Assignment+for+chapter.+11

2. What are several security measures that could be implemented to combat the spread of cyberscams? Explain why your suggestions would be effective in limiting the spread of cyberscams.

There are many measures that can be used and implemented to stop cyberscams. However, the best way is to spread awareness. When people are aware that what they are doing on the internet can damage their computer, drain their bank accounts and affect their lives, they will reconsider what they are doing online. People respond to desperate pleas they receive in their email, thinking they are helping someone in need. Oftentimes it isn’t until they’ve sent them the money that they realize they’ve been scammed out of money. Spreading awareness about these scams would arm people with the knowledge necessary to avoid becoming a victim of these scammers. If everybody stopped responding to these emails, the scammers would stop trying to rip people off. An effective way to arm people with this knowledge would be to publish a list of known cyberscams. Also, the users should be careful of the sites they visit. When inputting credit card information it is necessary to ensure that they have a secure connection to the server. They should also avoid making -purchases on sites that are not well-known or reputable. If you can purchase the item in a store, that is the safest option. The biggest help online is to simply be aware. If something looks suspicious, just stay away. Most people could avoid being scammed if they were aware of what they were doing online. Staying away from areas of high risk will keep people from experiencing harm from cyberscammers.

3. Which of the four top cybercriminals described in this case poses the biggest threat to businesses? To consumers? Explain the reasons for your choices, and describe how businesses and consumers can protect themselves from these cyberscammers.

I think among all, the one that leads to fraudulent business transaction poses the biggest threat. This harms both the business and the customer. The customers lose their trust in the company, which makes them less likely to make future purchases. And the business loses more customers through word of mouth. Overall, the economy takes the hit which is something that we need to be concerned about these days.

For example that is because people will buy a fake that is 100s of dollars cheaper than the real thing that will cost them a lot of money. This one makes the sales for businesses to make the money to pay their employees and will end up in layoffs and downsizing for the business make the world economy worse than it already is. The cybercriminals described in this case that pose the biggest threat to the consumers is the reshipping. This one makes it harder for the consumer to get what was stolen back along with the person that stole the information in jail. This one makes it easier for the thieves to steal the information and get the products and make cash off the stolen information before the consumer even knows that the information was stolen from them.

A computer crime “is defined by the Association of Information Technology Professionals (AITP) as including (1) the unauthorized use, access, modification, and destruction of hardware, software, data, or network resources; (2) the unauthorized release of information; (3) the unauthorized copying of software; (4) denying an end user access to his or her own hardware, software, data, or network resources; and (5) using or conspiring to use computer or network resources to illegally obtain information or tangible property" (426). Cyber criminals are doing every thing from stealing money, hacking into others computer, stealing intellectual property, spreading viruses and worms to damage computers connected on the internet and committing frauds. My major concern with computer crimes and privacy on the internet are viruses and worms that cause significant damage to your computer, and Identity theft or cyber theft.
 * 1) 4 What are your major concerns about computer crime and privacy on the Internet? What can you do about it? Explain

Viruses are computer programs that are designed to damage computers. They spread from one computer to another like a biological virus. A virus must be attached to some other program or documents through which it enters the computer. A worm usually exploits loop holes in soft wares or the operating system. Most viruses appear to do one thing but do something else. The system may accept it as one thing but upon execution, it may release a virus or worm. Computer viruses are very destructive and do significant damage to computers. Normal users and companies are affected by viruses and worms. Many people use the computer to perform important task and save lots of information. A lot of important data is loss by companies and individuals because of viruses.

Cyber theft is a huge problem. Personal information mainly financial information is being intercepted everyday. Major corporations have been victims of internet fraud though many of them don’t go public with it for various reasons. Most of the companies and banks don’t reveal that they have been the victims of cyber -theft because of the fear of loosing customers and share holders. Cyber-theft is the most common and the most reported of all cyber-crimes according to selfseo.com There are a few things that could be done about viruses and cyber theft. One option is to download anti-virus software to your computer. These programs indentify and remove malicious viruses and files on your computer. Another option would be to install a firewall. A firewall protects a computer network from unauthorized access. Network firewalls may be hardware devices, software programs, or a combination of the two. A network firewall guards an internal computer network against malicious access from outside the network.

Discussion Question #5

What is disaster recovery? How could it be implemented at your school or work?

Every business and organization can experience a serious incident which can prevent it from continuing normal operations. This can happen any day at any time. Disaster recovery is defined as, methods for ensuring that an organization recovers from natural or manmade disasters that have affected its computer-based operations (457). Disaster recovery plans are developed to help prevent the loss of information. Disaster recovery plans specify who will participate in disaster recovery and their duties, the hardware and software that will be used, and the priority of applications that will be processed (457).

