\Maximum grade: 10 1. Why are computer systems so vulnerable? Describe the most common security threats against Information Systems The computer system are so vulnerable because Operating systems have fewer vulnerabilities that can lead to massive Internet worms. For instance, during 2002-2005, Microsoft Windows worms like Blaster, Nachi, Sasser and Zotob infected a large number of systems on the Internet On the other hand, vulnerabilities found anti-virus, backup or other application software, can result in worms. There is growth in the number of client-side vulnerabilities, including vulnerabilities in browsers, in office software, in media players and in other desktop applications. These vulnerabilities are being discovered on multiple operating systems and are being massively exploited in the wild, often to drive recruitment for botnets. Users who are allowed by their employers to browse the Internet have become a source of major security risk for their organizations. A few years back securing servers and services was seen as the primary task for securing an organization. Today it is equally important, perhaps even more important, to prevent users having their computers compromised via malicious web pages or other client-targeting attacks. Attackers are finding more creative ways to obtain sensitive data from organization The common security threats against information system is A well-known cause of computer problems are viruses, or damaging programs that are introduced to computers or networks. Some viruses rewrite coding to make software programs unusable, while others scramble or destroy data. Many viruses spread quickly and operate subtly, so they may not be noticed until the damage has already been done. Hackers have two main methods of causing problems for businesses' computer systems: they either find a way to enter the system and then change or steal information from the inside, or they attempt to over-whelm the system with information from the outside so that it shuts down. One way a hacker might enter a small business's computer network is through an open port, or an Internet connection that remains open even when it is not being used. They might also attempt to appropriate passwords belonging to employees or other authorized users of a computer system. Many hackers are skilled at guessing common passwords, while others run programs that locate or capture password information. Another common method of attack used by hackers is e-mail spoofing. This method involves sending authorized users of a computer network fraudulent e-mail that appears as if it were sent by someone else, most likely a customer or someone else the user would know. Then the hacker tries to trick the user into divulging his or her password or other company secrets. Finally, some hackers manage to shut down business computer systems with denial of service attacks. These attacks involve bombarding a company's Internet site with thousands of messages so that no legitimate messages can get in or out. 2. What is the difference between a Virus, a Worm, and a Trojan horse? Difference between Trojan horse-It is a program, using this program it will make the victim system to make listen on particular port, so that attacker can do anything on our system, i.e he can tamper the data,theft the data,destroy the data etc...., trojan horse wont spread in to the system like a virus so it wont effect the system performence. A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on our computer. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a
legitimate source. When a Trojan is activated on our computer, the results can vary. Some Trojans are designed to be more annoying than malicious (like changing our desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on our system. Trojans are also known to create a backdoor on our computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. virus-It is a malicious program, using this program it will damage our system, by injecting the virus in to another programs or files, so that it will regrade our system performance. virus will come to the system with user interaction only. A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. Like a human virus, a computer virus can range in severity: some may cause only mildly annoying effects while others can damage your hardware, software or files. Almost all viruses are attached to an executable file, which means the virus may exist on our computer but it actually cannot infect our computer unless we run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending e-mails with viruses as attachments in the e-mail worm-It is also one type of virus, using this program it will damage our system like virus, not only system it will spread's through out the network and checks for honey pot of our os, and enter in to the os,it will regrade ur system performence and also it will eat our network bandwidth also. A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action. A worm takes advantage of file or information transport features on our system, which is what allows it to travel unaided. The biggest danger with a worm is its capability to replicate itself on our system, so rather than our computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in our e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line. Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding. 3.What is a computer crime? Provide two examples of crime in which computers are targets and two examples in which computers are used as instruments of crime. A computer crime is any illegal action where the data on a computer is accessed without permission. This access doesn't have to result in loss of data or even data modifications. Arguably the worst computer crime occurs when there are no indications that data was accessed.
