Short Presentation On Cyber Crime And Security which includes Cyber crime introduction and types , Hacking and its types, different Threats , and in last Prevention for Hacks and Threats.
Short Presentation On Cyber Crime And Security which includes Cyber crime introduction and types , Hacking and its types, different Threats , and in last Prevention for Hacks and Threats.
This is a summary of what cyber crime is all about, the history of cyber crime; motivation behind cyber attack as well as the various techniques used in committing those crimes; Cybercrime groups starting to operate like the Mafia; how cyber crimes exploits Web2.0 opportunites and Top Computer Secuity Actions.
Content:
What is phishing, history, how it works, statistics, types of phishing, how to identify it, how to take countermeasures, phishing kit, example of phishing attack.
-The project "Strengthening European Network Centres of Excellence in Cybercrime" (SENTER
project, Reference No HOME/2014/ISFP/AG/7170) is funded by the European Commission under
Internal Security Fund-Police 2014-2020 (ISFP). The main goal of the project is to create a single
point of Reference for EU national Cybercrime Centres of Excellence (CoE) and develop further the
Network of national CoE into well-defined and well-functioning community. More details here: http://www.senter-project.eu/
In this slide I present you an awareness about cyber security and crimes for students. Targeted audience are students aged 14-17 years of age. I also present common mistakes we all do in our lives that lead to cyber insecurities
Learn about the different types of Phishing Attacks; like Content-Injection, and MiTM attack, that can target you and your organization.
To know more about phishing prevention, read our in-depth article "How to Prevent a Phishing Attack? 17 Easy Hacks for Administrators"
https://blog.syscloud.com/phishing-attack/
Different Types Of Cyber Security ThreatsDaniel Martin
Phishing involves tricking users into interacting with malicious links or other techniques to install malware on a system. This is especially dangerous as phishing can come in many forms, as long as there is a link or an interactive option that has been tampered with. A successful phishing attack can steal passwords and other intellectual property and install malware. This is very worrying for businesses with bad cybersecurity, as they can easily access confidential data such as financial information.
This is a summary of what cyber crime is all about, the history of cyber crime; motivation behind cyber attack as well as the various techniques used in committing those crimes; Cybercrime groups starting to operate like the Mafia; how cyber crimes exploits Web2.0 opportunites and Top Computer Secuity Actions.
Content:
What is phishing, history, how it works, statistics, types of phishing, how to identify it, how to take countermeasures, phishing kit, example of phishing attack.
-The project "Strengthening European Network Centres of Excellence in Cybercrime" (SENTER
project, Reference No HOME/2014/ISFP/AG/7170) is funded by the European Commission under
Internal Security Fund-Police 2014-2020 (ISFP). The main goal of the project is to create a single
point of Reference for EU national Cybercrime Centres of Excellence (CoE) and develop further the
Network of national CoE into well-defined and well-functioning community. More details here: http://www.senter-project.eu/
In this slide I present you an awareness about cyber security and crimes for students. Targeted audience are students aged 14-17 years of age. I also present common mistakes we all do in our lives that lead to cyber insecurities
Learn about the different types of Phishing Attacks; like Content-Injection, and MiTM attack, that can target you and your organization.
To know more about phishing prevention, read our in-depth article "How to Prevent a Phishing Attack? 17 Easy Hacks for Administrators"
https://blog.syscloud.com/phishing-attack/
Different Types Of Cyber Security ThreatsDaniel Martin
Phishing involves tricking users into interacting with malicious links or other techniques to install malware on a system. This is especially dangerous as phishing can come in many forms, as long as there is a link or an interactive option that has been tampered with. A successful phishing attack can steal passwords and other intellectual property and install malware. This is very worrying for businesses with bad cybersecurity, as they can easily access confidential data such as financial information.
The body of technologies, processes and practices designed to protect networks, devices, programs and data from attack, damage, or unauthorized access is referred to as cyber security. It is also known as information technology security. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems.
Top Cyber Security institute in India - Gicseh.pdfGICSEH
GICSEH ranks as India's top cyber security institute, offering comprehensive training and expert guidance to prepare professionals for the dynamic field of cybersecurity.
Call us for Detailed Information: 8800955639
Top Cyber Security institute in India - Gicseh.pdfGICSEH
GICSEH ranks as India's top cyber security institute, offering comprehensive training and expert guidance to prepare professionals for the dynamic field of cybersecurity.
