09 Data Security - Threats

Question 1

Which damage can occur with respect to IT attacks?

1.
2.
3.
4.

Answer 1

• computer (not itfelf but software changes, manipulation, deletion, …)
• data theft, deletion, manipulation, misuse -> loss of confidentality and loss of integrity
• embedded systems (devices with embedded IT - demolition of infrastructure)
• loss of common relality (societal danger, spread of misinformation when not agreeing on one reality)

Question 2

What are possible Motivations of Attackers?

1.
2.
3.
4.
5.
6.

Answer 2

• script kiddies (play instinct, curiosity, …)
• insider threats causes by lack of education and revenge
• non-commercial hacker with robin hood mentality, uncovering vulnerabilities
• proffesional hackers, theft of data, illegal transactions etc.
• terrorism - deployment of propaganda
• cyberwar - countries preparing techniques for protection against attacks

Question 3

Attacks nowadays….

1.
2.
3.

Answer 3

• are becoming more damaging
• are executed more often
• are executed more professionally (criminals -> security agencies)

Question 4

Definition of data security

Answer 4

• protects data against humans (attackers)

Question 5

Definition of data privacy

Answer 5

• protects humans against misuse of data

Question 6

How do Data Privacy and Data Security fit together?

Answer 6

Data privacy requires data security!

Question 7

What are the most important goals of data security?

Answer 7

• confidentality (vetraulichkeit)
• integrity (integrität)
• availability (verfügbarkeit)
• accountability (zurechenbarkeit)

CIAA

Question 8

What does confidentality mean?

1.
2.
3.

Answer 8

• protection against unauthorized usage of confidental data
• e.g. TAN, PIN, exam results
• challenge: communicating this data through the internet

Question 9

What does integrity mean?

1.
2.
3.

Answer 9

• data and messages must not be manipulated or changed (OR is has to be obvious data is changed)
• e.g. offer in Ebay
• accuracy is maintained and nothing leftout or changed!

Question 10

What does availability mean?

1.
2.

Answer 10

• authorized people should be able to access data and services from all defined places at all defined times (from anywhere at anytime!)
• e.g. server of FH

Question 11

What does accountability mean?

Answer 11

• creation or change of data can be assigned clrearly to a person (or service)
• e.g. who has accessed the webpage, who is the author of the e-mail

Question 12

What are the root causes for todays problems with data security?

Answer 12

• technical reasons
• organisational reasons
• human reasons

Question 13

Root cause technical reason

Answer 13

• internet started small and as a research activity
• people knew each other -> there was trust and security was thus not an issue (nobody should be able to control the internet anyway)
• result: open communication protocols, i.e. working wihtout encrypting the content or control the data
• BUT exponential growth in the 90´ties
• now also activities like E-banking, purchase
• billions of entry-points and interconnected networks
• more and more complexity and more open security problems (exploits)
• EACH SOFTWARE CONTAINS FAULTS -> more complexity, more number of faults

Question 14

Organisational Reasons

1.
2.
3.
4.
5.
6.

Answer 14

• unclear responsibility (who is responsible for data security?)
• no stringent idea or concepts often tumes
• insider threaths
• no rules means no user concept: everybody always access to all data
• often elderly senior management not aware of digital issues
• huge grey area with respect to data privacy and data security (law)

Question 15

Human Root cause

1.
2.
3.
4.

Answer 15

• curiosity
• interfaces always switched on on smartphone (WLAN bluetooth)
• Terms and condiitons (AGBs) not read and not taken seriously
• everything shared through social networks