Scribd Logo
Upload

Welcome to Scribd!

  • Lecture 12

    Uploaded by

    vp97btsm9j
    1 views35 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    1 views35 pages

    Lecture 12

    Uploaded by

    vp97btsm9j

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 35

    Professional Practices

    ALEENA SHUJA
    LECTURE 12
    Trustworthy Computing
    Trustworthy computing is a method of computing that delivers secure, private, and reliable
    computing experiences based on sound business practices—which is what organizations
    worldwide are demanding today.
    Creating a Trustworthy Computing Environment
    Requires Several Steps
    Making software code more secure and reliable. Developers have tools and
    methodologies to an order-of-magnitude improvement in their work from the
    standpoint of security and safety.
    Keeping ahead of security exploits. Distributing updates using the Internet so
    that all systems are up to date.
    Early Recovery. In case of a problem, having the capability to restore and get
    systems back up and running in exactly the same state they were in before an
    incident, with minimal intervention
    Risk Assessment
    Risk assessment is the process of assessing security-related risks to
    an organization's computers and networks from both internal and external
    threats.
    The goal of risk assessment is to identify which investments of time and
    resources will best protect the organization from its most likely and serious
    threats.
    In the context of an IT risk assessment, an asset is any hardware, software,
    information system, network, or database that is used by the organization to
    achieve its business objectives.
    A loss event is any occurrence that has a negative impact on an asset, such as
    a computer contracting a virus or a Web site undergoing a DDoS
    attack
    General Security Risk Assessment Process
    Step 1 — Identify the set of IT assets about which the organization is most
    concerned. Priority is typically given to those assets that support the
    organization’s mission and meet its primary business goals.
    Step 2 — Identify the loss events or the risks or threats that could occur, such
    as a distributed denial-of-service attack or insider fraud.
    Step 3 — Assess the frequency of events or the likelihood of each potential
    threat; some threats, such as insider fraud
    Step 4 — Determine the impact of each threat occurring. Would the threat
    have a minor impact on the organization, or could it keep the organization
    from carrying out its mission for a lengthy period of time?
    General Security Risk Assessment Process
    Step 5 — Determine how each threat can be mitigated so that it becomes
    much less likely to occur or, if it does occur, has less of an impact on the
    organization. For example, installing virus protection on all computers makes it
    much less likely for a computer to contract a virus. Due to time and resource
    limitations, most organizations choose to focus on those threats that have a
    high (relative to all other threats) frequency and a high (relative to all other
    threats) impact. In other words, first address those threats that are likely to
    occur and that would have a high negative impact on the organization.
    Step 6 — Assess the feasibility of implementing the mitigation options.
    General Security Risk Assessment Process
    Step 7 — Perform a cost-benefit analysis to ensure that your efforts will be
    cost effective. No amount of resources can guarantee a perfect security
    system, so organizations must balance the risk of a security breach with the
    cost of preventing one. The concept of reasonable assurance recognizes that
    managers must use their judgment to ensure that the cost of control does not
    exceed the system’s benefits or the risks involved.
    Step 8 — Make the decision on whether or not to implement a particular
    countermeasure. If you decide against implementing a particular counter-
    measure, you need to reassess if the threat is truly serious and, if so, identify a
    less costly countermeasure.
    Cyber Response
    Cyber response is a part of wider business
    continuity management.
    It helps organization put plans in place to
    cover all types of disruption, from cyber
    security incidents and natural disasters to
    power outages and pandemics.
    Best Ways to Respond to
    Cyberattacks
    Developing an IR Plan
    The documentation of a predetermined set of instructions or procedures to detect,
    respond to, and limit consequences of a malicious cyber attacks against an
    organization's information systems(s).
    1. Preparation – Planning in advance how to handle and prevent security incidents
    2. Detection and analysis – Encompasses everything from monitoring potential
    attack vectors to looking for signs of an incident, to prioritization
    3. Containment, eradication, and recovery – Developing a containment strategy,
    identifying the hosts and systems under attack, mitigating the effects, and
    having a plan for recovery
    4. Post-incident activity – Reviewing lessons learned and having a plan for
    evidence retention
    How to Respond to a Cyberattack
    1. Prevention
    2. Communication and Delegation
    3. Forensics
    4. Contain and Recover
    5. Stay Up-to-Date with All Your Security Systems
    6. Assess the Damage
    Cyber Technology
    Cyber-technology refers to a wide range of computing and communications
    devices – from standalone computers, to "connected" or networked
    computing and communications technologies, to the Internet itself
