Lecture 8

Question 1

objectives of cyber ware are

Answer 1

1) cripple infrastructure
2) disrupt and confuse institutions and population
3) embarrass and punish agencies, firms and people
4) gather information to be used later

Question 2

what is cybersecurity

Answer 2

Cybersecurity is the body of technoligies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access

Main purpose is the preservation of confidentiality, integrity and available information

Question 3

Dimensions of cyber security

Answer 3

Integrity

nonrepudiation

Authenticity

Confidenciality

privary

Availability

Question 4

Integrity (Dimensions of cyber security)

Answer 4

Has information transmitted or received been altered

Question 5

Nonrepudiation (Dimensions of cyber security)

Answer 5

Can a party to an action with me later deny taking the action

Question 6

Authenticity (Dimensions of cyber security)

Answer 6

Who am I dealing with? How can I be assured that the person or entity is who they claim to be

Question 7

Confidentiality (Dimensions of cyber security)

Answer 7

Can someone other than the intended recipient read my messages

Question 8

Privacy (Dimensions of cyber security)

Answer 8

Can I control the use of information about myself transmitted to an e-commerce merchant

Question 9

Availability (Dimensions of cyber security)

Answer 9

Can I get access to the site?

Question 10

Tension between security and other values

Answer 10

Security versus ease of use

erasing all private regulations versus clicking accept all cookies and trusting that others will do and signal you if not ok

Question 11

Ministry of internal affairs

Answer 11

Internet must be safe and secure for everyone

Question 12

Ministry of justice

Answer 12

Internet and messaging and dark web must be open for legal investigation

Question 13

Good e-commerce security is based on three types of measures

Answer 13

1) technology solution
2) organizational policies (NIST)
3) Laws and industry standards

Question 14

Most common security threats in the E-commerce environment

Answer 14

Malicious code (virus, trojans etc)

Potentially unwanted programs

Phishing (Deceptive online attempt to obtain information) (scams)

Hacking

Data breach

Credit card fraud

Identity fraud

Spoofing (misrepresenting in email)

Sniffing (man in the middle atacks)

Denial of service attack (DDoS)

ETC

Question 15

What can firms do to prevent cyber attacks

Answer 15

Firewall

Encryption

network security

Virtual privat networks

Authentication procedures

Proxy servers

Anti-virus software

Automated software updates

Intrusion detection/preventions

Question 16

Technology solution 1: public key cryptography

Answer 16

1) sender creates a digital message
2) sender obtains the recipients pulbic key
3) Application of the recipeints key is used to produce and encrypt messages
4) Encrypted message is sent over the internet using the TCP ip protocols
5) the recipient softwware uses recipients private key to decipher the message

Question 17

Technology solution 2: public key cryptography: with signatures

Answer 17

1) sender creates a digital message
2) Sender applies a hash function producing a 128 bit hash result
3) sender obtains the recipients public key
4) recipients key is used to produce and ecnrypted message from the message and the hash result (double)
5) encrypted message is sent over the internet (using the TCP.IP protocols described in chapter 3)
6) Receiver uses the public key of the sender to decipher the message
7) The recipient (software) uses a private key to decipher the message and the hash function
8) The recipient (software) checks to ensure that the message and the hash math

Question 18

Digital envelope

Answer 18

A technique that uses symmetric encryption

Question 19

Digital certificate

Answer 19

A digital document (issued by a certification authority) that contains a variety of identifying information

The certificat ensures you to know that the other party is the one he says he is

Question 20

Certificat authority

Answer 20

A trusted third party that issues digital certificates

Public key infrastructure

Certification authorities and digital certificates that are accepted by all parties

Question 21

secure negotiated session using SSL and TLS (transaction layer security) You can use such sessions to buy and pay for stuff online

Answer 21

1) session ID and methods of encrypted negotiation
2) Certificates exchanged. identify both parties established
3) Client generates session key and uses server public key to create digital envelope. Sends to server. Server decrypts using private key
4) Encryped transmission using client generated session key begins

Question 22

Virtual private networks

Answer 22

Allows remote users to securely access internal networks

Question 23

Firewalls

Answer 23

Hardware or software that filters communication packets based on a security policy)

Question 24

Proxy servers

Answer 24

A security server that handles all communication from and to the internet

Question 25

Intrusion detection and prevention systems

Answer 25

Monitoring network traffic applying a security plicy

Question 26

A security plan consists of

Answer 26

1) risk assessment
2)Security policy
3) implementation plan
4) Security organization (educates and trains users)
5) security audits

Question 27

Auditing tools and services help firms

Answer 27

1) to assess the security of:
Technical platforms, business operations and personnel

2) To assess and monitor the actual threat levels, incidents and vulnerability

Question 28

How to make payment

Answer 28

1) consumer makes purchase
2) SSL/TLS provides secure connection through the internet to merchant server
3) Merchant software contacts clearing house
4) clearing house verifies account and balance with issuing bank
5) Issuing bank credits merchant account
6) monthly statement issued with debit for purchase

Question 29

Online stored value payment systems (e.g. paypall)

Answer 29

Client pays merchant by sending/agreeing via paypall without exchanging credit card details

Paypall takes the payment from the client bank account or from the clients paypall account

Question 30

Mobile payment systems

Answer 30

Based on near field communication: NFC chip like in iphone

Question 31

Social - mobile peer-to-peer

Answer 31

Payment systems such as snapcash, google wallet or tikkie)

Question 32

Blockchain technology

Answer 32

Enables organizations to create and verify transactions on a network, nearly instantaneously without a central authority

Question 33

Blockchain system

Answer 33

A transaction processing system that operates on a distributed and shraed database in a peer to peer network, rather than a single organization database

Question 34

Cryptocurrency

Answer 34

A purely digital asset that works as a medium of exchange using cryptography (and blockchain technology)

Question 35

Bitcoin

Answer 35

The most prominent example of cryptocurrency today

Question 36

disintermediation

Answer 36

reduction in the use of intermediaries between producers and consumers, for example by investing directly in the securities market rather than through a bank.