Disaster recovery could be implemented at Saginaw Valley State University and at Wolverine Human Services (my employer) by first drafting a disaster recovery plan and conducting a thorough risk analysis of your computer systems. This could be done by the IT services department. List all the possible risks that threaten system uptime and evaluate how impending they are in your particular IT shop. Anything that could possibly cause a system outage is a threat, from relatively common threats like virus attacks and accidental data deletions to more rare natural threats like floods and fires. Determine which of your threats are the most likely to occur and prioritize them using a ranking system. Rank each threat in two important categories, probability and impact. In each category, rate the risks as low, medium, or high. The list should not only be composed of risk but solutions and the cost of implementation.

The information should be passed along from IT services to management of whatever sort. A plan should then be drafted and developed. The plan should include the allocation of work during the disaster, for example, if something goes wrong right now, who is responsible for getting the plan in motion, and the roles that others will play. Plenty of tests should be run on the test before implementing it into the system. After tests are run and the plan begins to look promising, It should be passed along to all employees and posted around the facilities.

Discussion question 7 Is there an ethical crisis in business today? What role does information technology play in unethical business practices? There is an ethical crisis in business during these modern times. [1] as a business professional, we have a responsibility to promote ethical uses of information technology in the workplace. [2] Business ethics is concerned with the numerous ethical questions that managers must confront as part of their daily business decision making. For an example, should you electronically monitor your employees’ work activities and electronic mail? Should you let employees use their work computer for private business or take home copies of software for their personal use? Should you electronically access your employees’ personal records or workstation files? Should you sell customer information extracted from transaction processing systems to other companies? These are types of questions management go through everyday, and deciding which rout to go could be consider unethical. This ethical crisis is becoming to seem more like an epidemic. Top paid CEO’s are being paid more money, but providing less and less. For an example, [3] a lot of things Enron did weren’t so very exceptional : paying insanely large bonuses to executives, for example, often in the form of stock option, promising outlandish growth, year after year, and making absurdly confident predictions about every new market it entered, however untested; scarcely ever admitting a weakness to the outside world; and showing scant interest in the questions or doubts of some in its own ranks about its questionable, unethical, and even illegal business and accounting practices. These types of ethical practices are done by many of the companies here in America, and now in modern times, they are being to surface like dead fish in a polluted lake. Information Technology plays a big factor in unethical business practices. [4] one common example of technology ethics involves some of the health risk of using computer workstations for extended periods in high-volume data entry job positions. Many organizations display ethical behavior by scheduling work breaks and limiting the exposure of data entry workers to staring at a computer monitor to minimize their risk of developing a variety or work-related health disorders, such as hand or eye injuries. These are good types of ethical business practices that may help preventing unethical business practices. Some IT unethical business practices are labeled as Computer crimes. [5] Computer crime, a growing threat to society, is caused by the criminal or irresponsible actions of individuals who are taking advantage of the widespread use and vulnerability of computers and the internet and other networks. It presents a major challenge to the ethical use of information technologies. Computer crime also poses serious threats to the integrity, safety, and survival of most business systems and thus makes the development of effective security methods a top priority. Hacking also plays a big factor in unethical business practices. [6] Hacking, in computerese, is the obsessive use of computers or the unauthorized access and use of networked computer systems. Hackers can be outsiders or company employees who use the internet and other networks to steal or damage data and programs. Breaking and entering, that is, getting access to a computer system and reads some files but neither steals nor damages anything. This situation is common in computer crime cases that are prosecuted. Being able to stop IT unethical crimes is a difficult task.

Case study #1 List several reasons “ cyberscams are today’s fastest growing criminal Niche.” Explain why the reason you give contributes to the growth of cyberscams. Cyberscams are computer crimes. [7] a Computer crime is defined by the Association of Information Technology professional(AITP) as including (1) the unauthorized use, access, modification, and destruction of hardware, software, data, or network resources;(2) the unauthorized releases of information; (3) the unauthorized coping of software; (4) denying an end user access to his or her own hardware, software, data, or network resources; and (5) using or conspiring to use computer or network resources to illegally obtain information or tangible property. These Cyberscams may cause a unauthorized release of information in which the innocent will suffer and hackers will profit. With advancement in IT, people are finding easier ways to steal information, and to prey on people. Its growing fast because it is becoming easier to get away with, with laws or non existing laws that may benefit unethical practices. Cyberscams are today’s fastest growing criminal Niches because they seem virtually untouchable. Most of the cyber criminals live in Russia. [8] Strong Technical Universities, comparatively low incomes, and an unstable legal system make the former Soviet Union an ideal breeding ground for Cyberscams. Also tense political relations sometimes complicate efforts to obtain cooperation with local law enforcement. [9] “ the low standard of living and high savviness is a bad combination,” argues Robert C. Chesnut, a former federal prosecutor who is a senior vice president directing antifraud efforts at ebay. These Hackers have limited rules in their country when it comes to IT. This gives them a chance to flood the Internet with unethical practices that are unquestionably wrong to many Americans, but ignored by their government. To give you an example, Russian born Shtirlitz has used stolen credit cards to purchase goods they send to Americans whose home serve as drop-off points. Some of these people send the goods overseas, before either the credit card owner or the online merchant catches on. Then the goods are fenced on the black market. The Russian government will put little effort in stopping these criminals. The growth of cyberscams is caused by action not being taken. Corporation with governments could reduce or eliminate cyberscams. People nowadays are having easier access to information on the web. Because the Web has become so popular in the last couple of decades, it seems harder to stop criminals when their government does nothing about it. When it becomes Increasingly popular, and doable to many other people in unstable governments, the work is much harder to complete in stopping criminals. [10] “ The problem is, Russia does not have any anti-spamming laws at the moment,” says U.S. Postal Inspection Service senior investigator Gregory Cabb. “Its hard to catch someone who isn’t breaking the law.”

