SYLLABUS

Managing information systems -Enterprise Management – Information Resource Management –

Technology Management –– IS planning methodologies – Critical Success Factors –Business
Systems Planning – Computer Aided Planning Tools— Security & Ethical Challenges-IS
controls –Facility Controls – Procedural Controls – Computer Crime – Privacy Issues – Hacking.

Enterprise management
Enterprise Management (EM), in broad terms, is the field of organizational development that
supports organizations in managing integrally and adapting themselves to the changes of a
transformation. An enterprise is an undertaking that needs to be managed for
desired results. A business organisation is an enterprise.
The definition of what constitutes Enterprise Management depends largely on the business
environment, but could include the following:

1. Network management and monitoring

2. Systems management and monitoring
3. Database management and monitoring
4. Application management and monitoring
5. application integrators
6. Incident management
7. Notification management and strategy
8. Performance management
9. Service management
10. Reporting
All of this depends on a number of factors, such as the business environment, products and
services, and the scope of business which means what the business want to achieve.

1. Network Management & Monitoring

The ability to monitor the network devices & network links is the foundation of any Enterprise
Management task. Network monitoring is a relatively easy given the appropriate focus, time &
resources. This would usually involve the identification & classification of network devices,

1
configuration of SNMP traps, loading & configuring MIB files, and then configuring the alerting
conditions with HP OpenView or any other . An effective Enterprise Management system must
include network management & fault reporting, otherwise the whole "enterprise" monitoring
concept is undermined.
SNMP (Simple network protocol) traps are alerts generated by agents on a managed device.
These traps generate 5 types of data: Coldstart or Warmstart: The agent reinitialised its
configuration tables. Linkup or Linkdown: A network interface card (NIC) on the agent either
fails or reinitializes.
A management information base (MIB) is a formal description of a set of network objects that
can be managed using the Simple Network Management Protocol (SNMP). The format of the
MIB is defined as part of the SNMP.

2. Systems Management & Monitoring

The monitoring of servers is critical to the success of any Enterprise Monitoring strategy. The
scope of this monitoring depends heavily on the business environment, but the business might
want to consider the monitoring of Windows, HP-UX, Solaris, AIX and Linux platforms,
both physical & virtual. Monitoring of servers will typically involve the installation monitoring
agents which pro-actively monitor the systems according to well-defined & agreed monitoring
baselines. Some examples of this are the monitoring of file systems, disks, critical processes,
important log files, as well as availability monitoring of the servers themselves. All servers
of importance should be monitored effectively within your environment.

3. Database management & monitoring

Once the servers are monitored using a well-defined and agreed strategy, the next natural
progression should be to start to consider the next tier, for example databases such as MS SQL,
Oracle, Sybase, or DB2. All critical databases should be monitored to some degree, whether this
is via in-house scripting and basic logfile/process monitoring, or
via a more advanced/complete mechanism.

2
4. Application management and monitoring
After considering network devices, servers and databases, the next thing to consider is
application monitoring. This is not complicated, it could mean the monitoring of simple
application processes, logfiles, or the running of scripts. The manager has to identify the critical
applications in use within the organisation and engage with those teams to ascertain what level of
monitoring would be useful. If they can identify current issues, or where they have
had problems/outages in the past, this can help drive the requirements for providing some basic,
but ultimately proactive monitoring in the application space. Once you have engaged with a
teamin this manner it might become apparent that more detailed monitoring is required.

5. Application integrations
To further enhance the monitoring capability the manager might also consider integrating
applications within the environment into the Enterprise Monitoring system. With any single-
point integration the manager should always consider the risks associated with such
configurations and try and mitigate these where possible - single-point integration can sometimes
mean single-point-of-failure. An alternative integration method can be to utilise a local
monitoring agent, so that an application agent sends alerts locally to the resident agent, which in
turn alerts to the central monitoring console using standard mechanisms. The benefit of this
approach is that the manager can eliminate the single-point-of-failure scenario, and also reduce
network traffic.

