Lecture 8 Flashcards

1
Q

objectives of cyber ware are

A

1) cripple infrastructure
2) disrupt and confuse institutions and population
3) embarrass and punish agencies, firms and people
4) gather information to be used later

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what is cybersecurity

A

Cybersecurity is the body of technoligies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access

Main purpose is the preservation of confidentiality, integrity and available information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Dimensions of cyber security

A

Integrity

nonrepudiation

Authenticity

Confidenciality

privary

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Integrity (Dimensions of cyber security)

A

Has information transmitted or received been altered

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Nonrepudiation (Dimensions of cyber security)

A

Can a party to an action with me later deny taking the action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Authenticity (Dimensions of cyber security)

A

Who am I dealing with? How can I be assured that the person or entity is who they claim to be

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Confidentiality (Dimensions of cyber security)

A

Can someone other than the intended recipient read my messages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Privacy (Dimensions of cyber security)

A

Can I control the use of information about myself transmitted to an e-commerce merchant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Availability (Dimensions of cyber security)

A

Can I get access to the site?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Tension between security and other values

A

Security versus ease of use

erasing all private regulations versus clicking accept all cookies and trusting that others will do and signal you if not ok

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Ministry of internal affairs

A

Internet must be safe and secure for everyone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Ministry of justice

A

Internet and messaging and dark web must be open for legal investigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Good e-commerce security is based on three types of measures

A

1) technology solution
2) organizational policies (NIST)
3) Laws and industry standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Most common security threats in the E-commerce environment

A

Malicious code (virus, trojans etc)

Potentially unwanted programs

Phishing (Deceptive online attempt to obtain information) (scams)

Hacking

Data breach

Credit card fraud

Identity fraud

Spoofing (misrepresenting in email)

Sniffing (man in the middle atacks)

Denial of service attack (DDoS)

ETC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What can firms do to prevent cyber attacks

A

Firewall

Encryption

network security

Virtual privat networks

Authentication procedures

Proxy servers

Anti-virus software

Automated software updates

Intrusion detection/preventions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Technology solution 1: public key cryptography

A

1) sender creates a digital message
2) sender obtains the recipients pulbic key
3) Application of the recipeints key is used to produce and encrypt messages
4) Encrypted message is sent over the internet using the TCP ip protocols
5) the recipient softwware uses recipients private key to decipher the message

17
Q

Technology solution 2: public key cryptography: with signatures

A

1) sender creates a digital message
2) Sender applies a hash function producing a 128 bit hash result
3) sender obtains the recipients public key
4) recipients key is used to produce and ecnrypted message from the message and the hash result (double)
5) encrypted message is sent over the internet (using the TCP.IP protocols described in chapter 3)
6) Receiver uses the public key of the sender to decipher the message
7) The recipient (software) uses a private key to decipher the message and the hash function
8) The recipient (software) checks to ensure that the message and the hash math

18
Q

Digital envelope

A

A technique that uses symmetric encryption

19
Q

Digital certificate

A

A digital document (issued by a certification authority) that contains a variety of identifying information

The certificat ensures you to know that the other party is the one he says he is

20
Q

Certificat authority

A

A trusted third party that issues digital certificates

Public key infrastructure

Certification authorities and digital certificates that are accepted by all parties

21
Q

secure negotiated session using SSL and TLS (transaction layer security) You can use such sessions to buy and pay for stuff online

A

1) session ID and methods of encrypted negotiation
2) Certificates exchanged. identify both parties established
3) Client generates session key and uses server public key to create digital envelope. Sends to server. Server decrypts using private key
4) Encryped transmission using client generated session key begins

22
Q

Virtual private networks

A

Allows remote users to securely access internal networks

23
Q

Firewalls

A

Hardware or software that filters communication packets based on a security policy)

24
Q

Proxy servers

A

A security server that handles all communication from and to the internet

25
Q

Intrusion detection and prevention systems

A

Monitoring network traffic applying a security plicy

26
Q

A security plan consists of

A

1) risk assessment
2)Security policy
3) implementation plan
4) Security organization (educates and trains users)
5) security audits

27
Q

Auditing tools and services help firms

A

1) to assess the security of:
Technical platforms, business operations and personnel

2) To assess and monitor the actual threat levels, incidents and vulnerability

28
Q

How to make payment

A

1) consumer makes purchase
2) SSL/TLS provides secure connection through the internet to merchant server
3) Merchant software contacts clearing house
4) clearing house verifies account and balance with issuing bank
5) Issuing bank credits merchant account
6) monthly statement issued with debit for purchase

29
Q

Online stored value payment systems (e.g. paypall)

A

Client pays merchant by sending/agreeing via paypall without exchanging credit card details

Paypall takes the payment from the client bank account or from the clients paypall account

30
Q

Mobile payment systems

A

Based on near field communication: NFC chip like in iphone

31
Q

Social - mobile peer-to-peer

A

Payment systems such as snapcash, google wallet or tikkie)

32
Q

Blockchain technology

A

Enables organizations to create and verify transactions on a network, nearly instantaneously without a central authority

33
Q

Blockchain system

A

A transaction processing system that operates on a distributed and shraed database in a peer to peer network, rather than a single organization database

34
Q

Cryptocurrency

A

A purely digital asset that works as a medium of exchange using cryptography (and blockchain technology)

35
Q

Bitcoin

A

The most prominent example of cryptocurrency today

36
Q

disintermediation

A

reduction in the use of intermediaries between producers and consumers, for example by investing directly in the securities market rather than through a bank.