Page 429 - Using MIS
P. 429
Q3 How Should You Respond to Security Threats? 397
that spend more to create the safeguards discussed in Q4–Q7 (later in this chapter) experience
less computer crime and suffer smaller losses when they do. Security safeguards do work!
If you search for the phrase computer crime statistics on the Web, you will find numerous
similar studies. Many are based on dubious sampling techniques, and some seem to be written
to promote a particular safeguard product or point of view. Be aware of such bias as you read.
Using the Ponemon study, the bottom line, as of 2013, is:
• The median average cost of computer crime is increasing.
• Malicious insiders are an increasingly serious security threat.
• Data loss is the principal cost of computer crime.
• Survey respondents believe mobile device data is a significant security threat.
• Security safeguards work.
Q3 How Should You Respond to Security Threats?
As stated at the end of Q1, your personal IS security goal should be to find an effective trade-off
between the risk of loss and the cost of safeguards. However, few individuals take security as
seriously as they should, and most fail to implement even low-cost safeguards.
Figure 10-7 lists recommended personal security safeguards. The first safeguard is to take
security seriously. You cannot see the attempts that are being made, right now, to compromise
your computer. However, they are there.
Unfortunately, the first sign you receive that your security has been compromised will be
bogus charges on your credit card or messages from friends complaining about the disgusting
email they just received from your email account. Computer security professionals run intru-
sion detection systems to detect attacks. An intrusion detection system (IDS) is a computer
program that senses when another computer is attempting to scan or access a computer or net-
work. IDS logs can record thousands of attempts each day. If these attempts come from outside
the country, there is nothing you can do about them except use reasonable safeguards.
If you decide to take computer security seriously, the single most important safeguard
you can implement is to create and use strong passwords. We discussed ways of doing this in
Chapter 1 (pages 24–25). To summarize, do not use any word, in any language, as part of your
password. Use passwords with a mixture of upper- and lowercase letters and numbers and spe-
cial characters.
Such nonword passwords are still vulnerable to a brute force attack in which the password
cracker tries every possible combination of characters. John Pozadzides, a security researcher,
estimates that a brute force attack can crack a six-character password of either upper- or
• Take security seriously
• Create strong passwords
• Use multiple passwords
• Send no valuable data via email or IM
• Use https at trusted, reputable vendors
• Remove high-value assets from computers
• Clear browsing history, temporary files, and cookies
(CCleaner or equivalent)
• Regularly update antivirus software
• Demonstrate security concern to your fellow workers
• Follow organizational security directives and guidelines
Figure 10-7 • Consider security for all business initiatives
Personal Security Safeguards
