Documente Academic
Documente Profesional
Documente Cultură
TYPES OF THREATS TO IS
Unintentional acts
Human errors
Deviations in quality of service by service providers (e.g., utilities)
Environmental hazards (e.g., dirt, dust, humidity)
Tailgating
Shoulder surfing
Carelessness with laptops and portable computing devices
Opening questionable e-mails
Careless Internet surfing
Poor password selection and use
Social engineering
is an attack where the attacker uses social skills to trick a legitimate
employee into providing confidential company information such as passwords.
is a typically unintentional human error on the part of an employee, but it is
the result of a deliberate action on the part of an attacker.
Natural disasters
Technical failures
Management failures
Deliberate acts
Espionage or trespass - Competitive intelligence consists of legal
information-gathering techniques. Industrial espionage crosses the legal
boundary.
Information extortion - when an attacker either threatens to steal, or
actually steal information from a company- demands payment for not
stealing/returning/disclose information
Sabotage or vandalism - involve defacing an organizations website,
possibly causing the organization to lose its image and loss customers
confidence
Theft of equipment or information - larger problem because computing
devices and storage devices are becoming smaller , valuable to steal
ID theft - deliberate assumption of another person ID, to gain financial
information for a crime
Compromises to intellectual property
Intellectual property. Property created by individuals or corporations
who are protected under trade secret, patent, and copyright laws.
Trade secret. Intellectual work, such as a business plan, that is a
company secret and is not based on public information.
Patent. Document that grants the holder exclusive rights on an invention
or process for 20 years.
Copyright. Statutory grant that provides creators of intellectual property
with ownership of the property for life of the creator plus 70 years.
Piracy. Copying a software program without making payment to the
owner.
Software attacks
(1) Remote Attk Requiring User Action
Virus - is a segment of computer code that performs malicious
actions by attaching to another computer program
Worm - is a segment of computer code that spreads by itself and
performs malicious actions without requiring another computer program
Phishing attacks
Use deception to acquire sensitive personal information by
masquerading as official-looking e-mails or instant messages.
The phishing slideshow presents a nice demonstration of how
phishing works.
The phishing quiz presents a variety of e-mails. You must decide
either legitimate or phishing attempts.
The phishing examples show actual phishing attempts.
(2) Remote Attk Needing No User Action
Denial of Service Attack
Distributed denial-of-service attacks the attacker first takes over
many computers. These computers are called zombies or bots.
Together, these bots form a botnet.
(3) Attack by programmer developing a system
Trojan horse is a software program that hides in other computer
programs and reveal its designed behavior only when it is activated. A
typical behavior is to capture your sensitive information and send them to
the creator of the trojan horse
Back Door / trap door- a password known only to the attacker,
allow to access computer system without security procedures
Logic Bomb is a segment of computer code that is embedded
within an organizations existing computer programs and is designed to
activate and perform a destructive action at certain time and date
Alien Software
Clandestine software that is installed on your computer through
duplicitous methods
Adware - software causes pop-up advertisement on screen
Spyware - collects personal information about users without their
consent. Two types of spyware are keystroke loggers (keyloggers) and screen
scrapers. Keystroke loggers record your keystrokes and your Web
browsing history. Screen scrapers record a continuous movie of what you
do on a screen.
Spamware - is alien software that is designed to use your computer as a
launchpad for spammers. Spam is unsolicited e-mail.
Cookies - are small amounts of information that Web sites store on your
computer.
Supervisory control and data acquisition (SCADA) attacks
A supervisory control and data acquisition (SCADA) system is a
large-scale, distributed, measurement and control system.
SCADA systems are the link between the electronic world and the
physical world.
E-COMMERCE
7. LEGAL ISSUES PERTAINING TO E-COMMERCE
Ethical Issues
Privacy - ecommerce provides opportunities for businesses and employers to
track individual activities on the WWW using cookies or special spyware. This allows
private/personal information to be tracked, compiled, and stored as an individual
profile. This profile can be used or sold to other businesses for target marketing or by
employees to aide in personnel management decisions (i.e., promotions, raises,
layoffs).
Disintermediation - middlemen or intermediaries (1) provide information, and
(2) perform value-added services such as consulting. The first function can be fully
automated, and the second can be partially automated through e-marketplaces and
portals for free thereby causing job loss among intermediaries.
Legal Issues
Fraud on the Internet eg. Stocks, investment, business opportunities, auctions
Domain Names problems with competition
Domain Tasting is a practice of registrants using the 5-day grace period at the
beginning of a domain registration to profit from pay-per-click ad.
Cybersquatting refers to practice of registering domain names solely for the
purpose of selling them later at higher price
Taxes and other Fees when and where (whether) electronic sellers should pay
business license taxes, franchise fees, gross-receipts taxes, excise taxes etc.
Copyright protecting intellectual property in EC and enforcing copyright laws is
extremely difficult