    Cyber-technologies include: hand-held devices (such as Palm Pilots),
    personal computers(desktops and laptops), mainframe computers, and so
    forth
    The Evolution of Cyber Technology and Cyber Ethics:
    Four Phases
    Computer technology emerged in the late 1940s, when some analysts
    confidently predicted that no more than six computers would ever need to
    be built.
     The first phase of computing technology (1950s and 1960s) consisted
    mainly of huge mainframe computers that were unconnected (i.e., stand-
    alone machines).
    The Evolution of Cyber Technology and Cyber Ethics:
    Four Phases
    1940s
    ◦ We start noting the meaning of ‘computer’
    Before World War II
    ◦ A person who calculated numbers
    After World War II
    ◦ Calculating Machine
    1980s
    ◦ More than a machine!
    ◦ New kind of medium for communications!
    The Evolution of Cyber Technology and Cyber Ethics:
    Phase 1
    Phase 1 (1950s and 1960s), One ethical/social question that arose during
    Phase 1 dealt with the impact of computing machines as “giant brains” and
    what that meant for being human.
    Today, we might associate these kinds of questions with the field of artificial
    intelligence (AI)
    The following kinds of questions were introduced in Phase 1:
    1. Can machines think? If so, Should we invent thinking machines?
    2. If machines can be intelligent entities, what does this mean for our sense of
    self?
    3. What does it mean to be human?
    The Evolution of Cyber Technology and Cyber
    Ethics: Phase 2
    Another question raised during this phase concerned privacy threats and the
    fear of Big Brother.
    For example, some people in the United States feared that the federal
    government would set up a national database in which extensive amounts of
    personal information about its citizens would be stored as electronic records.
    A strong centralized government could then use that information to monitor
    and control the actions of ordinary citizens.
    The Evolution of Cyber Technology and Cyber
    Ethics: Phase 2
    In Phase 2 (1970s and 1980s), computing machines and communications
    devices began to converge.
    Mainframe computers and personal computers could be linked together via
    privately owned networks, which generated three kinds of ethical/social
    issues:
    1. privacy concerns (introduced in Phase 1) worsened because confidential
    information could easily be exchanged between networked databases.
    2. intellectual property issues emerged because personal computers could
    easily be used to duplicate and exchange proprietary software programs.
    3. computer crime emerged because “hackers” could break into the
    computers of large organizations.
    The Evolution of Cyber Technology and Cyber
    Ethics: Phase 3
    During Phase 3 (1990-present), the availability of Internet access to the
    general public has increased significantly.
    This has been facilitated by the phenomenal growth of the World Wide Web.
    The proliferation of Internet- and Web-based technologies in this phase has
    raised ethical and social concerns affecting:
    1. free speech
    2. anonymity
    3. jurisdiction
    4. trust
    The Evolution of Cyber Technology and Cyber
    Ethics: Four Phases
    In Phase 4 (present to near future), “Web 2.0, then Web 3.0” have made
    possible the proliferation of social networking sites (SNSs), such as Facebook
    Instagram and Twitter.
    As cyber Technology continues to evolve in Phase 4, computers will likely
    become more and more a part of who or what we are as human beings.
    In Phase 4, computers are becoming less visible as distinct entities, as they:
    1. continue to be miniaturized and integrated into ordinary objects,
    2. blend unobtrusively into our surroundings.
    Cyber technology is also becoming less distinguishable from other
    technologies as boundaries that have previously separated them begin to blur
    because of convergence.
    The Evolution of Cyber Technology and Cyber
    Ethics: Four Phases
    Additional ethical/social concerns associated with Phase IV include
    controversies that are made possible by the following kinds of technologies:
    1. autonomous machines and sophisticated robots (used in warfare,
    transportation, care for the elderly, etc.);
    2. Nano-computing and Nano-scale devices;
    3. artificial agents (including “soft bots”) that act on behalf of humans and
    corporations;
    4. AI-induced bionic chip implants (that can cause us to question what it
    means to be human vs. cyborg).
    A "Disclosive" Method for Cyber Ethics
    Brey (2004) believed that because of embedded biases in cyber technology, the standard
    applied-ethics methodology is not adequate for identifying cyber ethics issues.
    1. Brey noted that we might fail to notice certain features embedded in the design of cyber
    technology.
    2. Using the standard model, we might also fail to recognize that certain practices involving
    cyber technology can have moral implications.
    3. Brey points out that one weakness of the “standard method of applied ethics” is that it
    tends to focus on known moral controversies
    So, that model fails to identify practices involving cyber technology which have moral
    implications but that are not yet known.
    Brey refers to these practices as having morally opaque (or morally non-transparent) features,
    which he contrasts with "morally transparent” features.
    Embedded Technological Features Having Moral
    Implications
    https://www.youtube.com/watch?v=o2GxuXxsVbE
    https://www.youtube.com/watch?v=H9Esi2kDUsc

    You might also like