MIS Report
MIS Report
___
● MAHNOOR SHAHZAD
● SAAD BUTT
● ANZALA UMER
● SARIA CHEEMA
● KAMRAN NASEER
1
INTRODUCTION:
A company's data must be securely protected from being compromised, as the results
of probable hackings might be disastrous for the company's reputation. Because
technology in our global world is continually evolving and changing, the necessity to
secure information has become a critical concern for businesses. In the modern world,
technology and people are linked and existing in networked working settings.
Employees engage with information technology aspects to complete their everyday
activities and responsibilities. On the basis of the organization's structure and future
use, appropriate technical systems are being built.
SECURITY:
All elements of risk management for an organization's assets - including computers,
people, buildings, and other assets – are covered under security management. A
security management plan begins with the identification of these assets, the
development and implementation of policies and procedures to secure them, and the
ongoing maintenance and maturation of these programs.
CONTROLS:
In an organization, control is a major goal-oriented function of management. It is the
process of comparing actual performance to the company's stated standards to verify
that operations are carried out as planned and, if not, corrective action is taken. Every
manager must keep track of and analyze his employees' activity. It assists the
management in taking remedial steps within the specified time frame to prevent a
contingency or corporate loss.
HARDWARE PROBLEMS:
Factors That Can Damage your computer, Electricity interruptions and failures,
overheating, attacks by hackers.
SOFTWARE PROBLEMS:
Slow Downloading and Uploading, New Applications Don’t Install, Inability to Access
Email.
DISASTERS:
Whether the calamity is a hurricane, tornado, earthquake, mudslides, or something else
entirely, it may devastate a company's carefully planned plans and predictions. Supply
chains may be disrupted, personnel may be unable to report to work, and critical
infrastructure or equipment may be harmed.
FRAUDS:
Computer fraud is a cybercrime and the act of using a computer to take or alter
electronic data, or to gain unlawful use of a computer or system.
INTERNET VULNERABILITIES
A network vulnerability is a fault or weakness in software, hardware, or organizational
procedures that can lead to a security incident if used by a threat.
Poor impersonality:
There is little doubt that the internet facilitates contact between suppliers and
customers; yet, because people never meet face to face, there is a significant risk of
impersonation. Unlike when they meet the seller in person, a consumer who places an
order and then waits to get it will never experience the attention of the person providing
them.
3
Worrying security:
People who do business using the internet are overly facing the problem of hackers who
put their businesses at stake. Through the internet hackers find it easy to access
people’s bank accounts, passwords, details on credit cards and addresses among many
others, such information is extremely sensitive to a business and if accessed by an
unauthorized person could greatly damage the entire business.
Email attachments:
Cybercriminals may use an attached document, PDF, presentation or image to disguise
their malware and it will launch once a user opens the attachment.
WIFI network:
When you are connected to a public Wi-Fi network, anyone within range of your
computer can intercept everything you send or receive. If you are connected to an
unencrypted website, it will all be fully readable.
Wireless sniffing:
Many public access points are not secured and the traffic they carry is not encrypted.
This can put your sensitive communications or transactions at risk. Because your
connection is being transmitted “in the clear,” malicious actors could use sniffing tools to
obtain sensitive information such as passwords or credit card numbers.
Viruses:
A computer virus is a type of malicious software, or malware that spreads between
computers and causes damage to data and software. Computer viruses aim to disrupt
systems, cause major operational issues, and result in data loss and leakage.
Worms:
A computer worm is a type of malware whose primary function is to self-replicate and
infect other computers while remaining active on infected systems. A computer worm
duplicates itself to spread to uninfected computers.
Spyware:
Spyware is software with malicious behavior that aims to gather information about a
person or organization and send it to another entity in a way that harms the user.
Keylogger:
A keylogger is an insidious form of spyware. You enter sensitive data onto your
keyboard, believing nobody is watching. In fact, keylogging software is hard at work
logging everything that you type. Keyloggers are activity-monitoring software programs
that give hackers access to your personal data.
5
Hackers
A hacker is someone who solves a technological problem by using computers,
networking, or other skills. Anyone who uses their skills to obtain unauthorized access
to systems or networks in order to conduct crimes is referred to as a hacker.
Types:
Black hat:
Black hat hackers are malicious hackers, sometimes called crackers. Black hats lack
ethics, sometimes violate laws, and break into computer systems with malicious intent,
and they may violate the confidentiality, integrity, or availability of an organization's
system.
White hat:
White-hat hackers are hackers that use their powers for good.
