11/20/2015. ACS 3907 E-Commerce. Security Problems. What could go wrong? Instructor: Kerry Augustine December 1 st Consumers
|
|
- Peter Benson
- 8 years ago
- Views:
Transcription
1 ACS 3907 E-Commerce Instructor: Kerry Augustine December 1 st 2015 Security Problems 2 What could go wrong? Consumers Can t access website Lose money Frustrated with sellers Lose personal/credit info Stolen personal identity Merchants Sold product/service not paid for Certain functions stop working Shut down website Lose business/trust Lose client data! Develop bad reputation Lose clients and sponsors The Internet was not designed as a global marketplace with a billion users! 3 1
2 Examples of Cyber Crime Hacking Some hackers do it out of pride/joy Recently becoming more of organized crime Stolen data/information (proprietary, copyrights, intellectual property) Less risky to steal online Financial theft and identity theft Can rob remotely and almost anonymously (if don t get caught) Credit card fraud accumulated to ~$11 B in 2014 in U.S. Cyber stalking/harassment/spying Cyber warfare Attack on government and financial institutions 4 Examples of Cyber Crime While it Isn t Always About The MONEY It often is!!! Organized crime generates significant revenue from cybercrime! Estimated to exceed the drug trade! 5 Value of Stolen Information Sell stolen info to underground economy servers Goal is not always money; could be vandalism, disruption to website, damage organization s reputation 6 2
3 EC Security Environment Concept of theft is same in digital market However, ways to reduce risk is more complicated Layers of security: Data Technological solution Organizational policies/procedures Laws/industry standards Information has a time value protecting info for a day or year is sometimes enough Cost of security is high Security is a chain easiest target is the weakest link 7 Dimensions of EC Security Integrity = ability to ensure info has not been altered by an unauthorized party 8 Dimensions of EC Security Non-repudiation = ability to ensure EC participants don t deny their online actions 9 3
4 Dimensions of EC Security Authenticity = ability to identify the identity of party of transaction 10 Dimensions of EC Security Confidentiality = ability to ensure data are available only to those who are authorized to access them Right to have private info remain confidential If one s data is revealed (e.g. no longer confidential), it doesn t necessarily mean that person s privacy has been compromised 11 Dimensions of EC Security Privacy = ability to be in control of others access to info about ourselves Right to privacy 12 4
5 Dimensions of EC Security Privacy = ability to be in control of others access to info about ourselves Right to privacy 13 Dimensions of EC Security Availability = ability to ensure EC site continues to function as intended 14 Implementation Tradeoffs Security costs Development time (technical solution, policy enforcement) Ongoing computational overhead (data storage, technical support) Ongoing policy/procedural overhead Creates more opportunities for hackers Poorly designed software can (easily) result in increase in software complexity and size Demand of real time response needs Together contribute to flaws and vulnerabilities exploited by hackers Harder to use deter customers Implementation should be weighed against potential loss of what it is protecting 15 5
6 Cost of Cyber Security 16 A Typical E-commerce Transaction Figure 5.2, Page 269 Copyright 2013 Pearson Education, Inc. Slide 5-17 Vulnerable Points in an E-commerce Transaction Figure 5.3, Page 257 Copyright 2013 Pearson Education, Inc. Slide
7 Electronic Commerce Threats Advanced persistent threat (APT) usually refers to a group, such as a foreign government or organized crime, with both the capability and the intent to persistently and effectively target a specific entity. 19 Electronic Commerce Threats Client Threats Active Content Java applets, Active X controls, JavaScript, and VBScript Programs that interpret or execute instructions embedded in downloaded objects Malicious active content can be embedded into seemingly innocuous Web pages -- launched when you use your browser to view the page 20 Electronic Commerce Threats Client Threats -- Cookies remember user names, passwords, and other commonly referenced information Exercise Go to cookie FAQs on text links page or: Are cookies dangerous? How did they get to be called cookies? What are the benefits of cookies? 21 7
