Security Threat

    Cards (52)

    • Most Prevalent Types:
      1. Malicious insiders
      2. Viruses
      3. Worms
      4. Trojans
      5. Malware
      6. Web-based attacks
      7. Botnets
      8. Phishing and social engineering
      attacks
      9. Malicious code
    • Most High-Profile:
      1. Online Credit Card Fraud
    • Most Costly:
      1. Denial of service
      2. Malicious insiders
      3. Malicious code
    • Integrity: the ability to ensure
      that information being displayed
      on a website or
      transmitted/received over the
      internet has not been altered in
      any way by an unauthorized party
    • Nonrepudiation: the ability to
      ensure that e-commerce
      participants do not deny their
      online actions
    • Authenticity: the ability to
      identify the identity of a person or
      entity with whom you are dealing
      on the internet
    • Confidentiality: the ability to
      ensure that messages and data
      are available only to those who
      are authorized to view them
      Privacy: the ability to control the
      use of information a customer
      provides about himself or herself
      to an e-commerce merchant
      Availability: the ability to ensure
      that an e-commerce site
      continues to function as intended
    • there are three major vulnerable points in e-commerce transactions: internet communications, servers and clients
    • e-commerce security is multi layered and must take into account new technology policies and procedures and laws and industry standards.
    • Encryption: the process of
      transforming plain text or data
      into cipher text that cannot
      be read by anyone other than
      the sender and the receiver
    • Network Security
      Protocols: network protocols
      that ensure the integrity and
      security of data transmitted
      across network connections
      Secure Sockets Layer (SSL)
      and Transport Layer Security
      (TLS)
      * the URL is encrypted (HTTP
      to HTTPS)
    • Virtual Private Networks
      (VPN): allows remote users
      to securely access a
      corporation’s local area
      network via the Internet,
      using a variety of VPN
      protocols
    • Firewalls: refers to either
      hardware or software that
      filters communication packets
      and prevents some packets
      from entering the network
      based on a security policy
    • the primary function of a firewall is to deny access by remote client computers to local computers. the primary purpose of a proxy sever is to provide controlled access from local computers to remote computers.
    • Proxy Servers: software
      server that handles all
      communications originating
      from or being sent to the
      internet, acting as a
      spokesperson or bodyguard
      for the organization
    • Intrusion/Detection
      Prevention: examines
      network traffic, watching to
      see if it matches certain
      patterns or preconfigured
      rules indicative of an attack
    • Automated Software
      Updates: automatically
      update software to the latest
      version to patch
      vulnerabilities discovered by
      hackers
    • Anti-virus Software: provide
      inexpensive tools to identify and
      eradicate the most common types
      of malicious code as well as
      destroy those already lurking on a
      hard drive
    • Risk Assessment: an
      assessment of the risks and
      points of vulnerability
    • Security Policy: a set of
      statements prioritizing the
      information risks, identifying
      acceptable risk targets, and
      identifying mechanisms for
      achieving these targets
    • Implementation Plan: steps
      you will take to achieve the
      security plan goals
    • Access Control: determine
      which outsiders and insiders can
      gain legitimate access to your
      networks
    • Authentication Procedures:
      include the use of digital
      signatures, certificates of
      authority, and PKI (public key
      infrastructure)
      biometrics
      security tokens
      • authorization policies
    • 5. Security Audit: the routine
      review of access logs both for
      outsiders & insiders
    • Information Assets:
      1. customer information
      2. proprietary designs
      3. business activities
      4. secret processes
      5. price schedules
      6. executive compensation
      7. payroll
    • five steps involved in building an e-commerce security plan: perform a risk assessment, develop a security policy, develop an implementation plan, create a security organization, perform a security audit
    • Malicious code is any type of code that causes harm
      to a computer system or network.
    • Trojan Horse - A decoy file that presents itself as
      something else.
      1.
      Virus -Software that copies itself and spreads to
      other computers. Spreads through connection
      like a USB Port or Downloaded Files.
      2.
      Worms- Most Infectious. Can spread on its own
      WITHOUT attaching itself to a program.
    • Potentially Unwanted Programs
      Definition:
      Type of software that can get onto your device
      without your knowledge.
    • Some PUPs can also slow down your device and
      cause it to crash. Often bundled with free software,
      downloaded unintentionally, or distributed
      through deceptive advertising.
    • SPYWARE - software that tracks your online
      activity without your knowledge or consent.
      1.
      ADWARE - a software that display excessive or
      intrusive advertisements.
      2.
      BROWSER HIJACKERS - are malware, programs
      that modify web browser settings without the
      user's permission in order to redirect users to
      websites they did not intend to visit.
      3.
      SYSTEM OPTOMIZERS - programs that claim to
      improve system performance by cleaning up
      unnecessary files but cause harm by deleting
      important files
    • Phishing is a form of social engineering and scam
      where attackers deceive people into revealing
      sensitive information[1] or installing malware such as
      ransomware.
    • Phishing is a type of online scam that targets
      consumers by sending them an e-mail that appears to
      be from a well-known source – an internet service
      provider, a bank, or a mortgage company, for
      example.
    • Smishing is an attack that uses text
      messaging or short message service (SMS) to
      execute the attack. A common smishing
      technique is to deliver a message to a cell phone
      through SMS that contains a clickable link or a
      return phone number.
    •  Vishing (Voice Phishing) - The attackers are still
      after your sensitive personal or corporate
      information. This attack is accomplished through a
      voice call.
    •  Email Phishing - Email phishing is the most
      common type of phishing, and it has been in use
      since the 1990s. Hackers send these emails to any
      email addresses they can obtain.
    • Hacking is the act of identifying and then exploiting
      weakness in a computer system or network, usually
      to gain unauthorized access to personal or
      organizational data.
      1. Social Engineering - manipulating individual to
      divulge personal information through deception,
      often using phishing scams or fake websites.
      b. Password Hacking - includes using brute-force
      attacks, where hackers systematically try different
      combinations, and dictionary attacks which use
      common words to crack passwords.
    • Cyber Vandalism is a form of cyber crime that
      involves intentionally damaging or disrupting
      websites or compute systems without seeking
      financial gain, yet can lead to severe financial
      repercussions for affected businesses, including
      decreased client confidence and potential loss of
      revenue.
    • Credit Card fraud in cybersecurity is when
      cybercriminals steal credit card details online and use
      them for unauthorized purchases or illegal activities,
      often by hacking databases or tricking people into
      giving out their information.
    See similar decks