[1] [2] [3] [4] [5] [6] [7] [8] [9] [10]

Question 1: What can be done to improve the security of business uses of the internet? Give several examples of security measure and technologies you would use?

As we know that the IT department is responsible for all kinds of stuff that are related to the computer especially the security. So, managers in business think the security is only IT department jobs which is not true, fail to remember that the "I" in IT stands for "information." Therefore, information is the lifeblood of any business. If anyone out of business network gain access to it, all departments is going to be suffered and have bad consequences. We know that It department the one that is in charge for the most security but all the departments should be concerned with keeping the business security safe. Every computer can be ** vulnerable ** ** to attack **. The consequences of such an attack can range from simple inconvenience to financial catastrophe. A single hacker can cause damage to a large number of computer networks and ** can wreak havoc on both your business and the nation's critical infrastructure ****.** There are some steps that can be done to improve security of business uses of the internet such as promote narrow compliance and devote in employee security training and automated data protection tools under the IT department. Second, Guard against mobile security threats. The main thing that any business has to have is to have any kind of protection for viruses such a business has to have an Anti-virus on anything connected to the internet to keep out any viruses they would allow anyone into the database of the business. Content filtering and monitoring programs that keep check the business computers and internet sites for any problems that might come up. Also, sniffer software on the internet account to sniff out any problems that might come up and get rid of the problem right then and there. Moreover, don’t open email from unknown sources. Be suspicious of unexpected emails that include attachments whether they are from a known source or not. Another step is to protect your computer from Internet intruders by using firewalls. There are two forms of firewalls: software firewalls that run on your personal computer, and hardware firewalls that protect computer networks, or groups of computers. []

Question 2: What potential security problems do you see in the increasing use of intranets and extranets in business? What might be done to solve such problems? Give several examples.

While companies have been realizing massive benefits with the tying together of disparate business functions through intranets and extranets, companies must also realize certain security issues exist.

Most notable of these problems is that, while different business units may be able to use the intranet and extranet to share and gather information, business information has several levels of importance. Internal data is information used on a daily basis which has only minor damaging effects if released into the wrong hands; proprietary information is of a more sensitive nature and might include patentable ideas, process drawings, and so forth; and private data belongs to individuals and could fall under disclosure laws such as HIPAA. These are only a few examples, but without proper data security management, companies might find more important and thus more damaging data in the hands of those less scrupulous or at least less trustable. A company's shipping department does not need to have cash flow analyses for the past three years, but someone in that shipping department may find a rather lucrative trade in sensitive company data. Proper access control based around least-permissions rules (only enough access to do one's job and no more) serve to segregate and protect sensitive data from less-sensitive areas and people.

Additionally, one need only look at TJX, the parent company of TJ Maxx, to see the effects of loose security protocols in a corporate intranet. TJX, owing to lax wireless security, allowed several million credit cards to be stolen over a period of several months, costing many banks and a not-insignificant number of people serious financial damage, in card replacement, fraud, and other related expenses. Data breaches are becoming ever more common in an environment of increasingly-coupled intranets and extranets; while good security practices can mitigate damage in an attack, the evidence is not encouraging on the idea that good security is a perfect barrier against all threats.

There are however good inroads to be made with coupling industrial-grade security with intranets and extranets. Increasing data segregation, improving the secure interfaces between the company and the outside world, and controlling the spread of any attack; these are all good ways to minimize data loss. Secure programming practices, which emphasize a security-first design and programming model, decrease the attack surface of applications. Such practices include sanity checking of variables, accepting all input as strings to be parsed to prevent false data entry, locking down all input fields to controlled lengths to prevent buffer overflows, and hardening of SQL interfaces to prevent injection .Indeed, secure programming may be one of the most important ways by which companies decrease their total attack vectors, and mitigate the damage caused if any of the remaining vectors are used.

Also, there are significant gains to be made with the human element; through crucial employee training, a company may reduce the potential for crafty social engineers to extract data from unsuspecting marks within the company. Even if social engineering succeeds, the least-permissions rules for access, coupled with other data segregation methods can limit data loss to one group or better yet, one isolated business function. The best gains are to be made in the code running in the intranet and extranet environments; the best protections are made with the people using the programs.

[] [] []