Call us for Detailed Information: 8800955639
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxarnoldmeredith47041
The uniqueness of the text:
61.5%
SHOW ALL MATCHES
Page address
Similarity
View in text
http://yandex.ru/
18.1%
Show
http://google.ru/
20.3%
Show
http://yandex.ru/
1%
Show
I NEED HELP WITH MY CONTENT EDIT THIS TEXT CHECK ANOTHER TEXT
Information Security Issues Faced by Organizations In any organization, Information Security threats may be many like Software assaults, theft of intellectual belongings, identity robbery, theft of gadget or statistics, sabotage, and facts extortion. A risk can be something which could take gain of a vulnerability to breach security and negatively adjust, erase, damage object or gadgets of interest. Software attacks imply an attack by Viruses, Worms, Trojan Horses and so forth. Many customers consider that malware, virus, worms, bots are all the same matters. But they're now not identical, the simplest similarity is that they all are malicious software program that behaves differently. Apart from these threats, there are some headache information security threats they are: Cyberattack Threats: - Cyber-attacks are, of course, establishments’ pinnacle problem. There are many methods cybercriminals can target companies. Each will motive distinct types of harm and need to be defended in opposition to in one-of-a-kind methods. Some attacks, consisting of phishing campaigns, are typically designed to thieve private information. Others, such as ransomware and denial-of-carrier assaults, have several feasible pursuits, ranging from extorting cash to disrupting business operations for political reasons. Cyber threats, unfortunately, are getting an increasing number of risks in these days clever international. But what precisely is cyber risk? A cyber threat is an act or viable act which intends to scouse borrow records (non-public or in any other case), damage records or motive a few types of digital damage. Today, the time period is nearly exclusively used to explain records safety topics. Because it’s tough to visualize how digital signals touring throughout a cord can represent an assault, we’ve taken to visualizing the virtual phenomenon as a bodily one. A cyber-attack is an assault this is hooked up in opposition to a corporation (that means our digital gadgets) making use of cyberspace. Cyberspace, a digital space that doesn’t exist, has grown to be the metaphor to assist us to understand virtual weaponry that intends to harm us. What is actual, but, is the purpose of the attacker as well as the potential impact. While many cyberattacks are mere nuisances, a few are quite serious, even potentially threatening human lives. Malware: - Software that plays a malicious project on a goal tool or community, e.g. Corrupting facts or taking on a machine. Ransomware: - An attack that involves encrypting information on the goal system and traumatic a ransom in alternate for letting the consumer has got right of entry to the facts again. These assaults range from low-level nuisances to severe incidents just like the locking do.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
3. CONTENT
S
INFORMATION SECURITY PROBLEM
E-COMMERCE SECURITY & LANDSCAPE
TECHNICAL MALWARE ATTACK METHODS: FROM VIRUSES
TO DENIAL OF SERVICE
NON TECHNICAL METHODS: FROM PHISHING TO SPAMAND
FRAUD
THE INFORMATION ASSURANCE MODEL AND DEFENSE
STRATEGY
THE DEFENSE: ACCESS CONTROL, ENCRYPTION, AND PKI
4. INFORMATION SECURITY
PROBLEM
WHAT IS INFORMATION SECURITY?
Information security refers to a variety of activities and methods that protect information systems,data, and procedures from any action
designed to destroy, modify, or degrade the systems and their operations.
It is a very broad field due to the many methods of attack as well as the many modes of defense. The attacks on and defenses for computers
can affect individuals, organizations, countries, or the entire Web.
WHAT IS EC SECURITY?
e-Commerce security refers to the principles which guide safe electronic transactions, allowing the buying and selling of goods and services
through the Internet, but with protocols in place to provide safety for those involved. Successful business online depends on the customers’
trust that a company has eCommerce security basics in place.
5. INFORMATION SECURITY
PROBLEM
WHAT IS CYBERWAR?
Cyberwarefare or ( Cyberwar ) refers to any action by a nation-state or international organization to penetrate another nation’s computer
networks for the purpose of causing damage or disruption. The attack usually is done through viruses, DoS, or botnets.
WHAT IS CYBERESPIONAGE?
Cyberespionage is the act of practice of obtaining secrets and information without the permission and knowledge of the holder of the
information from individuals, competitors, rivals, groups, government and enemies for personal, economic, political or military advantage
using methods on the internet.
Cyber attacks can be classified into two major interrelated categories:
I. Corporate Espionage
II. Political Espionage and Warfare
6. INFORMATION SECURITY
PROBLEM
CORPORATE ESPIONAGE
Many attacks target energy-related companies because their inside information is valuable.
example:- Nakashima ( 2011 ) reported that in November 2011, foreign hackers targeted a water plant control system in Illinois, causing
the pump to fail. The attackers also gained unauthorized access to the system database.