6. Incident Management
Incident management, in the context of Enterprise Monitoring, relates to how alerts & faults
highlighted In the monitoring environment are escalated and recorded in the incident
management system (for example HP Service Centre, BMC Remedy, ServiceNow). Once an
alert from the monitoring environment is produced it should be escalated to the incident
management system so that a record is created for the failure and the relevant team can update
the trouble-ticket with information on cause, effect, impact and resolution/remediation details
(where possible). This should be a gradual, phased approach to ensure the entire process works
as the business requires.

3
7. Notification management & strategy
Once the Enterprise Monitoring solution has matured the business may naturally consider the use
of a notification system. Support teams within the organisation might also be requesting this,
especially if the business has improved the monitoring capabilities for their particular domain.
The organisation might have some form of notification tool already in use within the business, so
this should be investigated and reviewed accordingly.

8. Performance & Capacity Management

Performance monitoring in this context does not simply mean monitoring servers for CPU or
disk utilisation. It is more concerned with creating a function whereby you can deliver
performance data to teams if they require it. This could be in the form of performance
graphs/reports for reviewing testing cycle phases, for analysing environments during major
faults/incidents, or for providing data evidence to support trending or capacity planning
exercises.

9. Service management
Senior management requires a Service Management view of their environment. They are keen to
be able to show the critical services within the organisation, and show alerts & status to indicate
service health/degradation. Once there is a mature Enterprise Management and monitoring
solution deployed, or at the very least the structure and plans to deliver such a solution, then
consideration can be given to providing a service management capability. There are various
tools that can help with providing a view of the health of your core business services, but a very
simple method is to utilise the data held within the incident management system, and represent
this data graphically. The benefit of using the incident management system itself is that this will
record alarms originating from the Enterprise Monitoring solution but will also record incidents
created from other sources, including those raised by clients and users.

10. Reporting
Effective reporting on metrics can help identify trends, show project benefits & ultimately justify
projects & resourcing. Examples of some useful types of reporting include incident reports
(tickets per team, for example), notification reports (frequency of out-of-hours callouts),

4
performance & capacity reports (CPU utilisation, free disk space etc.) and ultimately
service reports (indicating service levels, SLAs etc.). Reporting is not something that may need
to be considered at the onset of an Enterprise Management programme, but it should be
considered carefully and investigated completely when the requirement presents itself.

Approach For Enterprise Management

Three phases:
1. Phase 1
2. Phase 2
3. Phase 3
Phase 1
 Review the current IS environment, including hardware, software, personnel, processes &
procedures
 Define the project, the plan, the migration strategy (if applicable) and start to engage teams
 Purchase new software as required (for example agents, SPI modules, new products)
 Deliver the monitoring infrastructure - build, install, patch, review, refine, test,
document
 Create standardised OS monitoring baselines for all platforms - plan, test, review, refine
 Deploy OS monitoring baselines to all platforms - plan, deploy, review, refine, document
 Monitor network devices (and any other SNMP based devices)
 Monitor databases - plan, define baselines, test, review, refine, deploy, document
 Define & document all processes & procedures
Phase 2

 Define incident management requirements & strategy and deliver

appropriate solution
 Define notification requirements & strategy and deliver
appropriate solution
 Monitor applications (basic)
 Monitor applications (advanced)
 Application integrations
 Investigate all other critical areas that require monitoring

5
and plan/address accordingly
Phase 3
 Define patching strategy, product roadmaps, long-term plans etc.
 Review support - review agreements, consolidate as required, assess support
effectiveness & suitability
 Review licensing - bulk purchases, license management, true-up exercises etc.
 Define performance management requirements & strategy and deliver
appropriate solution
 Define service management requirements & strategy and deliver
appropriate solution
 Define reporting requirements & strategy and deliver appropriate solution

Information Resources Management

Information Resources Management (IRM) is an emerging discipline that helps managers assess
and exploit their information assets for business development. It is about the techniques of
managing information as a shared organizational resource. IRM includes the following:
1. Identification of information resources
2. Type and value of information they provide
3. Ways of classification, valuation, processing, storage and recovery of those information.
Without information resource management a company may find it difficult to recover useful
information with the stored data many of which will be unwanted. It is called drowning in data
without getting the information that is needed.

