Post on 28-Dec-2015
Tutorial
Chapter 5
2
Question 1:
What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
3
Answer: Adware: collects info about users to determine what
adverts to display in browser Phishing: sending fraudulent e-mails to direct recipients
to false web-sites to capture private info keystroke loggers: monitor and record keystrokes to
collect credit card numbers while doing online shopping Sniffing: capturing and recording network traffic to
intercept information Spoofing: attempt to gain access to a network by posing
as an authorized user to find sensitive information.
4
Question 2:
What are the three dimensions of the CIA triangle used to design a security system?
5
Answer:
C- Confidentiality,
I- integrity, and
A- availability
6
Question 3:
Give two examples of intentional threats to network security.
7
Answer:
Hacker attacks and Attacks by disgruntled employees—
spreading a virus or a worm on the company network.
8
Question 4:
1. Give four examples of biometric security.
2. Which one is the most effective?
9
Answer:
Facial recognition, fingerprints, hand geometry, and Iris analysis.
Iris analysis is probably most effective.
10
Question 5:
What two types of encryption were introduced in this chapter?
11
Answer:
Asymmetric (also called public key encryption) and
symmetric.
12
Question 6:
What is business continuity planning? Why is it used?
13
Answer:
Outline procedures for keeping an organization operational in the event of a natural disaster or network attack.
To lessen the effects of a natural disaster or a network attack or intrusion.
14
Question 7:
Assume you have been asked to put together a security policy for your local bank: Outline your top five recommendations to the
bank. What are some of the risks to online banking? How can the security and privacy of online
banking be improved?
15
Answer 1: Developing clear, detailed security policy and
procedures Providing security training and security
awareness for key decision makers and computer users
Periodically assessing the security policy’s effectiveness
Developing an audit procedure for system access and use
16
Cont:
Overseeing enforcement of the security policy
AND: designing an audit trail procedure for incoming and outgoing data.
17
Answer 2:
Confidentiality: information can be accessed by other than sender or recipient
Authentication: how can the recipient be sure that the data is actually from the sender
Integrity: How can the recipient know that the contents have not be changed during transmission
Nonrepudiation: the sender can denied sending the data The receiver can denied having received the data
18
Answer 3:
Authentication: Is important because the person logging in isn’t
necessarily the account holder What the receiver knows to be accurate, and what
the sender is providing: mother’s maiden name, ID, DOB
Confirmation: Verifying transaction, usually a digital signed
confirmation with a private key
19
Cont:
Non-repudiation Dispute over the transaction. Digital signatures
are used to bind the two partners. The customer receives a proof of deposit/
withdrawal, and bank is assured of client’s identity.
20
True/False?
A firewall is a combination of hardware and software that acts as a filter or barrier between a private network and external computers or networks, including the Internet.
A Trojan program consists of self-propagating program code that is triggered by a specified time or event
21
Selection:
14.
15.
22
Case Study 1: what is it about?
Destroyed files and stole passwords Around the world in 2 hours; 3 times faster
than Melissa virus NASA and CIA Damages Tracing Cybercrime
23
Questions:
Calculation of costs? Laws for prosecuting hackers? How can organizations guard against
virusses?
24
Homework:
Case Study 2