Free Essay

Information Security in the Digital World

In: Computers and Technology

Submitted By wangzilla
Words 1542
Pages 7





Information security is the process of detecting and preventing unauthorized users access to your network, computer, and ultimately your personal information. Information security is huge and many casual users do not even think about it, or if they do, only as an afterthought. This is one of the worst things that you can do in this day and age especially with the abundance of technology in our everyday lives. Everyone should care and be concerned about all levels of information security as a breach in security could mean financial ruin, personal embarrassment, stolen trade secrets, and much more.

Intruders come from a wide variety of places and could be someone as simple as your next door neighbor stealing wireless internet from you to Chinese agents stealing classified weapon system designs from the US government. With the complexities of software these days there will always be vulnerabilities to expose and utilize which is why every user needs to stay on top of their own security. This typically means applying the latest operating system and software patches, maintaining a firewall and up to date virus scanning software, being intelligent about where you web surf and what you click on, and just being as smart in the digital world as you are in the physical world.

This paper will cover some of the types of network attacks that are out there as well as various computer security threats that may be encountered as well as various preventative measures that can be utilized to minimize your exposure to attack. Primarily the paper will be based on small office and home networks but much of the information discussed will apply to any size network.

The number one rule when it comes to information security is that the human is the first point of weakness You can have the most secure network, computer, or system and all it takes it for one person to fall victim to a social engineering attack to compromise everything. Granger (2006, Top five hacking moments on film section, para. 3) notes that, “by merely trying to prevent infiltration on a technical level and ignoring the physical-social level, we are leaving ourselves wide open to attack.” Hollows (2005, Monitoring and Vulnerability Management section, para. 2) goes on to say, “Many security systems and technologies have been deployed to prevent intruders from accessing high value systems, [however]… an organization simply cannot patch against social engineering.” Social engineering as defined by Pestana (2010, Social Engineering and Computer Security, pg. 4) describes that, “all tactics have the same aim and use the same techniques” and, “the goal is to manipulate victims through a “bug” in the human hardware. They all create scenarios that are designed to persuade victims to release information or perform an action.”

One of the major hurdles with e-commerce growth is security and the consumers concern of putting their personal information out there to the “great beyond” that is the internet. This is especially true with the rapid increase in identity thefts as of late. Identity theft, as defined by WordNet Search (Princeton, 2010), is, “The co-option of another person's personal information (e.g., name, Social Security number, credit card number, passport) without that person's knowledge and the fraudulent use of such knowledge).”

Thankfully security and protection of consumers’ personal information is now a primary focus of any successful e-commerce business. Without either any business would quickly lose any form of credibility and consumers would look elsewhere to make their purchases as the word spread of a sites poor security and flakey personal protection. The basic principles of customer protection as defined by the E-Commerce Digest (2010) are:

• Privacy: Information must be kept from unauthorized parties.

• Integrity: Message must not be altered or tampered with.

• Authentication: Sender and recipient must prove their identities to each other.

• Non-repudiation: Proof is needed that the message was indeed received.

Privacy is handled by encryption. There are various methods of encryption in use today. Public key infrastructure (PKI) is quite common and consists of a public key which encrypts the message and a private key which decrypts the message. Everyone has access to the public key but only the recipient has the private key. To prove the identity of the sender the encrypted message is encrypted again with the private key which is the basis of RSA and Pretty Good Privacy (PGP). As described by Wikipedia (2010):

In cryptography, RSA (which stands for Rivest, Shamir and Adleman who first publicly described it) is an algorithm for public-key cryptography.[1] It is the first algorithm known to be suitable for signing as well as encryption, and was one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations.


Figure 6

PKI is not a great way to encrypt and send large amounts of data and therefore is typically used as a first step. This first step encryption allows two parties to select a key for symmetric secret key encryption. The two groups use keys that have been generated for the message to be sent by a key distribution center. The keys are not the same but are shared between the distribution center which enables the message to be read. The symmetric keys are encrypted in the RSA method.

