Professional Documents
Culture Documents
E-Business
1
10. 0 Security
Issues In
the
Digital
Environment
⚫ Key functions:
Distinguishing the good guys from the bad guys
Granting access to authorized users
Denying access to unauthorized users
Recording all valid and invalid access for detection and
reaction purposes
Goals of
IS Security
⚫ Confidentiality
Prevention of unauthorized disclosure of information
⚫ Integrity
Prevention of unauthorized modification of information
⚫ Availability
Prevention of unauthorized withholding of information
⚫ Non-repudiation
Prevention of repudiation by creators or users of access to
information
⚫ Authenticity
Guarantee that transactions are made by genuine authorized
users
Copyright © 2015 William Toh V2.0 November 4, 2015
Confidentiality
11
⚫ Factors
Time (how long must information be kept confidential?)
Number of authorised entities
Location of authorised entities
⚫ Techniques
Cryptography (symmetric/asymmetric)
⯍ Issues: Cipher strength, Key strength, Key distribution, Key
storage
⚫ Examples
VPN, SSL/TLS (HTTPS), S/MIME, WIFI WPA
Copyright © 2015 William Toh V2.0 November 4, 2015
Integrity
12
⚫ Factors
Medium (eg. wired, wireless)
Number of hops
Self-correcting protocols (eg. TCP/IP vs UDP)
⚫ Techniques
Message Digests/Hashes (digital fingerprints of messages)
⚫ Examples
SHA-2, MD5
⚫ Need to protect
Computing systems used to process and store information
Communications channel
⚫ Factors
Single points of failure
System redundancy (hardware, leased lines)
⚫ Techniques
Prevention of denial-of-service (DOS) attacks
DDOS – distributed DOS
⯍ Hard to decide on whether DDOS is happening
⯍ Hard to distinguish genuine users from robots
Attacks
&
Threats
⚫ Phishing
Pretend to be an official email/website to try acquire
information (eg. Passwords)
Related to web page hijacking and trojans
⚫ Botnets
Use viruses to hijack and control large numbers of
networked
computers to send spam or conduct DDOS
Copyright © 2015 William Toh V2.0 November 4, 2015
… Threats & Attacks
21
⚫ Malware
Malicious, self-installing and self-replicating software
May be very difficult to detect or uninstall
Includes
Managing
E- Business Security
IS
Security
Policies
Common
IS Security Issues
⚫ Boot-sector viruses
⚫ Worm
⚫ Macro-viruses
⚫ E-mail attachment viruses
⚫ Trojan viruses
⚫ Hoax e-mail viruses
⚫ Anti-virus software
Tool to protect systems from viruses.
⚫ Acceptable-use policy
Statement of acceptable practices by management
⚫ Scanning software
Identifies email or webpage access that breaches company guidelines
⚫ Filtering software
Blocks specified content or activities