Week 11 Flashcards
Why is protection of enterprise data important, especially for electronic commerce?
Increasingly more and more business organizations are using computer systems and engaged in electronic commerce activities. Earlier only big organizations could afford to do B2B eCommerce, now medium and small organizations are also investing in ecommerce. Things are getting automated with reduced human involvement and more and more data are being exchanged with external parties. Also, by law, each trading partner is required to store their data for certain time (usually 5 yrs) to resolve any legal or contractual dispute, if arises. This means organizations are required to store vast amount of
data now-a-days. There are many incidents where company data were hacked by hackers.
Losing sensitive data means loss of business reputation and goodwill, lack of shareholders’ confidence and the possibility of losing business and fall of share value. All
these make protection of enterprise data very important.
What are the main types of computer crime?
computer network break-ins industrial espionage software piracy child pornography e-mail bombings password sniffers spoofing – electronically ‘disguising’ one computer to look like another credit card fraud spread of virus, worm etc.
Describe VISA security module for temper resistance.
The VISA security module is a computer kept inside a safe with lid switches, the modules will erase PIN numbers and keys when an unauthorized person tries to open it. As you can guess, PIN numbers are supposed to be secret, not even known to the bank staff. In Australia, when apply for a bank card (debit/credit), you get a letter that ask you to call a number to set your PIN. When you call that number, you are directed to a computer (in the visa security module) that let you set your own PIN by pressing the keypads on you phone. If you go to a bank branch, the staff will provide you with a terminal to do it. So, you set up your own PIN by interacting directly with the computer, without any direct involvement of human being. All the encrypted PIN and corresponding keys are stored in the computer in security module. Only service engineers can have access to the safe under supervised condition. One thing to note here is the importance of physical security for a secured system. A system can not be fully secured if it is not physically secured.
Classify risks and vulnerabilities into five general categories.
Technical threats could mean failure of network and poor system performance - technical vulnerabilities include unprotected connections to networks or servers.
Masquerading and communication infiltration could constitute a logical threat. Logical vulnerabilities could mean improper selection and use of passwords.
Human threat could be in the form of accidental incidents or even deliberate. Human vulnerabilities are usually due to lack of security awareness.
Physical threats could be theft or willful damage. Physical vulnerabilities arise when there is lack of physical protection.
Environmental threats encompass power failure, fire and water (flood). Lack of uninterruptible power supplies would contribute to environmental vulnerabilities.
What do you understand by “security policy” of an organization? Why is having a security
policy important for an organization?
A security policy decides what information to be protected, from whom and what level of protection is necessary. As mentioned earlier, a secured system is very much needed for enterprise data protection and a security policy guides the design of such system. That is why, a security policy is extremely important for an organization.
What are the different types of computer security threats to an organization?
The question is very much similar to Q.4. Additionally, technical threats can originate from outside as well as insider. From outside, it can be a single hacker, a group of hackers or an activity funded by an organization. It is much easier for a hacker to penetrate into a system when he has some knowledge about the system. There are cases
reported where an insider who has knowledge about the system collaborated with the hacker to launch an attack.
Why should temporary and part-time people be considered more risky than full-time
employees?
Security awareness is one of the important things that are needed to ensure security. Normally temporary and part-time people are less aware which makes them more risky.
Why is unsupervised access considered high-risk?
Unsupervised Access provides opportunities to learn about the system and make changes without the notice of others. A long track of unauthorized activity can go unnoticed building huge risk for the organization.
What are the steps one should follow to secure a system?
Establishing security policy: The first task is to establish a security policy. Here a technical management team decides what needs to be protected, level of protection and from whom. It also defines what responsibilities and roles each member will assume.
How the policy is going to be audited from time to time is also defined at this stage.
Designing security environment: Once the policy is formulated, the next step is to design the security environment which covers physical environment, physical security, hardware, operating system, firewalls, etc. As we know, security flaw in different OS and application software is different. Again, decision needs to be made on the number of firewalls and their configurations. All these have to fit within the budget allocation.
Deciding security mechanism: The next step is to decide security mechanisms, e.g., cryptographic technologies, authentication methods, security protocols etc.
Monitoring and auditing procedures: Regular monitoring of the system is needed. Automated tools, such as, Intrusion Detection System (IDS) can be employed for an
early detection of an attack. Regular backup of the system should be practiced and the steps that should be followed when an attack is detected would be formulated.
Summarise the key points related to incident response and forensics.
Analyze all available information: capture and record system information, back-up and isolate the compromised systems, examine logs, identify the attack used to gain access and what traces the intruder left behind.
Communication with relevant parties: Inform the other affected sites using a secure communication channel.
Collect and protect information: collect all relevant system and network logs from the compromised system, preserve evidence and contact law enforcement.
Contain the intrusion: temporarily shut down the system, disconnect the compromised system from the network, disable access, services and accounts, and monitor system and network activities.
Eliminate all means of intruder access: change passwords, reinstall compromised systems, restore executable program from original distribution, review system configurations,
correct system and network vulnerabilities, improve detection mechanism.
Return systems to normal operation: restore user data, reestablish availability of services and systems, and watch for signs of intruder’s return.
Implement lesson learned: re-evaluate and upgrade security policy and revise security documents.