Technology Management
In technology management emphasis is given to business knowledge on information
technologies and information systems and their management. This includes:
 analysis of work flow
 design information systems or Web sites
 design and manage networks and intranets
 conceptualize and implement complex databases
 set up security measures

6
 build business-to-business networks.
 developing and identifying new technologies
Technology Management is a multi-disciplinary activity that focuses on the integration of
engineering, computer science, information technology, and business management for two
purposes:
1. the technology of management, which includes the design of information technology to
solve business problems, and
2. the management of technology.

The task of technology management can be under a different manager (chief technology
officer/manager) being a specialised subject.
 Rapid changes in technology
 Increasing applications and data
 Growth in business management understanding of technology
 The CTO plays an important role in technology management and developing competitive
strategy
 The CTO either may assess the old technology or develop new.
 The CTO must have excellent combination of business and technical skills.

Information system planning methodologies

 To assist in the achievements of business goals
 To ensure optimum use of resources
 To maximise benefits of technology change
 To take benefits of the expert view points of business professionals and information
technologists.
 SISP has to be cost effective, competitive and possible to integrate with business strategy
 align IS/IT with organisational goals
 The overall objective of SISP is to direct IS resources to those areas offering the most
important corporate benefits
 should provide competitive advantage to business
 Information system planning is vital to success in a competitive business environment.

7
 Often it leads to strategic information system planning (SISP).
 The plan shows the structure and development of the information system.
 The organisations strategic plan provide the basics for SISP.
 The overall responsibility will be with the Chief information officer (CIO)
 Master plan is reviewed by the steering committee.
 Master plan is integrated in the business strategic plan.
 Information policies and procedures are defined.
 Master plan will be short range and long range.

Information system planning is required to

 avoid expensive systems that won’t provide desired results
 to reduce overall cost of information system management for the desired purpose
 support integration with business strategy
 prioritise investments
 manage information to the best interest of the business
 coordinate the works of systems personnel and users
 align corporate objectives and IS strategy
 avoid expensive systems that won’t provide desired results
 to reduce overall cost of information system management for the desired purpose
 support integration with business strategy
 prioritise investments
 manage information to the best interest of the business
 coordinate the works of systems personnel and users
 make full use of opportunities
 avoid system duplication
 ensure compatibility of system with business goals
 avoid waste of resources

8
Business system planning (BSP)
Business system planning is a method of analysing, defining and designing the information
architecture of organisations. It was introduced by IBM for internal use only in 1981, although
initial work on BSP began during the early 1970s.

9
Security and ethical challenges
 Hacking
 Information theft
 Software piracy
 Unauthorised use
 Intellectual property violations
 Computer viruses and worms
 Online illegal transactions

Security management
 Antivirus
 Encryption
 Firewalls
 Denial of service attacks
 Monitoring mails
 Security codes
 Protection from illegal transaction
 Backup
 Security monitors
 Biometric security
 Failure control
 Fault tolerant systems
 Disaster recovery
 System controls and audit

Antivirus : Software designed and written to find out and destroy computer viruses.
Computer virus is software designed and written to enter, destroy and damage the system for
which it is designed

10
Encryption : Encryption is considered today the most effective way to achieve data security. To
read an encrypted file, you must have access to a secret key or password that enables you to
decrypt it. Unencrypted data is called plain text ; encrypted data is referred to as cipher text.

Firewall : In computing, a firewall is a network security system that monitors and controls the
incoming and outgoing network traffic based on predetermined security rules.

Denial of service attacks : In computing, a denial-of-service (DoS) attack is an attempt to make

a machine or network resource unavailable to its intended users, such as to temporarily or
indefinitely interrupt or suspend services of a host connected to the Internet. A distributed denial-
of-service (DDoS) is where the attack source is more than one–and often thousands of-unique IP
(Internet protocol) addresses.

Monitoring mails : Monitoring e-mail using mail monitoring software to know how it is being
used. This will keep a check on how the employees or other’s use your company’s, official or
personal e-mails

Security codes : Authorized business users create a Security Code when they are granted access
to a client's account and complete enrollment. This code is confidential and should not be shared
as it is used to identify and authenticate the user when they contact their bank for assistance via
phone, branch or online.

Protection from illegal transaction : Any cyber security method adopted to protect one’s
information including accounts etc., being transacted illegally.

Backup : In IT, a backup, or the process of backing up, refers to the copying and archiving of
computer data so it may be used to restore the original after a data loss event. The verb form is to
back up in two words, whereas the noun is backup.

Security monitors : These are electronic cameras and associated devices used to monitor and
survey critical areas including the cyber compartments and rooms.

11
Biometric security : Biometric software security systems enhance security by linking a unique
physical attribute of a user to the data that they are allowed to access. The user provides their
fingerprint (or other biometric) to the system, which is then authenticated against a stored
template.

Failure control : Failure of information technology systems and breaches in the security of data
upon which the Company relies could adversely affect the Company's future operating results.
Methods adopted to prevent the failure involves failure control systems. This can involve
computer systems failure monitors and audit.

Fault tolerant systems:Fault-tolerant computer systems are systems designed around the
concepts of fault tolerance. In essence, they must be able to continue working to a level of
satisfaction in the presence of faults.

Disaster recovery : Disaster recovery (DR) involves a set of policies and procedures to enable
the recovery or continuation of vital technology infrastructure and systems following a natural or
human-induced disaster.

Ethical challenges

 Information system raises various ethical issues

 Hence it needs specific principles for conduct on ethical issues.
 Modern information systems and the internet pose challenges to the protection of individual
privacy and intellectual property
 Information systems and the internet affects daily life
 Databases are used in appropriately by companies
 There are dangers inherent in the sue of information system and internet
 There are many cases of failures of ethical judgments in recent times in business: Enron,
Sathyam, Sahara… where information systems used to hide informational transparency and
used for cheating and defrauding the stakeholders.

12
What is ethics?

Principles of right and wrong that individuals acting as moral agents, use to make choices o
guide their behaviours.
Information systems raise ethical questions because they facilitate opportunities for:
 intense social changes
 threatening existing distribution of political and other balances (money,rights and
obligations)
 New kinds of criminal activities
 threats to security

Carry out ethical analysis

 Identify and clearly describe the facts
 Define the conflict and dilemma and identify higher values involved
 Identify the stakeholders
 Identify the options
 Identify the potential consequences of options

Information Systems Control

 Information systems control is required to protect the information system and ensure its
safety and security
 comprises and involves various methods, processes, policies and procedures
 Ensures protection of information system assets
 Ensures accuracy and reliability of records, and operational adherence to management
standards

General controls
 Establish framework for controlling design, security and use of computer systems for
information.

13
  Include software, hardware, computer operations, data security, implementation and
administrative controls.

Application controls
[An application programme is a programme designed to perform a specific function directly for
the user or, in some cases, for another application programme Examples of applications include
word processors, database programmes, Web browsers, development tools, drawing, paint,
image editing programmes and communication programmes.]
 Unique to each application of computer.
 Includes input, processing and output controls.

Online transaction processing

 Transactions entered online are immediately processed by computer

Fault tolerant computer systems

 Contain extra hardware, software and power supply components

High availability computing

 Tools and controls enabling system to recover from a crash

Disaster recovery plan

 Runs business in the event of computer outage (temporary suspension)

Load balancing
 Distributes load for access among multiple servers

Mirroring
 Duplicating all processes and transactions of server on backup server to prevent any
interruption

14
Clustering
 Linking two computers together so that a second computer can act as a backup for the
primary computer or speed processing.

Firewalls
 Prevent unauthorised users from accessing networks

Intrusion detection system

 Monitors vulnerable points in network to detect and deter unauthorised intruders.

