Mood's In Control


Saturday, July 18, 2009
In recent years, especially because of the growth of online business, corporations have considered protection of there IS resources an increasingly important issue, for good reasons. Downtime, the time during which ISs or data are not available in the course of conducting business, has become a dreaded situation for almost every business worldwide. Such as the different Airlines in Davao International Airport, the online airline reservation business can lose hundred thousands per hour of downtime.

Other risks that the Davao International Airport consider are the Risks to Hardware and the Risks to Data and Application which are the most pervasive risks to there IS operations.

Risks to Hardware

While stories about damage to ISs by malicious Internet attacks grab headlines, the truth about risks to ISs is simply this: the number one cause of systems downtime is hardware failure. Risks to hardware involve physical damage to computers, peripheral equipment, and communications media. The major causes of such damages are natural disasters, blackouts and brownouts, and vandalism.

Natural Disasters

Natural Disasters that pose a risk to ISs include fires, floods, earthquakes, hurricanes, tornadoes, and lightning, which can destroy hardware, software, or both, causing total or partial paralysis of systems or communications lines. Floodwater can ruin storage media and cause short circuits that burn delicate components such as microchips. Lightning and voltage surges cause tiny wires to melt and destroy circuitry. In addition, wildlife and human error occasionally destroy communications lines; animals gnaw cables, and farmers occasionally cut wires inadvertently while tending their crops.

Blackouts and Brownouts

Computers run on electricity. Of power is disrupted, the computer and its peripheral devices cannot function, and the change in power supply can be very damaging to computer processes and storage. Blackouts are total losses of electrical power. In brownouts, the voltage of the power decreases, or there are very short interruptions in the flow of power. Power failure might not only disrupt operations, but it can also cause irreparable damage to hardware. Occasional surges in voltage are equally harmful, because their impact on equipment is similar to that of lightning.
The popular way of handling brownouts is to connect a voltage regulator between computers and electrical network. A voltage regulator boosts or decreases voltage to smooth out drops or surges and maintains voltage within an acceptable tolerance.
To ensure against interruption in power supply, organizations use uninterruptible power supply (UPS) systems, which provide an alternative power supply for a short time, as soon as a power network fails. The only practical measure against prolonged blackouts in a public electrical network is to maintain an alternative source of power, such as generator that uses diesel or another fuel. Once the general power stops, the generator can kick in and produce the power needed for the computer system.

Vandalism

Vandalism occurs when human beings deliberately destroy computer systems, bitter customers damage ATMs, or disgruntled employees might destroy computer equipment out of fear that it will eliminate their jobs or simply to get even with their superiors. It is difficult to defend computers against vandalism. ATMs and other equipment that are accessible to the public are often encased in metal boxes, but someone with persistence can still cause severe damage. In the workplace, the best measure against vandalism is to allow access only to those who have a real need for the system. Sensitive equipment, such as servers, should be locked in a special room. Such rooms usually are well equipped with fire suppression systems and are air-conditioned, and thus protect also against environmental risks.


Risks to Data and Applications

The primary concern of any organization should be its data, because it is often a unique resource. Data collected over time can almost never be recollected the same way, and even when it can, the process would be too expensive and too time consuming to recover the business from its loss. The concern for applications, especially if the applications are not tailor-made, should come second. All data and applications are susceptible to disruption, damage, and theft. While the culprit in the destruction of hardware is often a natural disaster or power spike, the culprit it damage to software is almost always human.

Theft of Information and Identify Theft

Sometimes the negligence of corporations and the careless use of technology, especially on public links to the Internet, create security “holes” or vulnerabilities. In one case, a young man named Juju Jiang installed a program called Invisible KeyLogger Stealth in public-use computers in 14 Kinko’s stores where customers can access the Internet. (Such Internet-connected PCs are also available in public libraries and airports).
Keystroke logging software records individual keystrokes. For one year, his software secretly recorded more than 450 usernames and passwords, which he used to access existing bank accounts and create new ones. Jiang was caught when he used an application called GoToMyPC. Subscribers to the GoToMyPC service can use an application by the same name to link a PC from another PC and fully control the remote one as if they were sitting in front of it. Using the application , he remotely accessed and used one of his victims’ PCs. Using the PC at home, this person noticed that the cursor was moving “by itself”. The cursor opened files and subscribed to an online payment transfer service. Jiang pled guilty in court.

In 2005 keystroke logging was put to work online by a criminal ring on a massive scale. Spyware is used for several purposes. This time spyware was used to install a keystroke logging application that recorded communication with the victim’s bank, insurance company, or other financial institutions. The collected data included credit-card details, Social Security numbers, usernames, passwords, Instant messaging chat sessions, and search terms. Some of the data was then saved in a file hosted on a server that had an offshore-registered domain name. Sunbelt, a company that develops and sells antispam and security software, managed to obtain access to a victim’s computer and track what the spyware did. The company reported that the online thieves obtained confidential financial details of customers of 50 international banks. They keystroke logging software was small (26KB), and took advantage of Internet Explorer browsers. For example, it accessed the browser’s Protected Storage area, in which users often save their usernames and passwords for convenient automatic logins. Sunbelt recommended disabling this feature.

In some cases it is employees who unwittingly give away important information such as access codes. Con artists use tricks known as
social engineering. They telephone an employee who has a password to access an application or a database, introduce themselves as service people from a telephone company, or the organization’s own IT unit, and say they must have the employee’s password to fix a problem. Employees are often tempted to provide their password. The “social engineers” then steal valuable information.

Once criminals have a person’s identifying details, such as a Social Security number, driver’s license number, or credit-card number, they can pretend to be this person. This crime is called
identity theft. the imposter can easily withdraw money from victim’s bank accounts, put charges on the victim’s credit card, and apply for new credit cards. Since an increasing number of applications for such instruments as well as financial transactions are executed online, identity theft has become a serious problem.



Reference:
Oz, E. Management Information Systems (Fifth Edition)

Posted by ♪_TARIZTA_♪ at 4:26 AM |

0 Comments: