© Deakin University MIS101 – Business Information SystemsMIBT Template – T3, 2013

MIS101 – Assignment Template – Trimester 3, 2013

Your Name: Insert your name here

Student Number: Insert you MIBT student ID number here

MIBT Email: Insert you MIBT email address here

Assignment – Part A

(Remember to use in-text citations to avoid plagiarism)Q1. Define security, threat, exposure and vulnerability in relation to Information Systems security. Identify which components of a computer based information system must be protected by the information system security. (200 words)

The security in information system refers to that data of hardware and software of the system as well as the system itself would be protected and not affected, destroyed, leaked by accidental or malicious reasons and destroyed (Dhillion & Backhouse, 2000).

For computer network security threats can be divided into two categories, namely active attack and passive attack. The active attack consists of attack interrupt, tampering and forgery. And passive attack is only a form, namely intercept.

Network system reliability, robustness and resistance to attack strength also depends on the information used by the product itself if there is a security risk. So that can result in the vulnerability of information system security(Dhillion & Backhouse, 2000).

The exposure refers to that in the information system, if it happens the problems including the system intercepting, camouflage, replay attack, Data capture, the illegal use, Virus, Malicious system source file disclosure and other information leakage problem, it would cause a major safety accident to the users (Austin, et,al, 2002).

For software system and hardware system, which include the Network security, system security and data security, the two systems are the major components in the computer based on information system. In the information system securing, data system should be more protected (Warneke, et,al, 2001).

Q2. Explain malware and the 3 major categories of software attacks. Include definitions of a logic bomb, back door, denial of service attack and distributed denial of service attack. (200 words)

Malware refers to malicious viruses, worms and Trojan horses performed on a computer system. Network users in the malicious web site, or never safe site to download games or other programs, often would get a malicious program, to users own computer, but the users

1

© Deakin University MIS101 – Business Information SystemsMIBT Template – T3, 2013

would not know. Until there is malicious ads pop-up or pornographic websites automatically appear constantly, the user can be found that the computer has "poisoning"(Dhillion & Backhouse, 2000). The malicious software makes the victim's computer porn sites or malicious ads, the program is known as malicious software, they are also known as malware.

Hacker attack is another software attack. For hackers themselves, to break into most people's computer is too easy.If people want to get to the Internet, met a hacker is inevitable. Noe destructive attack is one of the hack attack. Non destructive attack is generally to disrupt the system operation, usually using denial of service attacks or information bomb. Destructive attacks into computer systems, it would purposely conduct data theft of confidential information, and destroy target system (Weiser, 2008).

The third one ins the virus attack. Viruses can tamper with the user's computer under the condition of without permission from the user's operation mode, the information user's network server or desktop information.

Q3. Define and discuss the major categories of information security controls. Provide 2 examples of each. (200 words)

To ensure the information security, there are two control measures including the firewall and the authentication. For example, firstly, it is the firewall. A firewall is a network security means, and it is also a kind of access control of network communication when scale (Jain & Ross, 2006). The main goal of firewall is through the control into and out of a network, between the internal and external two network to establish a safety control point, the service into and out of internal network and access control and audit, so as to prevent external web users to use illegal means through external network into the internal network, to realize access, interference and destruction of the internal network resources (Warrington, et,al, 2000).

Secondly, it is login authentication. The information security authentication refers to the technology that can be used in computer network system for the user identity recognition. It Is the first line of defense of information security, as well as the most important line of defence. Before the user can access security system, it should be first through the identity authentication system identification, and then access the monitor according to the user's identity and authorization database to determine whether the user has access to a resource.

Q4. Define a business continuity plan contrasting a cold, warm and hot site. (200 words)

Business continuity plan is a set of regulations and laws based on the management requirements of business operation process, so that an organization can react rapidly in front of the emergencies to ensure that critical business functions can continue, and do not cause business interruption or change the nature of the business process (Campbell,et.al, 2003). There are three aspects in business continuity plan. The first one is High availability.It refers to the continuously access ability under the condition of local fault cases no matter the fault is a business process, physical facilities, or IT hardware and software failures. The second one is continuous operation. It refers to the ability to keep business running when all equipment is trouble (freeSlater, et,al, 2007).The third one is the disaster recovery. It refers to that when disaster damage production occurs, it has the ability to recover data from various points inside the location.

2

© Deakin University MIS101 – Business Information SystemsMIBT Template – T3, 2013

For different websites, it has different requirement of business continuity plan. Especially, for the hot website, it should establish strong business continuity plan, as there will have large information transferred online which should be carefully protected. For the cold website, the requirements of business continuity plan would be relatively lower, as there would not often happen disruption of business operation (Lancioni, 2005).

Reference List:

List full references used (only) in alphabetical order by Author Surname. Use Harvard Referencing Style (refer MIBT portal week 3 for Harvard Reference Guide)

Campbell, K, Gordon, L.A, Loeb, M.P, Zhou,L, (2003), The economic cost of publicly

announced information security breaches: empirical evidence from the stock market,

Journal of Computer Security, 15(2), 463-469.

Dhillion, G, &, Backhouse, (2000), Technical opinion: Information system security

management in the new millennium, 24(5), 177-186.

Jain, A, K, & Ross, A, (2006). Biometrics: a tool for information security, Information

Forensics, 12(1), 225-234.

Danile, C, (2009), Cloud Computing: Benefits, Risks and Recommendations for Information

Security, Communications in Computer and Information Science Volume, 137(9), 288-297.

Austin, T, Larson, E, Emst, D, (2002), SimpleScalar: An infrastructure for computer system

modeling, Computer science, 15(7), 208-227.