POLITICAL ESPIONAGE AND WARFARE
Political espionage and cyberwars are increasing in magnitude. Sometimes, these are related to corporate espionage.
Example:-In 2014, U.S. hackers in Illinois used DDoS malware to attack the official website of the Crimean referendum. A few days later,
major Russian government Web resources and state media websites were also attacked by DDoS malware.
7. THE DRIVERS OF EC SECURITY PROBLEMS
There are many drivers (and inhibitors) that can cause security problems to EC
The Internet’s vulnerable design
The shift to profit-induced crimes
The wireless revolution
The Internet underground economy
The dynamic nature of EC systems, and the role of insiders
The sophistication of the attacks
INFORMATION SECURITY
PROBLEM
8. BASIC E COMMERCE
SECURITY ISSUES AND
LANDSCAPE
THE EC SECURITY BATTLEGROUND
The essence of EC security can be viewed as a battleground between attackers and defenders and the defenders’
security requirements. This battleground includes the following components,
The attacks, the attackers, and their strategies
The assets that are being attacked (the targets) in vulnerable areas
The security defense, the defenders, and their
methods and strategy
9. THE THREATS, ATTACKS, AND ATTACKERS
1. Unintentional Threats Categories:
Human errors
Environmental Hazards
Malfunctions in the Computer System
2. Intentional threats
intentional attacks are committed by cyber criminal or hackers
Theft of data
Inappropriate use of data
Theft of laptops and other devices to steal data
Damaging computer resources
BASIC E COMMERCE
SECURITY ISSUES AND
LANDSCAPE
10. BASIC E COMMERCE
SECURITY ISSUES AND
LANDSCAPE
3. Cyber criminals
A. hacker
hacker is any skilled computer expert that uses their technical knowledge to overcome a problem.as well
as hacker can refer to any skilled computer programmer.
Single word we say who gains unauthorized access to a computer system.
B. Cracker (black hat)
having gained unauthorized access, crackers destroy vital data, deny legitimate users services
Hackers build things while cracker break things.
C. White hats
White hat hackers can be internet security experts. who are hired by companies to find vulnerabilities in
their computer system.
11. BASIC E COMMERCE
SECURITY ISSUES AND
LANDSCAPE
D. Grey hats
gray hat hacking does play a role in the security environment. One of the most common examples given
of a gray hat hacker is someone who exploits a security vulnerability in order to spread public awareness
that the vulnerability exists. In this case, experts might say that the difference between a white hat hacker
and a gray hat hacker is that the gray hat hacker exploits the vulnerability publicly, which allows other
black hat hackers to take advantage of it.
12. BASIC E COMMERCE
SECURITY ISSUES AND
LANDSCAPE
THE TARGETS OF THE ATTACKS IN VULNERABLE AREAS
Any part of an information system can be attacked. PCs, tablets, or smartphones can easily be stolen or attacked
by viruses and/or malware.
VULNERABLE AREAS
vulnerability information
Attacking E-mail
Attacking smartphones & wireless system
The vulnerability of RFID chips
The vulnerabilities business IT & E-commerce system
13. BASIC E COMMERCE
SECURITY ISSUES AND
LANDSCAPE
EC SECURITY REQUIREMENTS
Authentication
Authentication is a process used to verify (assure) the real identity of an EC entity, which could be an
individual, software agent, computer program, or EC website.
Authorization
Authorization is the provision of permission to an authenticated person to access systems and perform certain
operations in those specific systems.
Auditing
When a person or program accesses a website or queries a database, various pieces of information are recorded
or logged into a fi le. The process of maintaining or revisiting the sequence of events during the transaction,
when, and by whom, is known as auditing.
Availability
Assuring that systems and information are available to the user when needed and that the site continues to
function.
14. EC DEFENSE PROGRAMS AND STRATEGY
EC Security Strategy
Information Assurance(IA)
Possible Punishment
Recovery
Different method
Detection measures
Prevention measures
BASIC E COMMERCE
SECURITY ISSUES AND
LANDSCAPE
15. TECHNICAL MALWARE ATTACK
METHODS FROM VIRUSES TO
DENIAL OF SERVICE
Technical attack in which use of system and software is must and there is no human factor.
Hackers use this methodology to hamper one’s life.