8 Graphics, Plug-ins, and Attachments Code can be embedded into graphic images causing harm to your computer Plug-ins are used to play audiovisual clips, animated graphics Could contain ill-intentioned commands hidden within the object attachments can contain destructive macros within the document 22 Communication Channel Threats Secrecy Threats Secrecy is the prevention of unauthorized information disclosure - technical issue Privacy is the protection of individual rights to nondisclosure - legal issue regarding rights Theft of sensitive or personal information is a significant danger Your IP address and browser you use are continually revealed while on the web 23 Communication Channel Threats An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet untraceable. It is a proxy server computer that acts as an intermediary and privacy shield between a client computer and the rest of the Internet. 1. Network Anonymizer: transfers your communications through a network of Internet computers between you and the destination. For example, a request to visit a web page might first go through computers A, B, and C before going to the website, with the resulting page transferred back though C, B, and A then to you. E.g., The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and individuals to share information over public networks without compromising their privacy. 2. Single-point Anonymizer: This type of anonymizer passes your surfing through a single website to protect your identify, and often offers an encrypted communications channel for passage of results back to the user. E.g., Anonymouse 24 8
9 Spamhaus suffers largest DDoS attack in history entire internet affected (27-Mar-2013) Spamhaus, an IP blacklisting service, has been under a distributed denial-of-service (DDoS) attack for a week. Attack traffic has been rated at up to 300Gbps three times higher than the previous record, and six times greater than the typical attack recently targeting US banks. Attack traffic was rated at up to 300Gbps three times higher than the previous record, and six times greater than the typical attack recently targeting US banks. The result was a slow down in Internet traffic that was felt globally. 25 Communication Channel Threats Integrity Threats Also known as active wiretapping Unauthorized party can alter data Change the amount of a deposit or withdrawal Necessity Threats Also known as delay or denial threats Disrupt normal computer processing Deny processing entirely Slow processing to intolerably slow speeds Remove file entirely, or delete information from a transmission or file Divert money from one bank account to another 26 Server Threats The more complex software becomes, the higher the probability that errors (bugs) exist in the code Servers run at various privilege levels Highest levels provide greatest access and flexibility Lowest levels provide a logical fence around a running program Contents of a server s folder names are revealed to a browser Cookies should never be transmitted unprotected Sensitive files such as username and password pairs or credit card numbers Hacking and Cracking -- the Web server administrator is responsible for ensuring that all sensitive files, are secure. 27 9
10 Database Threats Once a user is authenticated to a database, selected database information is visible to the user. Security is often enforced through the use of privileges Some databases are inherently insecure and rely on the Web server to enforce security measures 28 Other Threats Common Gateway Interface (CGI) Threats CGIs are programs that present a security threat if misused CGI programs can reside almost anywhere on a Web server and therefore are often difficult to track down CGI scripts do not run inside a sandbox, unlike JavaScript 29 Other Threats Other programming threats include Programs executed by the server Buffer overruns can cause errors Runaway code segments The Internet Worm attack was a runaway code segment Buffer overflow attacks occur when control is released by an authorized program, but the intruder code instructs control to be turned over to it 30 10
11 Other Threats Employees are the most-cited culprits of incidents Percentage of respondents that point the finger at current employees jumped over 10% in one year ( ) PricewaterhouseCoopers (PwC) The Global State of Information Security Survey Example: Data Storage Problem How to handle extremely sensitive data? National project, health data, personal information Where to store data? Option 1: single, secured repository in project headquarters Option 2: multiple, smaller, secure repositories in individual provinces Pros/Cons? Points of failure? Risks? 32 Common Security Problems Malicious code/malware Unwanted programs Phishing and identity theft Hacking and cyber vandalism Credit card fraud/theft Spoofing Denial of service (DoS) and distributed DoS (DDoS) attacks Sniffing Insider attacks 33 11