Creating an IS control environment:

 Encryption (coding and scrambling message for security)
 Identification (each party to identify each other)
 Message integrity (ability to ascertain transferred message is not intercepted or altered)
 Digital signature (attached digital code)
 Digital certificate (attachment to electronic message to verify the sender and to provide
receiver with means to encode reply)
 Secure electronic transaction (standard for credit card transactions etc. for electronic
transfer)

Facility controls
A facility information model is an information model of an individual facility that is integrated
with data and documents about the facility. The facility can be any large facility that is designed,
fabricated, constructed and installed, operated, maintained and modified; for example, a
complete infrastructural network, a process plant, a building, a highway, a ship or an airplane.
The difference with a product model is that a product model is typically a model about a kind of
product expressed as a data structure, whereas a facility information model typically is an
integration of 1000–10,000 components and their properties and relations and 10,000–50,000
documents. A facility information model is intended for users that search for data and documents
about the components of the facility and their operation.

15
A facility information model can be implemented in various ways. The essence is that the user of
a system by which the data and documents are accessed should experience it as one integrated
system. Nevertheless, the system may be constructed such that the documents are stored in a
simple directory or such that they are be stored in a separate document management system and
the data are stored in one or more databases. Important kinds of systems in which Facility
Information Models will most likely be implemented are document-oriented systems, such as
Electronic Document Management Systems (EDMSs), Content Management Systems (CMS
systems) or Enterprise Content Management Systems (ECM systems). Another kind of systems
in which facility information models may be implemented are more data-oriented systems, such
as Product Data Management Systems (PDM systems) and Product Lifecycle Management
Systems (PLM systems).

Facility Controls are methods that protect physical facilities and their contents from loss or
destruction.

Physical Facility Control

Physical facility control is methods that protect physical facilities and their contents from loss
and destruction. Computer centers are prone to many hazards such as accidents, thefts, fire,
natural disasters, destructions etc. Therefore physical safeguards and various control procedures
are required to protect the hardware, software and vital data resources of computer using
organizations.

Physical Protection Control

Many type of controlling techniques such as one in which only authorized personnel are allowed
to access to the computer centre exist today. Such techniques include identification badges of
information services, electronic door locks, security alarm, security policy, closed circuit TV
and dust control etc., are installed to protect the computer centre.
There are various facilities:
 Institutional
 Research
 Business

16
  Industrial
 Government offices
 Military
 Recreational
The control systems include:
 Physical control
 IT based control

Procedural controls
Procedural security controls are security controls that mitigate identified risks by way of policies,
procedures or guidelines. As opposed to other controls, procedural controls rely on users to
follow rules or performs certain steps that are not necessarily enforced by technical or physical
means.
e.g. incident response processes, management oversight, security awareness and training, etc
Summary
Three control systems are required:
1. Information system controls
2. Procedural controls
3. Facility controls

17
Computer Crimes
Crimes that use computer networks or devices to advance other ends include: Fraud and identity
theft (although this increasingly uses malware, hacking and/or phishing, making it an example of
both "computer as target" and "computer as tool" crime) Information warfare. Phishing scams.
Also called cyber crime, e-crime, electronic crime, or hi-tech crime.Cyber crimes may threaten a
nation’s security and financial health
Child pornography - Making or distributing child pornography.
Cyber terrorism - Hacking, threats, and blackmailing towards a business or person.
Cyber bully or Cyber stalking - Harassing others online.
Creating Malware - Writing, creating, or distributing malware (e.g. viruses and spyware.)
Denial of Service attack - Overloading a system with so many requests it cannot serve normal
requests.
Espionage - Spying on a person or business.
Fraud - Manipulating data, e.g. changing banking records to transfer money to an account.
Harvesting - Collect account or other account related information on other people.
Identity theft - Pretending to be someone you are not.
Intellectual property theft - Stealing another persons or companies intellectual property.
Phishing - Deceiving individuals to gain private or personal information about that person.
Salami slicing - Stealing tiny amounts of money from each transaction.
Spamming - Distributed unsolicited e-mail to dozens or hundreds of different addresses.
Spoofing - Deceiving a system into thinking you are someone you really are not.
Unauthorized access - Gaining access to systems you have no permission to access.
Wiretapping - Connecting a device to a phone line to listen to conversations.

Privacy Issues
Security, privacy and ethical issues go together in IT and MIS as they have many overlapping
aspects.
Information privacy, or data privacy (or data protection), is the relationship between collection
and dissemination of data, technology, the public expectation of privacy and the legal and
political issues surrounding them.