The famous technical attacks are:
DoS Attack
Worms
Botnets
Virus Threat
Trojan Horses
Macro virus
16. TECHNICAL MALWARE ATTACK
METHODS FROM VIRUSES TO
DENIAL OF SERVICE
Denial of Service (DoS) Attack:
A denial-of-service (DoS) is any type of attack where the attackers (hackers) attempt to prevent legitimate users from
accessing the service. In a DoS attack, the attacker usually sends excessive messages asking the network or server to
authenticate requests that have invalid return addresses.
Botnets:
A botnet is a group of computers connected in a coordinated fashion for malicious purposes. Each computer in a botnet is
called a bot. These bots form a network of compromised computers, which is controlled by a third party and used to transmit
malware or spam, or to launch attacks.
Macro virus
macro virus (macro worm) is a malware code that is attached to a data fi le rather than to an executable program
(e.g., a Word fi le). According to Microsoft, macro viruses can attack Word files as well as any other application
that uses a programming language.
17. NONTECHNICAL METHOS FROM
PHISHING TO SPAM AND FRAUD
NON TECHNICAL ATTACKS
These crimes are conducted with the help of both technical methods, such as malicious code that can access confidential
information that may be used to steal money from your online bank account, and nontechnical methods, such social engineering.
SOCIAL ENGINEERING AND FRAUD
Social engineering is a form of techniques employed by cybercriminals designed to lure unsuspecting users into
sending them their confidential data, infecting their computers with malware or opening links to infected sites.
18. NONTECHNICAL METHOS FROM
PHISHING TO SPAM AND FRAUD
Social Phishing
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card
numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message,
or text message.
Pharming
Pharming is a cyber attack intended to redirect a website’s traffic to another, fake site. Pharming can be conducted either by
changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS Server software.
19. THE INFORMATION ASSURANCE
MODEL AND DEFENSE STRATEGY
THE INFORMATION ASSURANCE MODEL
Information assurance model is an extension of the original 1991 McCumbers INFORSEC model.
Expanding coverage responsibilities and accountability of security professionals and also establishes and
additional view of the states of information.
The security model based on three dimension
Availability
Integrity
Confidentiality
20. E-COMMERCE SECURITY STRATEGY
E commerce needs to address the IA model and its components
The phases of security defense
Prevention and deterrence
Initial response
Detection
Containment
Eradication
recovery
THE INFORMATION ASSURANCE
MODEL AND DEFENSE STRATEGY
21. THE DEFENSE ACCESS CONTROL
ENCRYPTION AND PKI
ACCESS CONTROL
Access control is a security technique that regulates who or what can view or use resources in a computing
environment.
It is a fundamental concept in security that minimizes risk to the business or organization.
After user has been identified the user must be authenticated.
A resource refers to hardware, software, Web pages, text files, databases, applications, servers, printers, or
any other information source or network component.
Typically,access control defines the rights that specific users with access may have with respect to those
resources (i.e., read, view, write, print, copy,delete, execute, modify, or move).
22. ENCRYPTION AND THE ONE-KEY (SYMMETRIC) SYSTEM
Encryption is a process that encodes a message or file so that it can be only be read by certain people.also called
ciphertext .
Encryption has two basic options: he symmetric system , with one secret key, and the asymmetric system , with
two keys.
Two types:
Substitution cipher
Transposition cipher
THE DEFENSE ACCESS CONTROL
ENCRYPTION AND PKI
23. Encryption can provide four dimensions of e-commerce security:
1. Integrity:
The assurance that data are accurate and that they cannot be altered. The integrity attribute needs to be able to
detect and prevent the unauthorized creation, modification, or deletion of data or messages in transit.
2. Non repudiation: (Close to authentication)
The assurance that online customers or trading partners will not be able to falsely deny their purchase,
transaction, sale, or other obligation.
3. Authentication:
A process used to verify (assure) the real identity of an EC entity, which could be an individual, software agent,
computer program, or EC website.
4. Confidentiality:
Give assurance that the message was not read by others.
THE DEFENSE ACCESS CONTROL
ENCRYPTION AND PKI
24. What is Symmetric Encryption?
Symmetric encryption is a type of encryption where only one key (a secret key) is used to both encrypt and
decrypt electronic information.
The entities communicating via symmetric encryption must exchange the key so that it can be used in the
decryption process.
In practice, this means that the sender or their network administrator must first generate a key then transmit it
to the recipient before encrypting the file and uploading it.
What is Public Key Encryption?
Public-key encryption is a cryptographic system that uses two keys -- a public key known to everyone and
a private or secret key known only to the recipient of the message.
