PROTECTING INFORMATION RESOURCES.

PROTECTING INFORMATION RESOURCES.

Physical controls.

-->To prevent unauthorized individuals from gaining access to company’s facilities. Common physical controls include walls, doors, fencing, gates, locks, badges, guards and alarm systems.
-->Others physical controls include pressure sensors, temperature sensors, and motion detectors.
-->The weakness of physical controls is that they can be inconvenient to employees.
-->Security guards deserve special mention because they have very difficult job. Such as :
• Their jobs are boring and repetitive.
• They are typically not highly paid.
• They will harass by the employees.

Access controls.

-->Restriction of unauthorized user access to computer resources, use biometrics and passwords controls for user identification.
-->Access controls involve two major functions :
• Authentication – Determines the identity of the person requiring access.
• Authorization – Determines which actions, rights, or privileges the person has, based on verified identity.

Method to identify authorized personnel :

Something the user is

-->Also known as biometrics, these authentication methods examine a person’s innate physical characteristics.
-->Generally, company will use an applications such as :
• fingerprint scans
• palm scans
• retina scans
• iris recognition(provide the most definitive identification)

Something the user has

-->These authentication mechanisms include:
• Regular Identification (ID) cards – typically have the person’s picture and often , his or her signature.
• Smart ID cards – have a chip embedded in them with pertinent information about the user.
• Tokens –have embedded chips and a digital display that present a login number used by the employees to access the organization’s network.

Something the user does

-->These authentication mechanisms include:
• Voice recognition–the user speak a phrase that has been recorded under control, monitored conditions.
• Signature recognition–the user sign his or her name and the system matches with the signature that has been recorded and monitored conditions.

Something the user knows

-->These authentication mechanisms include:
-->Passwords– present a huge information security problem in all organizations. All user should use strong passwords in order to make sure the password can’t be broken by a password attacker.
-->Characteristics of strong passwords :
• They should be difficult to guess.
• They should be longer rather than shorter.
• They should have uppercase letter, lowercase letter, numbers and special characters.
• They should not be recognizable word.
• They should not be the name of anything or anyone familiar, such as family names or manes of pets.
• They should not be recognizable string of numbers, such as a birthday date.
-->Passphrase–is a series of characters that is longer than a passwords but can be memorized easily.

Multifactor authentication.

-->To identify authorized users more efficiently and effectively.
-->This type of authentication is particularly important when users are logging in from remote locations.
-->A privilege is a collection of related computer system operations that can be performed by users of the system.
-->Least privilege is a principle that users be granted the privilege for some activity only if there is a justifiable need to grant this authorization.

Research from : INTRODUCTION TO INFORMATION SYSTEMS (enabling and transforming business)-International Student Version
writer : R. KELLY RAINER Jr. and EFRAIM TURBAN

KALAU KAWEN DGN SEORANG PROGRAMMER.....

LAWAK SEORANG PROGRAMMER

Sebelum anda memutuskan untuk berkahwin dengan seorang "programmer", anda perlu pikir dengan semasak-masaknya dulu sebelum anda menyesal dikemudian hari.

Ini adalah contoh daripada seorang hamba Allah yang mengadu mengenai hubungan dia dan si suami, seorang programmer setiap hari.............

Suami: (Setelah balik lewat dari pejabat) "Selamat malam sayang, sekarang saya logged in."
Isteri: Abang ada beli tak barang yang saya pesan tadi?

Suami: Bad command or filename.

Isteri: Tapi kan ke saya dah call abang pagi tadi kat pejabat suruh abang beli!
Suami: Errorneous syntax. Abort?

Isteri: Ish. Abang nih, takkan itu pon tak ingat? Hahaa..... Abang kata tadi dalam telefon nak beli tv? Mana dia?
Suami: Variable not found...

Isteri: Abang nih memang tak bole harap la. Bak kad kredit abang. biar saya pergi belikan dan shopping barang dapur sekali.
Suami: Sharing Violation. Access denied...

Isteri: Abang ni tak sayang saya ke? abang lebih sayang komputer abang tu dari saya. Saya tak tahan la kalau macam ni selalu.
Suami: Too many parameters...

