Introduction This unit is from our archive and it is an adapted extract from Networked living: exploring information and communication technologies (T175) which is no longer in presentation. If you wish to study formally at The Open University, you may wish to explore the courses we offer in this curriculum area. Many governments across the world are moving towards the use of infor
8 Summary This unit has discussed the importance of information assets to any modern organisation and has made the case for information security management. It has introduced you to extracts from the British Standard on Information Security Management and to the approach advocated in the Standard for establishing and managing an information security management system (ISMS). It has also introduced the PDCA cycle. A particular focus in this unit has been on the planning of an ISMS, and on the four tasks
6.2.2 Threats and vulnerabilities A hacker who threatens your organisation's information assets is taking advantage of vulnerabilities in the media and systems which handle them. Vulnerabilities and threats clearly go hand-in-hand: each threat is directed at a vulnerability. The relationship between information assets, threats, vulnerabilities and existing defences is illustrated in Author(s):
5.4 ISMS documentation In this subsection we shall consider Stages 1, 2 and 8 of the ISMS documentation task. Stage 3 is considered in Section 6. We shall not discuss Stage 9 in this unit.
5.2.1 ISMS documentation ISMS documentation is carried out at organisation level. Its purpose is to define the scope and context of the proposed system, and the approach to information security management that it will embody. It has five stages: three that initiate the planning process (Stages 1 to 3) and two that complete it (Stages 8 and 9). Stage 1: define the scope of the ISMS The context and scope of the ISMS are defined by considering the nature of the organisa
3.2.3. Regulation and codes of conduct Chapter 1 of the Set Book presents a case for effective information security based largely upon perceived threats and legal obligations. Chapter 2 introduces further imperatives, which govern specific types of organisation in the UK. 2.3 What is information security management? Information security management is the process by which the value of each of an organisation's information assets is assessed and, if appropriate, protected on an ongoing basis. The information an organisation holds will be stored, used and transmitted using various media, some of which will be tangible – paper, for example – and some intangible – such as the ideas in employees' minds. Preserving the value of information is mainly a question of protecting the media in which it is 2.1 What is information? Information comprises the meanings and interpretations that people place upon facts, or data. The value of information springs from the ways it is interpreted and applied to make products, to provide services, and so on. Many modern writers look at organisations in terms of the use they make of information. For instance, one particularly successful model of business is based on the assets that a firm owns. Assets have traditionally meant tangible things like money, property, plan 13 How do you protect children online? There is a lot of information available on how to protect younger members of the household, but quite often children know more than their parents and are able to bypass the protection that parents might have installed. You may view the computer as a major source of information, help, shopping, news, etc. Children like to use it for entertainment, downloading music, accessing chat rooms, playing games (and sometimes even homework). So when considering children's protection the Internet h 12.1 Home page hijackers A home page hijacker is malicious code, quite often attached to a web page, that resets the home page on your browser to one designated by the writer of the code rather than the one you chose. Although this is a low security threat, at the very least these hijackers cause inconvenience, and may give offence. Because of the covert way in which the hijackers are installed it is difficult to reset your home page to your original choice. Every time you re-start your computer and open the br 9 Adware and spyware The previous sections of this topic have been concerned with email, but the Internet provides yet more problems, in the form of adware and spyware on the Web. You may have seen pop-up messages on your browser screen offering services or products. What you may not realise is that if you respond to these messages, extra software may be installed alongside other programs without your knowledge. Adware Adware is ‘free’ software that is subsidised by displaying adverts 6.1 Identifying hoaxes The hoax message relies on the naivety of users in order to mislead them.
Do learn more about hoaxes: follow the links below and examine the messages you find. See how convincing they look. The Good Times Virus hoax The JDBGMGR.EXE hoax Both of these messages come from the Electronic Ephemera website, which allows you to search for hoaxes by name or keyword. Users who fall for these hoaxes can cause problems, 3.2 What do we mean by patches? Microsoft Windows is an example of an operating system (OS). These operating systems contain millions of lines of code, and inevitably there will be some errors in that code. Some malware writers set out to find these errors, or holes, in the code and exploit them to their own benefit. Whenever holes are found (by IT security people or groups, malware writers or the software developer) the operating system manufacturer will issue a fix for the particular problem. These fixes are referred to a 2.1 What is a virus? A virus is a piece of computer code – a program – that has been written to gain access to files or programs on your computer. The virus may enter your computer via floppy disk, by email or by your Internet connection. It will look at the files on your computer and infect some of them if it can. Acknowledgements The content acknowledged below is Proprietary (see terms and conditions) and is used under licence. All materials included in this unit are derived from content originated at the Open University. 4.5 What's going on when searching for your ancestors You have seen how general purpose search engines work. In this section we consider some of the additional techniques that are important to genealogical searches. 3.6 Tracing your family tree In order to show some of the possibilities provided by the Internet, we have gone straight to searching for material online. A careful family historian would take a more measured approach, starting with the evidence to hand within their own family, and researching offline materials as well. Tracing your family tree involves repeating these steps: start with what you know record it decide what to pursue next 3.3 Focused search sites An alternative to using general purpose search engines is to make use of focused search engines that only index known genealogical sites. For example, the Genealogical Society of the UK and Ireland (GenUKI) provides a search engine. 8.1 Introduction This section continues with the work started in Section 7. Here you will build on your research to look at some recent applications of RFID and some of the issues surrounding its deployment. 4.9 Bluetooth The driving force for the development of the Bluetooth standard was to eliminate the need for connecting wires between local ICT devices such as keyboards, monitors, printers, PDAs (Personal Digital Assistants), cell phones and headsets. This was already possible using infrared technology, but the requirement for line-of-sight positioning between the communicating interfaces limits infrared's usefulness. Because Bluetooth uses radio waves, Bluetooth devices can communicate with each other wit
Activity 6
Activity 24
