Assignment # 2
1. Why is information security a management problem? What can management do that technology cannot?
Both general management and IT management are responsible for implementing information security to protect the ability of the organization to function.
Decision-makers in organizations must set policy and operate their organization in a manner that complies with the complex, shifting political legislation on the use of technology. Management is responsible for informed policy choices and the enforcement of decisions that affect applications and the IT infrastructures that support them. Management can also implement an effective information security program to protect the ...view middle of the document...
Just as managing payroll has more to do with management than with mathematical wage computations, managing information security has more to do with policy and its enforcement than with the technology of its implementation.
4. Has the implementation of networking technology created more or less risk for business that use information technology? Why?
Networking is usually considered to have created more risk for businesses that use information technology. This is due to the fact that potential attackers have more and readier access to these information systems when they have been networked, especially if they are interconnected to the Internet.
5. What is information extortion? Describe how such an attack can cause losses, using an example not found in the text.
When an attacker is able to control access to an asset, it can be held hostage to the attacker’s demands. For example, if an attacker is able to gain access to a set of data in a database and then encrypt that data, they may extort money or other value from the owner in order to share the encryption key so that the data can be used by the owner.
6. Why do employees constitute one of the greatest threats to information security?
Employees are the greatest threats since they are the closest to the organizational data and will have access by nature of their assignments. They are the ones who use it in everyday activities, and employee mistakes represent a very serious threat to the confidentiality, integrity, and availability of data. Employee mistakes can easily lead to the revelation of classified data, entry of erroneous data, accidental deletion or modification of data, storage of data in unprotected areas, and failure to protect information.
7. What measures can individuals take to protect against shoulder surfing?
The best way for an individual to avoid shoulder surfing is to avoid, as far as possible, the accessing of confidential information when another person is present. The individual should limit the number of times he/she accesses confidential data, and do it only when he/she is sure that nobody can observe them. One should be constantly aware of who is around when accessing sensitive information.
8. How has the perception of the hacker changed over recent years? What is the profile of a hacker today?
The classic perception of the hacker is frequently glamorized in fictional accounts as someone who stealthily manipulates their way through a maze of computer networks, systems, and data to find the information that resolves the dilemma posed in the plot and saves the day. However, in reality, a hacker frequently spends long hours examining the types and structures of the targeted systems because he or she has to use skill, guile, or fraud to attempt to bypass the controls placed around information that is the property of someone else.
The perception of a hacker has evolved over the years. The traditional hacker profile was male, age 13-18, with limited parental...