Isteri: Saya menyesal pilih abang sebagai suami saya. Harapkan muka je hensem.
Suami: Data type mismatch.

Isteri: Abang nih memang betul-betul tak berguna la.
Suami: It's by Default.

Isteri: Macamana pula dengan gaji abang?
Suami: File in use ... Try later.

Isteri: Kalau begitu, apa peranan saya disisi abang sebagai isteri?
Suami: Unknown Virus.

CYBERSQUATTING

CYBERSQUATTING

-cybersquatting is registering, trafficking in, or using a domain name with bad-faith intent to profit from the goodwill of a trademark belonging to someone else. It generally refers to the practice of buying up domain names that use the names of existing businesses with the intent to sell the names for a profit to those businesses.


THE HISTORY ABOUT CYBERSQUATTING

The practice that's come to be known as cybersquatting originated at a time when most businesses were not savvy about the commercial opportunities on the Internet. Some entrepreneurial souls registered the names of well-known companies as domain names, with the intent of selling the names back to the companies when they finally woke up. Panasonic, Fry's Electronics, Hertz and Avon were among the "victims" of cybersquatters. Opportunities for cybersquatters are rapidly diminishing, because most businesses now know that nailing down domain names is a high priority.

1. Find at least ONE website (give the URL) that you find as cybersquatting site.

http://www.pepsiworld.com/
(offer Pepsi product, Fashion, Sports, Music and Entertainment)

http://www.pepsi.co.uk/
(Pepsi MAXCAST. Your Portal to Max your Music on MySpace. MAX YOUR WEB,surf the Pepsi Wap site and find a bucket load of stuff everyday including games and so on)

http://www.pepsiCo.com/
(Pepsi Bottling Group Inc.)

2. Go to OPAC IIUM, find three books from Law, Human Science and Technology. Get the call numbers and ISBN numbers....

Pollution, politics, and international law : tankers at sea / R. Michael M'Gonigle and Mark W. Zacher
ISBN : 0520045130
Call number : d44 K3590.4M617P

Law and justice : an introduction / Richard A. Myren
ISBN : 0534081126
Call number : d61 KF384M998L

Criminal law : understanding basic principles / Charles W. Thomas, Donna M. Bishop
ISBN : 0803926685
Call number : d65 KF9219T455C

Science, technology & human values : MIT Press, Cambridge, Mass. 1978-
ISBN : 0162-2439
Call number : j Q175.4S416S

Human rights and scientific and technological development : studies on the affirmative use of science and technology for the furtherance of human rights ... by the United Nations Human Rights Commission / edited by C.G. Weeramantry
ISBN : 9280807315
Call Number : Q175.5H918W

Human resource development and information technology : making global connections / edited by Catherine M. Sleezer, Tim L. Wentling, Roger L. Cude.
ISBN : 0792375947
Call number : HD30.2H918S

3. Explore Bro. Asmady blog and tell me at least 3 things you like about his blog....

• The blog looks simple and attractive.
• Thru the blog there have a link in order for user to contact him thru call or e-mail.
• The blog display announcement or information about study to student.
• Besides, his blog also have a shout box for user express their impression.

4. Name the URL for Kulliyah of ICT.

http://kict.iiu.edu.my/

5.Go to CFS IIUM Library, find 10 books that categorized under Red spot collections...

• Foundations of mathematical physics / / Sadri Hassani

• Problems in physics / E.D. Gardiner and B.L. McKittrick

• Organizational structure and information technology / / by Jon Harrington

• Islamic law in the modern world / J. N. D. Anderson

• Origin and development of Islamic law / edited by Majid Khadduri and Herbert J. Leibesny; with foreword by Justice Robert H. Jackson

• Modern nutrition in health and disease / senior editor, Maurice E. Shils ; associate editors, Moshe Shike

• Calculus / / K.G. Binmore

• 3000 solved problems in precalculus / by Philip Schmidt

• Ecological biology : for A-level and intermediate students in Africa / editors, D. W. Ewer, J. B. Hall ; contributors G. C. Clerk

• Advanced organic chemistry : reactions, mechanisms, and structure / Jerry March

• Advanced inorganic chemistry : reactions, mechanisms, and structure / Jerry March