Monday, June 29, 2020

Business information system Essay - 825 Words

Business information system (Essay Sample) Content: Business Information SystemBy students nameCourse code+ nameProfessors nameUniversity nameCity, stateDate of submissionQ1. Define security, threat, exposure and vulnerability in relation to Information Systems security. Identify which components of a computer based information system must be protected by the information system security. In regard to information systems security, the term security can be defined as the degree of protection from, or resistance to harm. As noted by Wikipedia the free encyclopedia, it applies to any vulnerable and valuable asset, such as a person, dwelling, community, nation, or organization According to Straub and Goodman et al. (2008) threat is a method that is used to provoke or stir up a risk that can be dangerous. Vulnerability on the other hand is any weak point in a target that can potentially be utilized by a security threat while exposure is the act of being subjected to a security threat or being subjected to a threat.Russell an d Deborah et al. (1991) clearly stated that various components of a computer based information system have to be protected by the information system security. This includes the system access which controls the access to that system. It determines who is allowed to access the computer based information system by checking and verifying whether whoever is logged in to the system is legitimate or not. The system completes that transaction in two steps; identification and authentication according to Russell and Deborah et al. (1991)The second component of a computer based information system that must be protected is data access as portrayed by Clifton and Sutcliffe et al. (1994). Data should be protected in the sense that those accessing the data should be verified by the system before transacting any business with the system. It is completed in two steps that is: discretionary access control and mandatory access control.Malware, a short form for malicious software, refers to a software programs that are designed specifically to disrupt computer operations, gather important and sensitive data or information, perform unwanted actions to a computer or even gain access to computer based information systems.Q2. Explain malware and the 3 major categories of software attacks. Include definitions of a logic bomb, back door, denial of service attack and distributed denial of service attack. According to techterms.com malware includes: computer viruses, worms, Trojan horses and spyware which are very hostile and intrusive software. Users rely on other software to counter the malware. Such software includes: firewalls, antivirus and anti-malware. Christodorescu (2007) stipulates that a logic bomb is a computer malware that remains hidden in a software system and only sets off a malicious function when certain specified conditions are met. It is normally a piece of code, deliberately inserted into a software system.According to Thompson and Chase (2005), another malware is ca lled backdoor which is computer software that enables the users to bypass the normal authentication, thus get to a position of accessing a computer information system illegally. The backdoor may disguise itself in an installed program such as Back Orifice, or may subvert the entire system using Rookit.A denial of service is a malicious act of trying to deny the users an opportunity to visit a certain server by either temporarily making it unavailable or suspending the activities of the host by disrupting the internet as according to Thompson and Chase (2005).A distributed denial of service on the other hand is a type of attack whereby, a multitude of malicious attacks are directed to a single server that is targeted. As Russell and Deborah et al. (1991) puts it in their book Computer Basics, Information security control protects the information stored in the computer from being lost, changed either maliciously or accidentally, or read or modified by those not authorized to access i t. Define and discuss the major categories of information security controls. Provide 2 examples of each. There are various categories of information security control: they are system access controls, data access control system and security administration and system design.Van Schaik (1985) points out that system access controls ensure that no user that is not permitted to access the system is allowed to enter into the system and also protecting the password data by changing the passwords on a regular basis. System access section introduces the basic controls. Data access controls perform the task of monitoring the individuals who can access various systems or data and also the purpose of accessing certain computer based systems. It introduces the basics of data controls defined for different levels for secure systems as Van Schaik (1985) stipulates.Ardagna (2012) points that system and security administration is the third part of information security controls, and deals with offline procedures that can in one way or another build or destroy a secure system, by clearly delegating and identifying the responsibilities of a system administrator, training users step by step and at the same time monitoring them to ensure that no security policies are compromised. Lastly, system design is the fourth control in which Russell and Deborah et al. (1991) describe that it takes advantage of basic hardware and software security characteristics; for example, using a system architecture that's able to segment memory, thus isolating privileged processes from non privileged processesQ4. Define a business continuity plan contrasting a cold, warm and hot site.According to web definitions (Wikipedia the free encyclopedia) a business continuity plan identifies an organization's exposure to internal and external threats and synthesizes hard and soft assets to provide effective prevention and recovery for the o...

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.