Chapter 7,8,10 1.
As system complexity and our dependence on them increase, companies face the growing risk of their systems being compromised. What are the threats a company faces Or what are the threats to AIS? Threats to AIS Examples Natural and political disasters
fire or excessive heat
floods
earthquakes
high winds
war
Software errors and equipment malfunctions
hardware failures
power outages and fluctuations
undetected data transmission errors
Unintentional acts
accidents caused by human carelessness
innocent errors of omissions
lost or misplaced data
logic errors
systems that do not meet company needs
Intentional acts
sabotage
computer fraud
embezzlement
2. Compare preventive, detective and corrective control techniques with example. Type of control Examples Preventive
● People Creation of a “security-aware”
culture
Training
● Processes User access controls (authentication and authorization)
● IT solutions
Anti-malware
Network access controls (firewalls,
intrusion prevention systems, etc)
Device and software hardening (configuration controls)
Encryption
● Physical security access controls (locks, guards, etc) Detective
● Log analysis
●
Intrusion detection systems ● Penetration testing
● Continuous monitoring Corrective
● Computer incident response teams (CIRT)
● Chief information security officer (CISO)
● Patch management
