messages - Ethics, Security, and Privacy - Prof. Fais and more Study notes Information Technology in PDF only on Docsity! Information Security – 1 Laying the groundwork for discussion 1 SPIM: Ethics, security, & privacy all in one • What is SPIM? • How is it different from SPAM? • Who is most likely to receive SPIM? • How can you defend against it? • What are the costs of SPIM? 2 General and Application Controls for Protecting Information Systems Type of Control General Controls Description of Purpose Physical controls Access controls Data security controls Administrative controls Communications (network) controls Border security Firewalls Virus controls Intrusion detection Virtual private networking Authentication Authorization Application Controls Input controls Processing controls Output controls Physical protection of computer facilities and resources. Restriction of unauthorized user access to computer resources; concerned with user identification. Protecting data from accidental or intentional disclosure to unauthorized persons, or from unauthorized modification or destruction. Issuing and monitoring security guidelines. Major objective is access control. System that enforces access-control policy between two networks. Antivirus software (see www.trendmicra.cam, www.cert.org, www.pgp.com, www.symantec.com, www.rsasecurity.com, www.mcatee.com, and www.iss.net). Major objective is to detect unauthorized access to network. Uses the Internet to carry information within a company and among business partners but with increased security by use of encryption, authentication, and access control. Major objective is proof of identity. Permission issued to individuals and groups to do certain activities with information resources, based on verified identity. Prevent data alteration or loss. Ensure that data are complete, valid, and accurate when being processed and that programs have properly executed. Ensure that the results of computer processing are accurate, valid, complete, and consistent.  The Difficulties in Protecting Information Resources Oagq0od0adda Hundreds of potential threats exist. Computing resources may be situated in many locations. Many individuals control information assets. Computer networks can be outside the organization and difficult to protect, Rapid technological changes make some controls obsolete as soon as they are installed. Many computer crimes are undetected for a long period of time, so it is difficult to learn from experience. People tend to violate security procedures because the procedures are inconvenient. Many computer criminals who are caught go unpunished, so there is no deterrent effect. The amount of computer knowledge necessary to commit computer crimes is usually minimal. As a matter of fact, one can learn hacking, for free, on the Internet. The cost of preventing hazards can be very high. Therefore, most organizations simply cannot afford to protect against all possible hazards. It is difficult to conduct a cost-benefit justification for controls before an attack occurs because it is difficult to assess the value of a hypothetical attack. Summary • Security is about risk. • Risk • Accept • Limit • Transfer 7