12 Malware Includes a variety of threats e.g., viruses, bots Originally, hackers want to cause computers to malfunction Evolved intent became organized crime to steal: s Credentials Personal data Financial information Can be imbedded in ad chains and attachments Click on link Download and execute attachment Click on malicious site Usually attack client computers 34 Malware (cont.) Virus = program that replicates itself and spread to other files Can display message/image, delete files, reformat drive Macro virus affects specific applications File-infecting virus affects executables usually Script virus written by scripting language (e.g. VBscript) Usually combined with worms Worm = malware that spreads from computer to computer Doesn t necessarily need to be activated to replicate itself Trojan horse = program masking real intention E.g., game that masks intent to steal passwords Bots = malware that makes client computer act as slave Responds to attacker s commands E.g., send spam to others Botnet = network of captured computers 35 Unwanted programs Trojan = Programs installed without user consent, but fooled into installing it Usually difficult to uninstall Adware = typically pop-up ads displayed on certain sites Annoying Not usually criminal activity Browser parasite = monitor and change browser settings Often comes with adware E.g., homepages, sites visited Spyware = program that obtains user info via keystrokes, copies of s/chats, screenshots Often used for identity theft Can come from untrusted HTTP cookies 36 12
13 Phishing Like fishing for information Deceptive online attempt by third party to get confidential information for financial gain No malware involved Uses straightforward misrepresentation and fraud Analogous to a con artist, who tricks people into voluntarily giving what is requested E.g., scams, account verifications, quota exceeded Offers to give you something as long as you respond with certain information Hacking and Cyber Vandalism Hacker = individual who intends to gain unauthorized access to a computer Cracker = hacker with criminal intent Typically excited by thrill of breaking into corporate/govt sites Cyber vandalism = methods used to intentionally disrupt, deface, or destroy a site White hats = good hackers hired to help locate/fix security flaws by hacking into site externally Black hats = hackers who act with intention of causing harm E.g., reveal confidential or proprietary information due to belief that the info should be free Grey hats = hackers who believe they are pursuing greater cause by breaking in and revealing system flaws Reward: prestige of discovery of security flaws; recognition i.e. Anonymous 39 13
14 This is NOT Ethical Hacking! Individuals appearing in public as Anonymous, wearing Guy Fawkes masks. A member holding an Anonymous flier at Occupy Wall Street, a protest that the group actively supported, September 17, Credit Card Fraud Biggest fear for online shopping Few occurrences in actuality ~1.4% of all online card transactions Most common form today is to hack into corporate server where millions of credit card purchases are stored Hard to verify customer s identity in online environment 41 Spoofing Misrepresent oneself via fake s or use of fake name Pharming = spoofing a website E.g., link to a fake site Can harm businesses (e.g., steal customers, create bad reputation) Can harm customers (e.g., lose money) Spam/junk websites = sites that promise some product or service but are simply collection of ads Often contains malware Splogs = spam blogs Created to raise search engine rankings of affiliated sites 42 14
15 (D)DoS Denial of service attack = flood website with useless page requests to overwhelm servers Cause site to shut down Can cause site to lose money and customers Blackmail owners to pay for removal of attack Distributed denial of service attack = uses numerous computers as launch points for the attack Often involve botnets 43 Sniffing Eavesdropping program that monitors information traveling on a network Positive use: help identify trouble spot on network Negative (criminal) use: steal proprietary information (e.g., s, confidential files) wiretap = hidden code in s that allows someone to monitor all subsequent messages forwarded with original U.S. law allows ISPs to install wiretaps to access customer s Bill C-30 Canada 44 The Next Wave! CONSUMERIZATION of IT Consumerization will force more IT changes over the next 10 years than any other trend. - Gartner MOBILITY 45 15