18
Privacy concerns exist wherever personally identifiable information or other sensitive is
collected and stored – in digital form or otherwise. Improper or non-existent disclosure control
can be the root cause for privacy issues. Data privacy issues can arise in response to information
from a wide range of sources, such as:
 Healthcare records
 Criminal justice investigations and proceedings
 Financial institutions and transactions
 Biological traits, such as genetic material
 Residence and geographic records
 Ethnicity
 Privacy breach
 Location based service and geolocation
The challenge in data privacy is to share data while protecting personally identifiable
information. The fields of data security and information security design and utilize software,
hardware and human resources to address this issue. As the laws and regulations related to Data
Protection are constantly changing, it is important to keep abreast of any changes in the law and
continually reassess your compliance with data privacy and security regulations.

As heterogeneous information systems with differing privacy rules are interconnected and
information is shared, policy appliances will be required to reconcile, enforce and monitor an
increasing amount of privacy policy rules (and laws). There are two categories of technology to
address privacy protection in commercial IT systems:
communication and enforcement.

SOAP (Simple Object Access Protocol) is a messaging protocol that allows programs that run on
disparate operating systems (such as Windows and Linux) to communicate using Hypertext
Transfer Protocol (HTTP) and its Extensible Markup Language (XML).

19
Protecting Privacy on the Internet
Furthermore, the same applies to any kind of traffic generated on the Internet (web-browsing,
instant messages, among others) . In order not to give away too much personal information, e-
mails can be encrypted and browsing of web pages as well as other online
activities can be done traceless via anonymizers, or, in cases those are not trusted, by open
source distributed anonymizers, so called mix nets. Renowned open-source mix nets are 12P—
the anonymous network or Tor (free software enabling anonymous communication) (The Onion
Router)

Hacking
Hacking means gaining unauthorised access to data in a system or computer.
In the 1990s, the term "hacker" originally denoted a skilled programmer proficient in machine
code and computer operating systems. In particular, these individuals could always hack on an
unsatisfactory system to solve problems and engage in a little software company espionage by
interpreting a competitor's code.
Unfortunately, some of these hackers also became experts at accessing password-protected
computers, files, and networks and came to known as "crackers." Of course, an effective and
dangerous "cracker" must be a good hacker and the terms became intertwined. Hacker won out
in popular use and in the media and today refers to anyone who performs some form of computer
sabotage.

There now are more than 100,000 known viruses with more appearing virtually daily. The
myriad of hackers and their nefarious deeds can affect any computer owner whether an
occasional home user, e-mailer, student, blogger, or a network administrator on site or on the
internet. No matter your level of computer use, you must protect your computer, business, or
even your identity. The best way to know how to protect your computer is to understand the
hacker's tools and recognize their damage.

Viruses, Exploits, Worms, and More

The term computer "virus" originated to describe machine code command inserted into a
computer's memory that, on execution, copies itself into other programs and files on the

20
computer. Depending on the hacker's intent, the design of a virus can merely be an
inconvenience or have very serious consequences up to a potential catastrophe.
Generally, a virus is a piece of software, a series of data, or a command sequence that exploits a
bug, glitch, or vulnerability. Each example is appropriately termed an "exploit." An exploit
causes unintended or unanticipated behavior to occur in a computer's operating system or
applications while propagating itself within the computer.
An exploit and operates through a network security vulnerability or "hole" without previous
access to the vulnerable system is a "remote" exploit. An exploit that needs prior access to a
system is termed a "local" exploit. These are usually intended to increase the hacker's access
privileges beyond those granted by a system administrator.
Worms are simply viruses that send copies over network connections. A bomb resides silently in
a computer's memory until set off by a date or action. A Trojan horse is a malicious program that
cannot reproduce itself, but is distributed by CD or e-mail.

