IT+Systems+Mock+Paper+3


 * 2.1 Hardware and Networks**
 * BE SURE TO ADD "HOW-TO" PROCESSES ALONG WITH THE DESCRIPTION INFORMATION ABOUT THE RELATED IT SYSTEMS. **

2.1.2 Networks -Vulnerability to network intrusion -Authenticate information Companies would want to authenticate information so that they can trust the incoming information. Also to assure that it is coming from a reliable source.1264482296 Authentication of information would be through the user providing some information that would match the server's database, matching information would result in access to the server's information database. **Two-factor authentication (T-FA) or (2FA)** is a system wherein two different factors are used in conjunction to authenticate. Using two factors as opposed to one factor generally delivers a higher level of authentication assurance. Two-factor authentication typically is a signing-on process where a person proves his or her identity with two of the three methods: "something you know" (e.g., [|password] or [|PIN]), "something you have" (e.g.,. [|smartcard] or [|token]), or "something you are" (e.g., [|fingerprint] or iris scan). Using more than one factor is sometimes called "strong authentication", however, "strong authentication" and "multi-factor authentication" are fundamentally different processes. Soliciting multiple answers to challenge questions may be considered strong authentication but, unless the process also retrieves 'something you have' or 'something you are', it would not be considered multi-factor. [] 1266676821

Threat of compromising a data integrity

2.1.4 Images, Sounds and Presentations -Surveillance and privacy

A recent survey by the American Management Association shows that about 78% of companies in the U.S. monitor their employees in some way. Employee Internet use is monitored by 63% of employers; 47% store and review employee e-mail messages; 15% view employees by video; 12% review and record phone messages; and 8% review voice-mail messages.

More than 75% of companies say that monitoring helps them combat personal use of the Internet during business hours, according to a recent study by online survey service Quick Take that was commissioned by Web- and e-mail-filtering vendor SurfControl PLC. Employers also have an incentive to ensure that employees do not unwittingly or intentionally divulge company trade secrets and intellectual property by way of their communications. Furthermore, employers want to prevent or remedy any defamatory statements made by employees in electronic and other communications. And after Sept. 11, employers more than ever want to make sure that employees are not engaging in any type of criminal activity in the workplace. ([])

Still, workers have legitimate concerns that their privacy rights might be invaded. The primary federal statute in this area is the Electronic Communications Privacy Act of 1986 (ECPA). The ECPA, codified at 18 U.S.C. §§ 101 et seq., bars the intentional interception of any wire, oral or electronic communication, or the unauthorized access of stored communications. The ECPA does have three exceptions, and if any one of these applies, monitoring can take place under appropriate circumstances. The exceptions generally allow employers to monitor business-related phone calls, to monitor communications when there has been employee consent, and to retrieve and access stored e-mail messages. 1264481620
 * Information about Privacy Rights of employees :**

 If you have a computer terminal at your job, it may be your employer's window into your workspace. There are several types of computer monitoring. > > People involved in intensive word-processing and data entry jobs may be subject to keystroke monitoring. Such systems tells the manager how many keystrokes per hour each employee is performing. It also may inform employees if they are above or below the standard number of keystrokes expected. Keystroke monitoring has been linked with health problems including stress disabilities and physical problems like carpal tunnel syndrome.  []  1266678233
 * 3. Computer Monitoring****
 * 1) Employers can use computer software that enables them to see what is on the screen or stored in the employees' computer terminals and hard disks. Employers can monitor Internet usage such as web-surfing and electronic mail.
 * 1) Another computer monitoring technique allows employers to keep track of the amount of time an employee spends away from the computer or idle time at the terminal.


 * 2.3 Communication systems**

2.3.1 The Internet -Viruses
 * A computer virus is a computer program that can copy itself[1] and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive.

