Fill in the Blanks Session 04 - MISOnline version Subject: Management Information Systems: Analysis, Design & Practice Lecturer: Professor Dr. Robert Regan Graduate School of Information Technology Siam University, Bangkok, Thailand by Prince Parham 1 activity recovery trace encryption damage Confidentiality Melissa account destroyed unexpected riots codes 1 . You must examine the components on how information can be compromised : - ? . - ? Integrity . - ? Availability . - ? Authentication . - ? Authorization . 2 . There is a price to pay when a half - hearted security plan is put into action . It can result in disaster . A password policy that allows users to use blank or weak passwords is a hacker's paradise . No firewall or proxy protection between the organization's private local area network ( LAN ) and the public Internet makes the company a target for cyber crime . 3 . Few safeguards can be implemented against natural disasters . The best approach is to have disaster plans and contingency plans in place . Other threats such as , wars , and terrorist attacks could be included here . Although they are human - caused threats , they are classified as disastrous . 4 . The most dangerous attackers are usually insiders ( or former insiders ) , because they know many of the and security measures that are already in place . Insiders are likely to have specific goals and objectives , and have legitimate access to the system . Employees are the people most familiar with the organization's computers and applications , and they are most likely to know what actions might cause the most damage . Insiders can plant viruses , Trojan horses , or worms , and they can browse through the file system . 5 . ? Trojan horses . These are malicious programs or software code hidden inside what looks like a normal program . When a user runs the normal program , the hidden code runs as well . It can then start deleting files and causing other to the computer . Trojan horses are normally spread by e - mail attachments . The virus that caused denial - of - service attacks throughout the world in 1999 was a type of Trojan horse . 6 . ? Password cracking . This is a technique attackers use to surreptitiously gain system access through another user's . This is possible because users often select weak passwords . The two major problems with passwords is when they are easy to guess based on knowledge of the user ( for example , wife's maiden name ) and when they are susceptible to dictionary attacks ( that is , using a dictionary as the source of guesses ) . 7 . ? Denial - of - service attacks . This attack exploits the need to have a service available . It is a growing trend on the Internet because Web sites in general are open doors ready for abuse . People can easily flood the Web server with communication in order to keep it busy . Therefore , companies connected to the Internet should prepare for ( DoS ) attacks . They also are difficult to and allow other types of attacks to be subdued . 8 . ? Eavesdropping . E - mail headers and contents are transmitted in the clear text if no is used . As a result , the contents of a message can be read or altered in transit . The header can be modified to hide or change the sender , or to redirect the message . 9 . ? Eavesdropping . This allows a cracker ( hacker ) to make a complete copy of network . As a result , a cracker can obtain sensitive information such as passwords , data , and procedures for performing functions . It is possible for a cracker to eavesdrop by wiretapping , using radio , or using auxiliary ports on terminals . It is also possible to eavesdrop using software that monitors packets sent over the network . In most cases , it is difficult to detect eavesdropping . 10 . ? Packet modification . This involves one system intercepting and modifying a packet destined for another system . Packet information may not only be modified , it could also be .
New game