Computer crime is often attributed to rogue hackers and crackers, but increasingly organized crime groups have realized the relative ease of stealing data with relative low-level of risk Computer crime, cybercrime, e-crime, hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the source, tool, target, or place of a crime. These categories are not exclusive and many activities can be characterized as falling in one or more. Additionally, although the terms computer crime and cybercrime are more properly restricted to describing criminal activity in which the computer or network is a necessary part of the crime, these terms are also sometimes used to include traditional crimes, such as fraud, theft, blackmail, forgery, and embezzlement, in which computers or networks are used. As the use of computers has grown, computer crime has become more important. Computer crime issues have become high-profile, particularly those surrounding hacking, copyright infringement through warez, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise Computer as a target The attack seeks to deny the legitimate users or owners of thesystem access to their data or computers. A Denial-of-Service (a.k.a., DOS or DDOS) attack or a virus that renders the computer inoperable would be examples of this category. Computer As the Target Crimes in which the computer is the target include such offenses as theft of intellectual property, theft of marketing information (e.g., customer lists, pricing data, or marketing plans), or blackmail based on information gained from computerized files (e.g., medical information, personal history, or sexual preference). Unlawful access to criminal justice and other government records is another crime that targets the computer directly. This crime covers changing a criminal history; modifying want and warrant information; creating a driver's license, passport, or another document for identification purposes; changing tax records; or gaining access to intelligence files. One of the best examples of a crime in which the computer is the target can be found in the book The Cuckoo's Egg by Cliff Stoll. The book recounts the true story of a hacker from Hanover, Germany, who infiltrated a number of computers in the United States, including those of universities, the military, and government contractors. The hacker attempted to locate and steal national security information in order to sell it to foreign governments, a clear illustration of making computers the targets of crime _ The computer as an instrument of the crime The computer is used to gain some other criminal objective. For example, 1) A thief may use a computer to steal personal information 2)nd example of using a computer as the instrument to commit a crime is the growing problem of individuals' using cellular phones and electronically billing charges to other customers. In these cases, offenders obtain cellular billing identification codes by using scanning devices, which are small parabolic (curve-shaped) antennae connected to portable computers. When activated, these scanners capture and store account numbers transmitted by cellular phones. The offenders operate near highways, because motorists frequently make calls from their cars. Once they capture the computerized billing codes, they program these codes into other cellular phones simply by hooking up the phone to a personal computer. Then, using software originally developed by programmers in
London, they reprogram the signal chip in the cellular phone. The use of this software, which is easy to copy and to use, is spreading across the United States and Canada, sometimes being shared through underground computer bulletin board services (BBS). 4. What security problems are created by employees? The security problems created by employees are: 1)the executive authorpze plan,ensure security & privacy protection are integrated & accept risk to the information system 2)Managers develop requirements assess information security information sensitivity & privacy needs ,develop security plans & work with IT & security on monitoring 3)IT staff provides document & monitor technical security controls & are consider the owners of the infrastructure of information system 4)security staff manages the security programe assess risks consult & review the security plan & privacy impact assessment & manage the monitoring compliance of reporting activity 5)Auditors review security programme & system for compliance according to organizational policy or legal requirement 6) Supervisors assure staff compliance with security & privacy training training &awareness requirements
5. What is the function of risk assessment? How is it conducted for information systems? RISK ASSESSMENT Risk assessment is the first process in the risk management methodology. Organizations use riskassessment to determine the extent of the potential threat and the risk associated with an ITsystem throughout its SDLC. The output of this process helps to identify appropriate controls forreducing or eliminating risk during the risk mitigation process Risk Assessment Function 1) Access to education services in target areas and educational policies to enhance gender equity and cultural pluralism 2)Health - Quality of maternal-child health services 3) providing Income for Production and marketing for small farmers, microentrepreneur businesses, economic activity, and family nutrition 4)providing enviornment for Resource management in selected bio-regions, policies affecting the environment, and institutional strengthening 5)Trade (Competitiveness) - More open trade and investment policies, accelerated market integration, and more equitable and efficient labor markets 6) Coordination of budget and annual reporting
The Risk Assessment is conducted in following ways 1. Assign responsibility for leading risk assessment to an individual.
2. Assemble individuals to participate on the assessment team. May include members from the unit's business and program areas, as well as IT and human resources functions. 3. Determine the scope of the assessment Will it cover all unit information technology or a single new asset? 4. If the scope is broad it identifies the unit's information assets through a comprehensive business impact analysis, then categorize the assets and prioritize them by criticality. 5. Perform the risk assessment. 6. Document results in a report and submit it to unit management. 7. Document management decisions relating to the accepted level of risk. 8. Develop a work plan to address the most critical risks and track progress toward remediation or mitigation. 9. Select and implement cost-effective protective measures in the course of the unit's planning and budgeting process. 10. Over time measure progress using the baseline established by the initial assessment.