Lecture 8 Flashcards
objectives of cyber ware are
1) cripple infrastructure
2) disrupt and confuse institutions and population
3) embarrass and punish agencies, firms and people
4) gather information to be used later
what is cybersecurity
Cybersecurity is the body of technoligies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access
Main purpose is the preservation of confidentiality, integrity and available information
Dimensions of cyber security
Integrity
nonrepudiation
Authenticity
Confidenciality
privary
Availability
Integrity (Dimensions of cyber security)
Has information transmitted or received been altered
Nonrepudiation (Dimensions of cyber security)
Can a party to an action with me later deny taking the action
Authenticity (Dimensions of cyber security)
Who am I dealing with? How can I be assured that the person or entity is who they claim to be
Confidentiality (Dimensions of cyber security)
Can someone other than the intended recipient read my messages
Privacy (Dimensions of cyber security)
Can I control the use of information about myself transmitted to an e-commerce merchant
Availability (Dimensions of cyber security)
Can I get access to the site?
Tension between security and other values
Security versus ease of use
erasing all private regulations versus clicking accept all cookies and trusting that others will do and signal you if not ok
Ministry of internal affairs
Internet must be safe and secure for everyone
Ministry of justice
Internet and messaging and dark web must be open for legal investigation
Good e-commerce security is based on three types of measures
1) technology solution
2) organizational policies (NIST)
3) Laws and industry standards
Most common security threats in the E-commerce environment
Malicious code (virus, trojans etc)
Potentially unwanted programs
Phishing (Deceptive online attempt to obtain information) (scams)
Hacking
Data breach
Credit card fraud
Identity fraud
Spoofing (misrepresenting in email)
Sniffing (man in the middle atacks)
Denial of service attack (DDoS)
ETC
What can firms do to prevent cyber attacks
Firewall
Encryption
network security
Virtual privat networks
Authentication procedures
Proxy servers
Anti-virus software
Automated software updates
Intrusion detection/preventions