Viruses; A hacker would want to implant a virus into another computer for several reasons, it could be financial, to steal information, or just for the fun of it. A hacker might want to steal money from someone, or gain personal information that will allow the hacker to inherit money. The hacker might also want to steal information from another computer user for reasons such as, identity theft, or useful financial information. 1264482296

1264913586 Example of a worm: The payload of the worm will destroy any file with the extension .h, .c, .cpp, asm, .doc, .ppt, or .xls on your hard drives, any mapped drives, and any network machines that are accessible each time it is executed. This continues to occur until the worm is removed. You may receive the worm as an attachment called zipped_files.exe, masquerading itself as the usual self-extracting zip file. But, when run, this executable will copy itself to your Windows System directory with the filename Explore.exe or to your Windows directory with the filename _setup.exe. The worm modifies your WIN.INI or registry such that the file Explore.exe is executed each time you start Windows. []
 * Worm.ExploreZip** is a worm that contains a malicious payload. The worm utilizes Microsoft Outlook, Outlook Express, Exchange to mail itself out by replying to unread messages in your Inbox. The worm will also search the mapped drives and networked machines for Windows installations and copy itself to the Windows directory of the remote machine and modify the WIN.INI accordingly.

Antivirus: An antivirus program is no more than a system for analyzing information and then, if it finds that something is infected, it disinfects it. The information is analyzed (or scanned) in different ways depending on where it comes from. An antivirus will operate differently when monitoring floppy disk operations than when monitoring e-mail traffic or movements over a LAN. The principal is the same but there are subtle differences. Disinfection is done by removing the harmful data by isolating it. The system then recovers an older draft of the file and patch it with a copy of it's original form, recreating the missing chunks. (Example for Windows NT/2000/XP) Source: [] 1264482241

Computer security quiz: [] teaches you some of the basics of a computer's security (firewall, proxy and encryption)

-Hackers

1264913586 Really good article from the website HowStuffWorks describing how firewalls work from a company's perspective: [] "Let's say that you work at a company with 500 employees. The company will therefore have hundreds of computers that all have network cards connecting them together. In addition, the company will have one or more connections to the Internet through something like T1 or T3 lines. Without a firewall in place, all of those hundreds of computers are directly accessible to anyone on the Internet. A person who knows what he or she is doing can probe those computers, try to make FTP connections to them, try to make telnet connections to them and so on. If one employee makes a mistake and leaves a security hole, hackers can get to the machine and exploit the hole. With a firewall in place, the landscape is much different. A company will place a firewall at every connection to the Internet (for example, at every T1 line coming into the company). The firewall can implement security rules. For example, one of the security rules inside the company might be:

-Reliability/Authenticity

2.3.2 Personal and Public Communication -Use of mobile devices 1264913586 Article about the different types of threats that affect smartphone users and what people can do to protect themselves. One threat mentioned is losing the phone. In order to protect you from this is to use a password on the phone and encrypt the data. Devices can be configured so that they ask for a password every time e-mail or a VPN is accessed. Mobile device users should also be careful about leaving the phone unattended, or loaning it to people. Spyware can be installed without you knowing it if someone has physical access to the device and knows your password if you have one set. For instance, the PhoneSnoop program can be used with BlackBerry devices to remotely turn the microphone on to eavesdrop on nearby conversations. Just like with computer users, smartphone users are vulnerable to e-mail and Web-based attacks like phishing and other social-engineering efforts. All attackers have to do is create a malicious Web page and lure someone to visit the site where malware can then be downloaded onto the mobile device. People should avoid clicking on links in e-mails and text messages on their mobile device. If you are doing something sensitive on your phone, like checking a bank account or making a payment, don't use the free Wi-Fi at a coffee shop or other access point. Use your password-protected Wi-Fi at home or the cellular network to avoid what is called as a man-in-the-middle attack in which traffic is intercepted. The article mentions a lot of other security threats and ways of avoiding those threats. http://news.cnet.com/8301-27080_3-10424759-245.html?tag=mncol;title -Telecommuting