16 Security in the Cloud Bypasses traditional IT You put your data where!!! On demand services (OPX Vs CAPX) Location of data Impacts on data privacy legislation Foreign government search Lack of control Moves IT from service provider to contract manager (SLA S, Security, IMA) Ability to audit Exit Strategy (How do you get your data out) 46 Bill C-51 Bill C-51, also known as the Anti-terrorism Act, 2015, was designed to, encourage and facilitate information sharing between Government of Canada institutions in order to protect Canada against activities that undermine the security of Canada. The Conservative Party introduced the act in January 2015 after the Parliament Hill shooting October The government wants to allocate more power to police services and security institutions like the Canadian Security Intelligence Service (CSIS) to keep a closer eye on potentially dangerous terrorism situations and prevent future attacks. According to the act s official summary, Bill C-51 would ensure safer transportation services for Canadians, allow law enforcement to step in and arrest, without question, a person they suspect is about to carry out a terrorist attack, and it would increase the protection of witnesses who come forward with information on a potential terrorist attack. Essentially, the government would increase its role in national security to keep a constant watchful eye on potentially harmful situations and end them before anyone is hurt or killed. Civil liberty groups and other critics have claimed the bill stretches the definition of security to potentially include peaceful protests, further restricts freedom of expression, and raises privacy concerns, since the act would allow federal institutions such as Health Canada and Revenue Canada to share private information with the RCMP. Critics have also expressed grave concerns that it fails to define terrorism clearly, and in attempting to remove all terrorist propaganda from the Internet will effectively try to censor freedom of expression on the Internet. Amendments are currently being considered as government responds to protest
E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.
Copyright 2007 Pearson Education, Inc. Slide 5-1 E-commerce business. technology. society. Second Edition Kenneth C. Laudon Carol Guercio Traver Copyright 2007 Pearson Education, Inc. Slide 5-2 Chapter
More information7 Cs of WEB design - Customer Interface
7 Cs of WEB design - Customer Interface Exhibit 6-1: The 7Cs of the Customer Interface Context Site s layout and design Content Text, pictures, sound and video that web pages contain Commerce Site s capabilities
More information10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
More informationThreats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1
Threats and Attacks Modifications by Prof. Dong Xuan and Adam C. Champion Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to:
More informationE-COMMERCE and SECURITY - 1DL018
1 E-COMMERCE and SECURITY - 1DL018 Spring 2009 An introductury course on e-commerce systems alt. http://www.it.uu.se/edu/course/homepage/ehandel/vt09/ Kjell Orsborn Uppsala Database Laboratory Department
More informationE-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications
Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html
More information9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500
INFO 1500 9. Information Assurance and Security, Protecting Information Resources 11. ecommerce and ebusiness Janeela Maraj Tutorial 9 21/11/2014 9. Information Assurance and Security, Protecting Information
More information資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系
資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系 Outline Infosec, COMPUSEC, COMSEC, and Network Security Why do we need Infosec and COMSEC? Security
More informationCOB 302 Management Information System (Lesson 8)
COB 302 Management Information System (Lesson 8) Dr. Stanley Wong Macau University of Science and Technology Chapter 13 Security and Ethical Challenges 安 全 與 倫 理 挑 戰 Remarks: Some of the contents in this
More informationSpyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.
Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References
More informationChapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers 2012. Your Interactive Guide to the Digital World
Chapter 11 Manage Computing Securely, Safely and Ethically Discovering Computers 2012 Your Interactive Guide to the Digital World Objectives Overview Define the term, computer security risks, and briefly
More information6. ecommerce Security and Payment Systems. Alexander Nikov. Teaching Objectives. Video: Online Banking, Is It Secure?
INFO 3435 ecommerce 6. ecommerce Security and Payment Systems Alexander Nikov Teaching Objectives Explain the scope of ecommerce crime and security problems. Describe the key dimensions of e-commerce security.
More informationOVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft
OVERVIEW 2 1. Cyber Crime Unit organization 2. Legal framework 3. Identity theft modus operandi 4. How to avoid online identity theft 5. Main challenges for investigation 6. Conclusions ORGANIZATION 3
More informationITSC Training Courses Student IT Competence Programme SIIS1 Information Security
ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know
More informationThe Information Security Problem
Chapter 10 Objectives Describe the major concepts and terminology of EC security. Understand phishing and its relationship to financial crimes. Describe the information assurance security principles. Identify
More informationNetwork Security and the Small Business
Network Security and the Small Business Why network security is important for a small business Many small businesses think that they are less likely targets for security attacks as compared to large enterprises,
More informationNetwork Security: Introduction
Network Security: Introduction 1. Network security models 2. Vulnerabilities, threats and attacks 3. Basic types of attacks 4. Managing network security 1. Network security models Security Security has
More informationIT SECURITY. 37th NSAA ANNUAL CONFERENCE. David Coles, CPA, CISA, CFF Arkansas Legislative Audit. Today s Objectives
IT SECURITY 37th NSAA ANNUAL CONFERENCE David Coles, CPA, CISA, CFF Arkansas Legislative Audit To Understand Today s Objectives Background of ALA Information Systems (IS) IT Controls Our Methodology Cyber
More informationOCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875
OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,
More informationDetailed Description about course module wise:
Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference
More informationWEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project
WEB SECURITY Oriana Kondakciu 0054118 Software Engineering 4C03 Project The Internet is a collection of networks, in which the web servers construct autonomous systems. The data routing infrastructure
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationNEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT
Appendix A to 11-02-P1-NJOIT NJ OFFICE OF INFORMATION TECHNOLOGY P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT The Intent
More informationTopic 1 Lesson 1: Importance of network security
Topic 1 Lesson 1: Importance of network security 1 Initial list of questions Why is network security so important? Why are today s networks so vulnerable? How does Melissa virus work? How does I love you
More informationOhio University Computer Services Center October, 2004 Spyware, Adware, and Virus Guide
Ohio University Computer Services Center October, 2004 Spyware, Adware, and Virus Guide Definitions Malware is term meaning malicious software. Malware is software designed to disrupt a computer system.
More informationCHAPTER 10: COMPUTER SECURITY AND RISKS
CHAPTER 10: COMPUTER SECURITY AND RISKS Multiple Choice: 1. In a survey of more than 500 companies and government agencies, percent detected computer security breaches. A. 20 B. 75 C. 85 D. 99 Answer:
More informationCOSC 472 Network Security
COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html
More informationDon t Fall Victim to Cybercrime:
Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationThreat Events: Software Attacks (cont.)
ROOTKIT stealthy software with root/administrator privileges aims to modify the operation of the OS in order to facilitate a nonstandard or unauthorized functions unlike virus, rootkit s goal is not to
More informationOverview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms
Overview Common Internet Threats Tom Chothia Computer Security, Lecture 19 Phishing Sites Trojans, Worms, Viruses, Drive-bydownloads Net Fast Flux Domain Flux Infiltration of a Net Underground economy.
More informationThis chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How
This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How Network Security Is Breached Network Security Policy
More informationIBM Protocol Analysis Module
IBM Protocol Analysis Module The protection engine inside the IBM Security Intrusion Prevention System technologies. Highlights Stops threats before they impact your network and the assets on your network
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationINFOCOMM SEC RITY. is INCOMPLETE WITHOUT. Be aware, responsible. secure!
INFOCOMM SEC RITY is INCOMPLETE WITHOUT Be aware, responsible secure! U HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD FASTEN UP!
More informationTYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME. Haya Fetais & Mohammed Shabana. Saint Leo University COM- 510
TYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME Haya Fetais & Mohammed Shabana Saint Leo University COM- 510 November 23, 2014 Introduction Globalization and technological developments have infiltrated
More informationSpyware. Summary. Overview of Spyware. Who Is Spying?