Warneke, B, Last, M, Liebowitz, Pister, K.S, (2001), Smart dust: Communicating with a cubic-

millimeter computer, Computer science, 17(4), 887-896.

Weiser, M, (2008), The computer for the 21st century, Scientific american, 23(2), 198-205.

Bernstein, F.C,, Koetzle, T.F, Williams, G.J.B, (2005), The Protein Data Bank: a computer-

based archival file for macromolecular structures, 34(4), 778-785.

Warrington, T.B., Abgrab N.J., Caldwell, H.M., (2000), Building trust to

develop competitive advantage in information security, Journal of Global Competitiveness,

10(2)160 - 168.

Slater, S.F., Hult, G.T.M., Olson, E.M., (2007), On the importance of matching strategic

behavior and target market selection to business strategy , Journal of the Academy of

computer Science, 35(1), 5-17.

3

© Deakin University MIS101 – Business Information SystemsMIBT Template – T3, 2013

Lancioni, R., (2005), Pricing issues in industrial technology, Industrial Information technology

Management, 34(2), 111-114.

Assignment – Part B

A case study critical thinking analysis using Toulmin’s Model of Argument (~900 WORDS)

Use the Table provided for your answers. You must use the article provided in the

Assignment Details Document. Note each sentence in part or whole, can only be used

once in the entire table. E.g. if you use a sentence in the DATA section it cannot be used in

any other section.

Claim Facebook fails to protect users’ privacy

Data/EvidenceSentence : A computer worm called Ramnit has stolen 45,000 login credentials from Facebook, security experts have warned.According to Toulmin’s model, the author claimed that the Facebook fails to protect the privacy of its users. And it can be proved by the data that 45,000 users’s information such as login number, passwords have been copied or stoled since 45,000 machines have affected by the Ramnit virus. So from this sentence, it can see that many users of Facebook have been stolen personal information by the Rammit, and this should blame for the bad information security system of Facebook. Since the Facebook has problems in its information security system, it fails to protect the uses’ private information as there are some virus attacking the system.

Warrant Sentence: When consulted Facebook explained security experts had reviewed the data, and found the majority of the information to be out-of-date, but initiated remedial steps for all affected users to ensure the security of their accounts.Based on the Toulmin’s model including claims, support, logos, ethos and pathos, it should have the famous people to have support the arguments by their claims. And from the selected sentence, it can see that Facebook have ensured it would rapidly remedy the loss of affected users by initiating remedial steps to make sure their security on accounts. Here, the security experts of Facebook have claimed that they reviewed the date and find out the out of date information. So it can be believed that the Facebook would take according steps or plans to solve the security problems. Thus, the users actually can get the warrant from the Facebook on information security.

And according to the warrant, it also can tell that Facebook does not well protect the information privacy of users.

BackingSentence: "It won't necessarily be obvious that you have been attacked. The worm is stealing passwords so it is not going to announce itself," said Graham Cluley, senior security consultant at Sophos.

4

© Deakin University MIS101 – Business Information SystemsMIBT Template – T3, 2013

According to Toulmin’s model, backing can be very important claims to support the arguments or claims. That is, an excellent argument shoud need some claims or evidence to bank the main argument, which can make the argument more rich and convincing.

To backing the argument that Facebook fails to protect the privacy of users, it can use other’s claim or argument to support it. And here according to the senior security consultant Graham Cluley’s claim, it can tell that the users’s information such as passwords has been affected by the worm. It actually admits that the worm has stolen the privacy information of the users. So the Facebook do have the loophole in protect the information of its users. The security consultant’s argument can be powerful and believable, so it fully support the claims of Facebook’s bad information security system.

RebuttalSentence: According to Seculert, 800,000 machines were infected with Ramnit from September to the end of December 2011,In July 2011 a Symantec report estimated that Ramnit worm variants accounted for 17.3% of all new malicious software infections. From this sentence, it can see the author argues that not only Facebook is affected by the Ramnit, but nearly 17.3% software in July is affected by the malicious worm. So it can defend that it could not ask the Facebook take all the responsibility of failing to ensure user’s information security. It may because the Ramnit itself has strong attack ability that affect lots of machine not only the Facebook. Thus, from this point, it can not say that Fack book fails to protect users’ privacy. All the data and information in the sentence can strongly support the argument that Facebook should not take all the responsibility of failing to protect the privacy of users.

QualifierSentence: Facebook encourages users to protect themselves by never clicking on strange links and reporting any suspicious activity they encounter on Facebook.According to Toulmin’s model, there are two types of arguments from emotional proofs. The first one is motivational proofs, that is, urge the audience to act in such a way as to meet an identified need. The second one is value proofs, that is, appeals to what all audience are expected to value. So from the emotional proof, it can also used to support the argument. And according to the sentence chosen above, it can see that the Facebook admits that it does fail to protect the privacy of users and encourage the users themselves to be careful when click some strang links. And the Facebook hopes the uses can also actively participate in the fighting against virus to protect information security.

Your Opinion As far as I am concerned, this argument can be very strong based on the Toulmin’s model, since it contains all the elements that toulmin’s argument needs such as claim, support and ethos. And at the same time, in the claim of Facebook’s failing to protect the users’ privacy, it quotes lots of data and information in this argument to support the view. In addition, it can also use lots of claims of experts to help prove the rightness of the argument. Furthermore, based on the policy aspect of Toulmin’s model, it also puts

5

© Deakin University MIS101 – Business Information SystemsMIBT Template – T3, 2013

forward some measures about what to do to deal with information security, such as encouraging the user to be be careful about clicking strange links or do not download some unknown. Thus, from this aspect, it can be totally concluded that the argument of Facebook failing to protect the privacy of users would be very strong in some extent.

6