Gray hat:
Gray hat hackers enact a blend of both black hat and white hat activities. Gray hat
hackers often look for vulnerabilities in a system without the owner's permission or
knowledge. If issues are found, they report them to the owner, sometimes requesting a
small fee to fix the problem.
Crackers
A computer cracker is an old phrase for someone who purposefully broke into computer
systems, bypassed passwords or licensing in computer programming, or violated
computer security in other ways. Computer crackers were driven by malicious intent,
profit, or simply the thrill of the challenge.
6
Types:
Script kiddie:
· Script kids are inexperienced hackers who lack the skills and competence of
more experienced hackers in the industry. To compensate, they use previously created
malware created by other hackers to carry out their attacks.
Computer crime:
● Computer fraud The use of information technology for illegal objectives or
unauthorized access to a computer system with the goal to harm, erase, or alter
the data stored on the computer is referred to as computer crimes. Identity theft,
gadget misuse, and electronic fraud are all considered computer crimes.
● Cybercrime, e-crime, electronic crime, and hi-tech crime are all terms
used to describe computer criminality.
● A competent computer user, also referred to as a hacker, who illegally
browses or steals a company's or individuals confidential information commits
computer crime. This person or group of people may be malicious and destroy or
corrupt the computer or data files in some situations.
Cyber terrorism:
Cyber terrorism Hacking, threats, and blackmailing towards a business or person.
Cyberbully:
Cyberbully or cyber stalking Harassing or stalking others online.
Creating Malware Writing, creating, or distributing malware (e.g., viruses and spyware.)
7
Fraud:
Fraud manipulating data, e.g., changing banking records to transfer money to an
account or participating in credit card fraud.
Illegal sales:
Illegal sales buying or selling illicit goods online including drugs, guns, and psychotropic
substances.
Scam tricking:
Scam Tricking people into believing something that is not true.
Software copying:
Software piracy Copying, distributing, or using software that is copyrighted that you did
not purchase.
Spoofing:
Spoofing deceiving a system into thinking you are someone you really are not.
Unauthorized access:
Unauthorized access gaining access to systems you have no permission to access.
Click fraud
Individual or computer program clicks online ad without any intention of learning more or
making a purchase
Global threats:
Concern that Internet vulnerabilities and other networks make digital networks easy
targets for digital attacks by terrorists, foreign intelligence services, or other groups
8
Inside knowledge:
Social engineering:
Tricking employees into revealing their passwords by pretending to be legitimate
members of the company in need of information
● Loss of revenue
● Failed computer systems can lead to significant or total loss of business function
Strong security and control also increase employee productivity and lower operational
costs.
9
General controls:
● Govern design, security, and use of computer programs and data throughout
organization’s IT infrastructure
● Combination of hardware, software, and manual procedures to create overall
control environment
Software controls:
Monitor the use of system software and prevent unauthorized access.
Hardware controls:
Ensure that computer hardware is physically secure, and check for equipment
malfunction and prepare backups.
Implementation controls:
Regular audit of the system to ensure control.
Administrative controls:
Formal rules and procedures to maintain discipline.
10
Application controls
Authorization policies:
Determine differing levels of user access to information assets
● Both types of plans needed to identify firm’s most critical systems and business
processes
● Business impact analysis to determine impact of an outage
● Management must determine
● Maximum time systems can be down
● Which systems must be restored first
•Access control:
● Authorization
● Authentication
● Password systems
● Token
● Smart cards
● Biometric authentication
Authorization:
The process of granting someone access to a resource is known as authorization. Of
course, this description may appear cryptic, but many real-life scenarios may make you
understand what authorisation implies and how to apply those notions to computer
systems. House ownership is a wonderful example.
Authentication:
The process of verifying a user's identity is known as authentication. It's the process of
connecting a set of identifying credentials with an incoming request.
12
Password systems:
A password is a word, phrase, or string of characters used to recognize an authorized
user or program (for the purpose of granting access) from an unauthorized user, or to
put it another way, a password is used to prove one's identity or to grant access to a
resource.
Token:
A token is an object that symbolizes something else, such as another object (physical or
virtual) or an abstract notion, such as a gift. Tokens come in a variety of shapes and
sizes in computers.
Smart cards:
A smart card is a device having an embedded integrated circuit chip (ICC), which can
be a secure microcontroller or comparable intelligence with internal memory, or just a
memory chip. Direct physical touch or a remote contactless radio frequency interface
are used to link the card to a reader.
Biometric authentication:
Biometric authentication entails utilizing a piece of your bodily composition to verify your
identity. A fingerprint, iris scan, retina scan, or other physical trait might be used. It is
possible to utilize a single or several qualities.