Are cyberactivists cyber criminals? Why or why not? What are some of the security vulnerabilities of using WebApps? What are some of the benefits of addressing information security issues related to confidentiality, integrity, authenticity and anonymity in relation to threats and attacks? Why are they important?
The cyber activists group can not be generalised as cyber criminals. As long as the cyber activists work under the rules of law, they can not be declared as cyber criminals. Take for instance a country with dictatorial rule. The media there shows what the government wants to show. There could be some cyber activists who would bring out the facts that are legally available online but are not shown to the general people. These cyber activists don't break any law and hence, can't be cyber criminals. However, some cyber activists use various hacking methodologies to gain access to stuff that they legally aren't permitted to. These cyber activists are cyber criminals.
-------------------------------------------------------------------------------------------------------------------------------
There are three degrees of security vulnerabilities according to their magnitude :
i. First Degree Vulnerabilities :
1. No proper encryption to data
2. No proper protection
3. Knowingly using components that are vulnerable.
ii. Second Degree Vulnerabilities :
1. CSRF (cross site request forgery)
2. DoS attack (Denial of Service)
3. Directory Listing causes security problems as access to higher level files can be achieved through lower levels.
iii. Third Degree Vulnerabilities :
1. XSS (Cross - site scripting)
2. SSJI (Server Side Javascript Injection)
3. SQL injection
-------------------------------------------------------------------------------------------------------------------------------
Confidentiality : Confidentiality can also be translated to privacy. It is basically the set of rules that limit access to sensitive data available online. This can be done in multiple ways such as authorised access, end to end encryption, biometric verification etc.
Integrity : Integrity is the set of rules that ensure that data can not be changed while in transition and that unauthorised access over sensitive data is not allowed. It mains consistency, accuracy and trustworthiness of data.
Authenticity : The idea of authenticity is to provide integrity to data. It basically ensures that every bit that is transferred from sender is correctly received by receiver. It uses various techniques such as check sum, encrypted digital signatures, or hash methods.
Anonymity : Anonymity is a set of rules that ensure that any work done by a user on internet prevents transfer of his personal information to other users or third parties. There are many areas where it is beneficial such as online billing transactions i.e. using paypal , netbanking etc. It is also important for anonymous blogging websites and dating websites.
Are cyberactivists cyber criminals? Why or why not? What are some of the security vulnerabilities of...
What are some of the trends in the latest cyber-security exploits? How would you describe some of the major issues worrying the cyber security world, and what are some good ways to protect ourselves from these types of threats? If you could help me with 3-4 concepts/topics, I would be very thankful.
. What role does communications technology play in homeland security, and what problems were identified by the 9/11 Commission as issues? How many cyber attacks have there been that have physically damaged infrastructure in the United States? Does it represent a significant threat?. What are the problems with defining cyber-terrorism? How might that affect homeland security operations?
Information Security Systems What is RSA Archer used for? Define Wireshark and NetWitness. How does Wireshark differ from NetWitness Investigator? What are security audits? Why they are important? Describe how Zenmap can help you identify risks, threats, and vulnerabilities in an IP network infrastructure. Describe input and output of the process.
Determine the security updates that apply to your computer. Compile a list of security updates for your computer and provide a summary of the vulnerabilities they prevent from being exploited. Provide a summary of the course of action you have taken to secure your computer. If your computer is up-to-date in terms of recommended patches and configuration changes, choose three of the optional enhancements that would apply to your operating system (OS) version and summarize why they would be beneficial....
Why is understanding hacking, exploitation, vulnerabilities, and attacks critically important? What motivates hackers to attack computer networks? Why does anyone get involved in illicit activity outside the mainstream?
Access control is an important function in data security. Specifically, tell me why access control is important to preserving confidentiality and integrity and what would be the result if access were not controlled.?
Two major threats to patient confidentiality are security breaches and medical identity theft. What are some new policies or strategies that could help protect against these threats?
Task 3: Analysis of Case Study on Regulating Information Security for the Company: TransManuCo has asked for your help in dealing with securing their information while they remain within set regulations. In order to do business efficiently and effectively the company uses eSign. However, they have concerns about the security of this especially with clients overseas. According to the new Protecting Cyber Networks Act Sec. 103 “Permits private entities to monitor or operate defensive measures to prevent or mitigate cybersecurity...
1. You work for a cyber security consulting company. Your company has been called in to assist a Gas Company take an audit of their security posture and make suggestions on how to improve their cyber security standing. A) What are some of the initial questions you would want to ask? What are some of the details and information you'd want to initially get from the company to start your assessment? What is important to know from the start? B)...
Which role has the PRIMARY responsibility for the documentation of control implementation? Systems security engineer Control assessor Information System Owner (ISO) Information Owner/Steward When making determinations regarding the adequacy of common controls for their respective systems, Information System Owner (ISO) refer to the Common Control Providers’ (CCP) Privacy Impact Assessment (PIA) Business Impact Analysis (BIA) Authorization Packages Vulnerability Scans An organization-wide approach to identifying common controls early in the Risk Management Framework (RMF) process does which of the following? Considers...