Public key cryptography allows someone to send their public key in an open, insecure channel. Having a
friend's public key allows you to encrypt messages to them. Your private key is used to decrypt
messages encrypted to you.
THE DEFENSE ACCESS CONTROL
ENCRYPTION AND PKI
25. THE DEFENSE ACCESS CONTROL
ENCRYPTION AND PKI
Digital Envelopes
A digital envelope is a secure electronic data container that is used to protect a message through encryption and
data authentication.
A digital envelope allows users to encrypt data with the speed of secret key encryption and the convenience
and security of public key encryption.
26. Digital Certificates
Digital Certificates are a means by which consumers and businesses can utilize the security applications of Public Key
Infrastructure (PKI).
PKI comprises of the technology to enables secure e-commerce and Internet based communication.
THE DEFENSE ACCESS CONTROL
ENCRYPTION AND PKI
27. Secure Socket Layer (SSL) and Transport Layer Security
SSL is the standard security technology for establishing an encrypted link between a web server and a browser.
This link ensures that all data passed between the web server and browsers remain private and integral.
SSL is an industry standard and is used by millions of websites in the protection of their online transactions with
their customers.
Transport layer security (TLS) is a protocol that provides communication security between client/server
applications that communicate with each other over the Internet.
It enables privacy, integrity and protection for the data that's transmitted between different nodes on the Internet.
THE DEFENSE ACCESS CONTROL
ENCRYPTION AND PKI
Editor's Notes
They are never damage the data intentionally
Cracker can be easily identified
A vulnerability is where an attacker finds a weakness in the system and then exploits that weakness. Vulnerability creates opportunities for attackers to damage information systems.
One of the easiest places to attack is a user’s e-mail, since it travels via the unsecured Internet. One example is the ease of former candidate for U.S. Vice President Sarah Palin’s e-mail that was hacked in March 2008.
Since mobile devices are more vulnerable than wired systems, attacking smartphones and wireless systems is becoming popular due to the explosive growth of mobile computing.
These chips are embedded everywhere, including in credit cards and U.S. passports. Cards are designed to be read from some distance (contactless), which also creates a vulnerability.
ex:-When you carry a credit card in your wallet or pocket, anyone with a RFID reader that gets close enough to you may be able to read the RFID information on your card.
insufficient use of security programs and firewalls) and organizational weaknesses (e.g., lack of user training and security awareness, and an insider who steals data and engages in inappropriate use of business computers).
E-Mail Scams
Hackers hacked into your e-mail accounts, fi nding who your contacts are and their e-mail addresses. They then sent out an e-mail to you from people on the list. Alternatively, hackers get into your friend’s e-mail account and fi nd that you are one of their contacts. Then they send you the request for help.
Confi dentiality :-
is the assurance of data secrecy and privacy. Namely, the data is disclosed only to authorized people.
Confi dentiality is achieved by using several methods, such as encryption and passwords
Integrity
is the assurance that data are accurate and that they cannot be altered.
The integrity attribute needs to be able to detect and prevent the unauthorized creation, modification, or deletion of data or messages in transit.
Availability
is the assurance that access to any relevant data, information websites, or other EC services and their use is available in real time, whenever and wherever needed. The information must
be reliable.
Prevention and deterrence (preparation) .
Good controls may prevent criminal activities as well as human error from occurring. Controls can also deter criminals from attacking computerized systems and deny access to unauthorized human intruders. Also, necessary tools need to be acquired.
Initial Response .
The first thing to do is to verify if there is an attack. If so, determine how the intruder gained access to the system and which systems and data are infected or corrupted.
3. Detection.
The earlier an attack is detected, the easier it is to fi x the problem, and the smaller amount of damage is done. Detection can be executed by using inexpensive or free intrusion detecting software.
4. Containment (contain the damage).
This objective is to minimize or limit losses once a malfunction has occurred. It is also called damage control . Damage control can be done, for example, by using fault-tolerant hardware and software that enable operation in a satisfactory, but not optimal, mode until full recovery is made.
5. Eradication .
Remove the malware from infected hosts.
6. Recovery.
Recovery needs to be planned for to assure quick return to normal operations a reasonable cost. One option is to replace parts rather than to repair them. Functionality of data should also be restored.
7. Correction.
Finding the causes of damaged systems and fixing them will prevent future occurrences.
8. Awareness and compliance.
All organization members must be educated about possible hazards and must comply with the security rules and regulations.
Substitution cipher
every occurrence of a given letter is replaced systematically by another letter
Transposition cipher
the ordering of the letters in each word is changed in some systematic way