1. Using Your Knowledge – Security Threats
Chapter 12 page 491 Q2
MGS
Group B
Omotayo Adeniyi, Micale Baptiste, Robert Kuhl
Claudia Murcia, Deborah Stroud

2. Consider the 15 categories of threat in Figure 12-1 below
Source
Human Error
Malicious Activity
Natural Disasters
Unauthorized data disclosure
Procedural mistakes
Pretexting Phishing
Spoofing
Sniffing
Computer crime
Disclosure during recovery
Problem
Incorrect data modification
Procedural mistakes Incorrect procedures Ineffective accounting controls
System errors
Hacking
Incorrect data
recovery
Faulty service
Procedural mistakes Development and installation errors
Usurpation
Service improperly
restored
Denial of Service
Accidents
DOS attacks
Service interruption
Loss of infrastructure
Theft
Terrorist activity
Property loss

3. Using Your Knowledge
Describe the three most serious threats to each of the following businesses:
Local Workout Studio
Neighborhood accounting firm
Dentist’s office
Honda dealership

4. The three most serious threats to a local workout studio are:
Unauthorized data disclosure 
Human Error - when someone inadvertently releases data in violation of policy
Computer crime - breaking into networks to steal data such as customer information, or employee's personal information  
Human Error - It can happen by just clicking send.  Maybe you are sending an updated member list to your corporate office from your laptop thinking it was secure.  But your company does not have establised security guidelines  when working out of the office.  The list can be accessed by others and potentially create a security threat.
Computer Crime - is more common.  Most of the press reports are about outside attacks on computer systems.  It is estimated that 75% of computer crime is perpetrated by insiders, such as stealing security codes and credit card numbers.  Also customer's  personal information for malicious intent such as identity theft.  Companies also store personal information about employees.  Not just info in your employment application.  For a small fee employers can find out about your credit  card standing, telephone usage, insurance coverage.  They may also ask you to take a drug and psycological tests; the results of which are the property of the company can be accessed for malicious purposes.

5. The three most serious threats to a local workout studio con't
Incorrect data modification
System errors - caused by employees when procedures are followed incorrectly or procedures have been designed incorrectly
Faulty service - service impropertly restored
System Errors - may cause the company delays in receiving payments.
Faulty Service - when the system fails and recovery plans are not propertly in place; it can cause the company loss in revenue and permanently loose valuable information.

6. Using Your Knowledge
The three most serious threats in a neighborhood accounting firm are:
Hacker- A person or thing that hacks. Also it’s when a person doesn’t have the authority or official power to have the access to a computer system.
Viruses- A segment of self- replicating code planted illegally in a computer program, often to damage or shut down a system or network.
Inside threats
Losing client records
Theft of client records
Unauthorized discussions with third parties about client information

7. Using Your Knowledge What to do about threats:
One of the most important aspects in dealing with internal threats is through control. You want to control access to only those who should have access. Document control can take several forms:
Using passwords to gain access to network resources as well as within a document in order to maintain security
Using document management software to control access to documents
Using the file security system built into the server operating system to secure documents in folders with access for those users who require access

8. Using Your Knowledge Dentist’s office - The three most serious threats
Procedural mistakes
Human error
Improper internal control of systems that process financial data
Computer crime
 Hacking - attempts to steal customer data
Denial of service attacks
Inadvertent shutdown of Web server by starting a computationally intensive application
Malicious hacker can flood a Web server with artificial traffic so legitimate traffic can't get through   
Human error example:
Employee accidentally deletes customer records or mistakenly overwrites the current database with an older one during backup process or
Someone inadvertently releases data in violation of policy - health/dental record details - violation of privacy rights - HIPAA (Health Insurance Portability and Accountability Act)
Improper Internal control:
Lack of separating duties and authority - checks and balances

9. Using Your Knowledge Honda dealership -The three most serious threats
    Unauthorized data disclosure
       Human Error
            occuring by human error when someone
            inadvertently releases data in violation of
            policy.
    Loss of infrastructure
        Accidents
            human accidents can cause loss of           
            infrastructure

10. Using Your Knowledge Honda dealership-The three most serious threats
Honda dealership-The three most serious threats
    Incorrect data Modification
         Malicious Activity
                Hacking-Although some people hack
                for the sheer joy of doing it, others
                hack for  the malicious purpose of
                stealing or modifying data.
                          

11. Using Your Knowledge - Security Threats
Chapter 12
Group B
The End!!
Thank you for
your time!