Protect Your Computer: Avoid Computer Holes/Vulnerabilities

Install only trusted software and delete unknown emails. If you have any doubt about a piece of
software's function, do not install it. If you receive e-mails from random people's names, resist
your curiosity and do not open it, just delete it.
Under no conditions download or open attachments from anyone that you do not know and even
then be cautious. Banks and most companies that create online personal accounts will not send
you attachments. If they do, it is probably best to go to the company site and request the
download or at least see if it is legitimate. Avoid adult web sites, a hacker's paradise.
Whether in your e-mail or online, do not click on ads. If the ad is of interest, find the site. Be
careful with what you physically put into your computer. This is especially true for shared R/W
CDs, USB hard disks, or flash drives. This is an easy path for a virus to follow from computer to
computer.

Protection: Install Anti-Virus Software

Anti-virus software searches for evidence of the presence of viral programs, worm, bombs, and
Trojan horses by checking for the characteristic appearances or behaviors that is typical of these
programs. When found the program logs its discovery, its type, often its name or an identifier,

21
and it potential for damage. The anti-virus software then eliminates or isolates/quarantines the
infected files. For the individual, commercial software is relatively inexpensive; however, there
are free anti-virus programs available.
Since new viruses appear almost daily with new code it is imperative that you update you
antivirus program often to keep up with these threats; therefore, make sure to set your program to
update automatically. To avoid the annoyance of computer slowdown schedule full scale scans
late at night.

The same is true for your Windows Operating System. Very often, your OS is where hackers
discover the holes to exploit. Of course, in an ever-continuing battle, this software is
continuously updated with security patches.
Finally, secure your wireless network with a router that has a built in firewall. Almost all
wireless routers are set to no security when first installed. Log into the router and at least set it to
basic security with a strong password to replace the factory setting that any hacker knows. A
firewall or router that is not configured properly or non-existent allows hackers to scan
passwords, e-mails, or files that cross your network connection.

What is a 419 (Advance-fee Fraud) Scam?

An advance-fee fraud, also known as a 419 fraud, is a type of scam in which the victim is
convinced to advance money to a stranger. In all such scams, the victim is led to expect that a
much larger sum of money will be returned to him or her. The victim, of course, never receives
any of this money.
Those who fall for an advance-fee fraud and forward money to the criminal are likely to be
targeted for additional payments. That is, the criminal may claim that a second or third advance
is necessary before the victim will be entitled to receive the promised money.

An Early Version of the 419 Fraud

As far back as 17th century, an early version of this fraud was in use in Europe. Known as the
Spanish Prisoner fraud, the scam in that case consisted of a correspondence in which the criminal
would claim to be a prisoner who knows where some buried treasure is located. The "prisoner"

22
would ask for money to bribe the prison guards so that he could escape and get to the treasure. In
return for such money, the "prisoner" would promise to share the treasure with the target of the
scam.
In reality, the "prisoner" was not in jail at all and was simply using the story as a way to get his
hands on the target's money.

The Modern 419 Fraud

The modern version of the advance-fee fraud usually takes place via email correspondence. Like
the older version, it typically involves a promise of treasure. The "treasure" may involve a lottery
jackpot, a promise of a share of a large bank account, or some other made-up story to explain
why a large sum of cash will be forwarded to the victim.
The criminal will also make up a plausible story to explain why a fee is needed in advance. The
email may claim that a few hundred dollars are needed as an "application fee" to the contest that
has purportedly already been won. Another common claim is that the wire transfer of such a
large sum of money involves fees that must be paid in advance.
Criminals running 419 fraud rings use many tricks designed to lure in even skeptical targets. For
example, they will send out mass mailings via the internet, but make each letter appear as though
it has been received by only one individual. They may provide working phone and fax numbers
to targets who demand them, and furnish documents that appear to have authentic government
seals and stamps.
Most people who receive an email offering millions of dollars in return for a comparatively small
advance fee will realize that it is nothing more than an attempt to defraud them. However, a tiny
percentage of targets will fall for the bait. When millions of solicitations go out, even a small
percentage of takers can represent a good profit for the criminal. This explains why the 419 fraud
continues to succeed despite the efforts of consumer awareness organizations to educate the
public with one simple rule: never send money, your bank account information, or your social
security number to a stranger.

Article 419 of Nigerian Criminal Code deals with obtaining property of others by frauds

23