Please enable JavaScript.
Coggle requires JavaScript to display documents.
LU 7 : CYBERSECURITY, PRIVACY & ETHICS (cybersecurity treats (cyber…
LU 7 : CYBERSECURITY, PRIVACY & ETHICS
CYBERSECURITY
definitions: use of various technologies & processes to protect computers, computing systems, networks, programs & data from attacks, damages, theft, disruption, missuses & unauthorized access.
importance:
prevent data & identity theft
protect important & sensitive data
support critical business's & organization's processes
prevent data & monetary losses
prevent cyber attacks & cyber crimes
effect of compromised:
hide programs that are used to launched attacks on other computer
send spasm & phishing email
block / restrict access to the device or system
loss trust
stolen money
infect computing systems with malware
record keystroke & steal password
CYBERSECURITY MEASURES
encryption
digital signatures
access controls
back up
security tools
digital forensics
good security practices
protection for hardware
PRIVACY
individual & companies have the right to deny / restrict the collection, use & dissemination of information about them.
Personal Data Protection Act 2010, Malaysia
ETHICS
moral guideline that govern the use of computers, mobile device, IS & related technologies
intellectual property rights
intellectual accuracy
green computing
information accuracy
information privacy
software theft(privacy)
unauthorized use of computers, mobile devices & networks
NETIQUETTES
short for Internet Etiquette
code of acceptable behaviours that users should follow while on the Internet
cybersecurity treats
interception: an authorized party gains access to an asset
modification: an unauthorized party not only gains access to but tampers with an asset
interruption : an asset is destroyed / become unavailable / unusable
fabrication: an authorized party inserts counterfeit objects into the assets
common security threats
Malware ( used for damaging, disrupting / disabling computer & computer system)
secretly access a user's computer, acts without user's knowledge & changes the operations for malicious intents
Virus ( attaches itself to file & programs: x capable of sending itself)
worms ( self-replicates without attaching itself & can send itself to other user)
rootkit ( hides itself in computer to allow someone in a remote location to access the computer)
trojan horse ( hides within a programs that look legitimate; x able replicate)
spyware ( collects information abt user without permission/knowledge )
cyber attacks
distributed Dos
man-in-the-middle
denial of service (Dos)
cross-site scripting
SQL injection
drive-by download
online scams & frauds
PHARMING ( redirecting user to take a website that looks legitimate & designed to oobtain username & password)
SPOOFING ( the attacker impersonate a legitimate source to user)
PHISHING ( official-looking email sent to try to obtain personel/financial information)
PHRREAKING ( hacking phone network for free call / have call charged to another account)
SPAM (unsolicited emails / messages; may contain links / attachment with malware)
Bootnet (aka Web robot)
spread across the internet to search for vulnerable & unprotected computers to infect
group of compromised computers / mobile devices connected to a network
victim machine is known as zombies
hacking & cracking
hacking : - breaches system / network to find flaws, vulnerable spots / discrepancies & rectify them to improve security
cracking: - breaches system / network for malicious purpose such as destroying data, stealing information.
information, hardware & software theft
hardware theft: act of stealing digital equipment
software theft: - physically stealing software, intentionally erases programs/software, illegally registers and/or activates a program, illegally copies a program
unauthorized access & use
ex: an intruder gaining access to a bank's computer & performing unauthorized money transfer
cyber extortion
to stop the attacks they demand sum money / they will carry out threats
Ex: Nokia cyber extortion case- attackers threatened to reveal source code o its operating system.
Cyberterrorism & cyberwarfare
using computer & internet technology to destroy, damage / disrupt computer systems for political reasons, / causing widespread fear in society.
using computer & internet technology for attacking & targeting nations/ government in war / conflict activity
social engineering
perpetrators take advantages of the trusting nature & naivety of victims
Ex: - impersonating administrators/acquaintances, faking emergency situations, pretending to befriend/court the victim
human
corporate espionage
unethical employees
mediorce / bad cybersecurity practice
disgruntled former employees
human error/negligence
cyberterrorism
cyberwarfare
areas of comp. ethics