Spyware US-CERT Summary This paper gives an overview of spyware and outlines some practices to defend against it. Spyware is becoming more widespread as online attackers and traditional criminals use it
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More information20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7
20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic
More informationWhen you listen to the news, you hear about many different forms of computer infection(s). The most common are:
Access to information and entertainment, credit and financial services, products from every corner of the world even to your work is greater than ever. Thanks to the Internet, you can conduct your banking,
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationAlexander Nikov. 9. Information Assurance and Security, Protecting Information Resources. Learning Objectives. You re on Facebook? Watch Out!
INFO 1500 Information Technology Fundamentals Learning Objectives 9. Information Assurance and Security, Protecting Information Resources Alexander Nikov Explain why information systems are vulnerable
More informationCybercrime in Canadian Criminal Law
Cybercrime in Canadian Criminal Law Sara M. Smyth, LL.M., Ph. D. Member of the Law Society of British Columbia CARSWELL Table of Contents Preface Table of Cases v xvii PART ONE Introduction to Cybercrime
More informationE-BUSINESS THREATS AND SOLUTIONS
E-BUSINESS THREATS AND SOLUTIONS E-BUSINESS THREATS AND SOLUTIONS E-business has forever revolutionized the way business is done. Retail has now a long way from the days of physical transactions that were
More informationSecurity Practices for Online Collaboration and Social Media
Cisco IT Best Practice Collaboration Security Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 2013 Cisco and/or its affiliates. All rights reserved.
More informationInformation Security By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore E-mail:bhu261@gmail.com Outline of Information Security Introduction Impact of information Need
More informationAVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out
More informationGlobalSign Malware Monitoring
GLOBALSIGN WHITE PAPER GlobalSign Malware Monitoring Protecting your website from distributing hidden malware GLOBALSIGN WHITE PAPER www.globalsign.com CONTENTS Introduction... 2 Malware Monitoring...
More informationThe McAfee SECURE TM Standard
The McAfee SECURE TM Standard December 2008 What is the McAfee SECURE Standard? McAfee SECURE Comparison Evaluating Website s Security Status Websites Not In Compliance with McAfee SECURE Standard Benefits
More informationCybercrimes NATIONAL CRIME PREVENTION COUNCIL
NATIONAL CRIME PREVENTION COUNCIL What is Cybercrime? A crime committed or facilitated via the Internet is a cybercrime. Cybercrime is any criminal activity involving computers and networks. It can range
More informationACCEPTABLE USAGE POLICY
For Sales For Support Call Us At Website sales@usserverhosting.com support@usserverhosting.com +911165025096,+911244059143 www. usserverhosting.com ACCEPTABLE USAGE POLICY Introduction The Acceptable Useage
More informationBarracuda Web Site Firewall Ensures PCI DSS Compliance
Barracuda Web Site Firewall Ensures PCI DSS Compliance E-commerce sales are estimated to reach $259.1 billion in 2007, up from the $219.9 billion earned in 2006, according to The State of Retailing Online
More informationHosting Acceptable Use Policy
Hosting Acceptable Use Policy Introduction The Acceptable Use Policy (as amended, modified or supplemented from time to time as set forth on KM Hosting a Trademark of Khazimulile Holdings Pty Ltd (KMH)
More informationSpam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning
Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Lee Zelyck Network Administrator Regina Public Library Malware, Spyware, Trojans
More informationRetail/Consumer Client. Internet Banking Awareness and Education Program
Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet
More informationHackers: Detection and Prevention
Computer Networks & Computer Security SE 4C03 Project Report Hackers: Detection and Prevention Due Date: March 29 th, 2005 Modified: March 28 th, 2005 Student Name: Arnold Sebastian Professor: Dr. Kartik
More informationE-Business, E-Commerce
E-Business, E-Commerce Lecture Outline 11 Instructor: Kevin Robertson Introduction to Information Systems Explain the differences between extranets and intranets as well as show how organizations utilize
More informationOnline Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange
The responsibility of safeguarding your personal information starts with you. Your information is critical and it must be protected from unauthorised disclosure, modification or destruction. Here we are
More informationCertified Cyber Security Analyst VS-1160
VS-1160 Certified Cyber Security Analyst Certification Code VS-1160 Vskills certification for Cyber Security Analyst assesses the candidate as per the company s need for cyber security and forensics. The
More informationBE SAFE ONLINE: Lesson Plan
BE SAFE ONLINE: Lesson Plan Overview Danger lurks online. Web access, social media, computers, tablets and smart phones expose users to the possibility of fraud and identity theft. Learn the steps to take
More informationCybersecurity for the C-Level
Cybersecurity for the C-Level Director Glossary of Defined Cybersecurity Terms A Active Attack An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources,
More informationInformation Security Threat Trends
Talk @ Microsoft Security Day Sep 2005 Information Security Threat Trends Mr. S.C. Leung 梁 兆 昌 Senior Consultant 高 級 顧 問 CISSP CISA CBCP M@PISA Email: scleung@hkcert.org 香 港 電 腦 保 安 事 故 協 調 中 心 Introducing
More informationCisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media
January 2012 Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document
More informationPROTECT YOUR COMPUTER AND YOUR PRIVACY!
PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That
More informationVulnerability Assessment & Compliance
www.pwc.com Vulnerability Assessment & Compliance August 3 rd, 2011 Building trust through Information security* Citizen-Centric egovernment state Consultantion workshop Agenda VAPT What and Why Threats
More informationWEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World
Securing Your Web World WEBTHREATS Constantly Evolving Web Threats Require Revolutionary Security ANTI-SPYWARE ANTI-SPAM WEB REPUTATION ANTI-PHISHING WEB FILTERING Web Threats Are Serious Business Your
More informationSample Employee Network and Internet Usage and Monitoring Policy
CovenantEyes Internet Accountability and Filtering Sample Employee Network and Internet Usage and Monitoring Policy Covenant Eyes is committed to helping your organization protect your employees and members
More informationEvolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance
Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance Introduction Microsoft s Cloud Infrastructure Evolution of Threats
More informationSecurity Goals Services
1 2 Lecture #8 2008 Freedom from danger, risk, etc.; safety. Something that secures or makes safe; protection; defense. Precautions taken to guard against crime, attack, sabotage, espionage, etc. An assurance;
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationTHE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS
THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com Overview The big picture: what does cybercrime look like today and how is it evolving? What
More informationThe Roles of Software Testing & QA in Security Testing
The Roles of Software Testing & QA in Security Testing Hung Q. Nguyen LogiGear, President and CEO Bob Johnson Independent, Security Consultant ASQ-SSQA Presentation, May 14, 2002 Objective To jump start
More informationContact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:
Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 2 Systems Threats and Risks Objectives Describe the different types of software-based attacks List types of hardware attacks Define
More informationSecurity A to Z the most important terms
Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationHomeland Security Red Teaming
Homeland Security Red Teaming Directs intergovernmental coordination Specifies Red Teaming Viewing systems from the perspective of a potential adversary Target hardening Looking for weakness in existing
More informationCracking and Computer Security
Cracking and Computer Security Ethics and Computing Chapter 4 Summer 2001 CSE 4317: Computer Security 1 Motivation Computer security is crucial for trust Cracking activity is harmful, costly and unethical
More informationPenetration Testing Service. By Comsec Information Security Consulting
Penetration Testing Service By Consulting February, 2007 Background The number of hacking and intrusion incidents is increasing year by year as technology rolls out. Equally, there is no hiding place your
More informationNETWORK SECURITY ASPECTS & VULNERABILITIES
NETWORK SECURITY ASPECTS & VULNERABILITIES Luis Sousa Cardoso FIINA President Brdo pri Kranju, 19. in 20. maj 2003 1 Background Importance of Network Explosive growth of computers and network - To protect
More informationProtecting Organizations from Spyware
A Websense White Paper Protecting Organizations from Spyware Abstract: Once considered only an annoyance, spyware has evolved from a nuisance to a malicious threat. Preventing spyware from infiltrating
More informationHow Security Testing can ensure Your Mobile Application Security. Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant
How Security Testing can ensure Your Mobile Application Security Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant Once More Consulting & Advisory Services IT Governance IT Strategic
More informationModule 5: Analytical Writing
Module 5: Analytical Writing Aims of this module: To identify the nature and features of analytical writing To discover the differences between descriptive and analytical writing To explain how to develop
More informationManaging Web Security in an Increasingly Challenging Threat Landscape
Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.
More informationCOMPUTER-INTERNET SECURITY. How am I vulnerable?
COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus Worm Trojan Spyware Adware Messenger Service 2 VIRUS A computer virus is a small program written to alter the way a computer
More informationLecture 7-1 Computer and Network Security. Based on slides 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Lecture 7-1 Computer and Network Security Participation Quiz You are the conductor of a train. It is headed down on one track where you see 5 workers fixing the track. They cannot hear, see, or feel the
More informationTop tips for improved network security
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
More informationOverview of computer and communications security
Overview of computer and communications security 2 1 Basic security concepts Assets Threats Security services Security mechanisms 2 Assets Logical resources Information Money (electronic) Personal data
More informationThe Benefits of SSL Content Inspection ABSTRACT
The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic
More informationWhen a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.
Ethical Hacking and Countermeasures Course Description: This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.
More informationWEB APPLICATION FIREWALLS: DO WE NEED THEM?
DISTRIBUTING EMERGING TECHNOLOGIES, REGION-WIDE WEB APPLICATION FIREWALLS: DO WE NEED THEM? SHAIKH SURMED Sr. Solutions Engineer info@fvc.com www.fvc.com HAVE YOU BEEN HACKED????? WHAT IS THE PROBLEM?
More informationNetwork security policy issues. Ilias Chantzos, Director EMEA & APJ NIS Summer School 2008, Crete, Greece
Network security policy issues Ilias Chantzos, Director EMEA & APJ NIS Summer School 2008, Crete, Greece 1 Sample Agenda Slide 1 The current threat landscape 2 IT security and policy leadership 3 The EU
More informationCorporate Account Takeover & Information Security Awareness
Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is for information purposes
More informationMidterm Chapter 1,2,3,5
BIS3587 Principle of E-Commerce 2012/1 Midterm Chapter 1,2,3,5 Chapter 1 Introduction to E-Commerce What is E-Commerce? E-Commerce is the use of Internet and Web to transact business E-Commerce is digitally
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationTHE HOME LOAN SAVINGS BANK. Corporate Account Takeover & Information Security Awareness
THE HOME LOAN SAVINGS BANK Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is
More informationPractical tips for a. Safe Christmas
Practical tips for a Safe Christmas CONTENTS 1. Online shopping 2 2. Online games 4 3. Instant messaging and mail 5 4. Practical tips for a safe digital Christmas 6 The Christmas holidays normally see
More informationACS-3921/4921-050 Computer Security And Privacy. Lecture Note 5 October 7 th 2015 Chapter 5 Database and Cloud Security
ACS-3921/4921-050 Computer Security And Privacy Lecture Note 5 October 7 th 2015 Chapter 5 Database and Cloud Security ACS-3921/4921-050 Slides Used In The Course A note on the use of these slides: These
More informationFERPA: Data & Transport Security Best Practices
FERPA: Data & Transport Security Best Practices April 2013 Mike Tassey Privacy Technical Assistance Center FERPA and Data Security Unlike HIPAA and other similar federal regulations, FERPA does not require
More informationIntroduction to Computer Security Table of Contents
Introduction to Computer Security Table of Contents Introduction... 2 1 - Viruses... 3 Virus Scanners... 3 2 - Spyware... 7 Spyware Scanners... 8 3 - Firewalls... 10 Windows Firewall... 10 4 - References...
More information