To meet the need for authentication and integrity are digital signatures and certificates. As detailed in the E-Commerce Digest (2010) the process is described as;

A plain text message is run through a hash function and so given a value: the message digest. This digest, the hash function and the plain text encrypted with the recipient's public key is sent to the recipient. The recipient decodes the message with their private key, and runs the message through the supplied hash function to that the message digest value remains unchanged (message has not been tampered with). Very often, the message is also time stamped by a third party agency, which provides non-repudiation.


Figure 7

Authentication is provided with a third party by checking the digital certificate. This document is issued by a certificate authority such as VeriSign that identifies each merchant from one another and lets you know that the site that you are on is the real deal.

Secure Socket Layers (SSL) also plays a very important role in providing you with security and ensuring authentication. To verify that a secure session is taking place is typically indicated by a key icon located at the bottom of the web browser being used as well as the address bar displaying HTTPS before the web link. SSL sits between the transport protocol and the application and provides what is known as Transport Layer Security (TLS).

SSL is comprised of multiple steps. The first step is fragmentation in which each upper-layer message is fragmented into blocks of 16384 bytes or less followed by optional compression. Next a message authentication code is computed in which a shared secret key is used. A hash code is calculated with a message, a secret key, and some padding and the receiver does the same calculation and compares the incoming MAC value with the value that it just computed. If the values match then no alteration of the message happened in transit and if they do not match then an attached altered the message or an error had occurred and data was lost. After this step the compressed message plus the MAC are encrypted using symmetric encryption and a header is added.


Figure 8

The handshaking protocol portion of SSL is considered the most complex. This protocol allows the server and client to authenticate one another and negotiate an encryption and MAC algorithm and crypto keys to be used to protect data sent in an SSL record. Stallings (1998) provides a nice easy to read chart on how the SSL handshake protocol works:

Figure 9

With SSL the consumer can feel confident that their credit card and other personal information will be transmitted safely from their internet device to the e-commerce business that their purchase was performed at. The next logical step in security actually takes place at the web server where the consumers data is now being stored which itself is vulnerable to attack from outside forces, such as hackers, intent on gaining access to this valuable information for their own personal gain and fortune. A way to minimize the merchants’ actual involvement in holding this personal information was developed called Secure Electronic Transaction (SET). This method was developed by Visa and MasterCard and uses PKI for privacy and digital certificates to authenticate the merchant, consumer and bank. SET does not make it possible for sensitive information to be seen by the merchant nor is anything stored by them on their own servers.


Granger, Sarah. (2006). Social Engineering Reloaded. Security Focus. Retrieved April
3, 2006 from

Hollows, Phil. (2005). Hackers are Real-Time. Are You? Sarbanes-Oxley Compliance
Journal. Retrieved April 3, 2006 from

Similar Documents

Premium Essay

Network Security

...Network Security When it comes to networking and the security of networks, there are several different methods of protecting networks. Of these differing methods, some of them sound similar, but provide differing levels of security. In the following paragraphs, I will try to explain the differences between some of the methods used. • Explain the difference between historical and statistical logging. Logging is a simple way of keeping a record of activity on a network. There are several types of logs that can be kept, each providing different data that can be analyzed to provide information on potential ways of improving security over time. With historical logging, records are kept of all data passing through a particular network device. This might be the gateway separating a network from the outside world or an internal router on the network. In either case, the record kept can then be analyzed at a later date and hopefully provide insight on the security of the network. Statistical logging is a more efficient form of logging and includes some analysis already built into the report. This information might include which users were logged in during which time frames, what files were accessed, and how long they were logged in. By watching for different trends in this type of report, potentially harmful activity is more easily identifiable and mitigated. • Explain the difference between file security and firewalls. Firewalls provide a barrier between internal networks...

Words: 966 - Pages: 4

Premium Essay

Response Profile

...many ways. The birth of technology is a prolific boon to the mankind. Technology has made our world a better and safe place bringing forward unknown facts and also helping with many new ways to take up unidentified, difficult tasks at ease and complete it within seconds (Alston, 1987). Technology has totally changed the whole scenario of our world, starting from business to science every field; every sector has been boosted with the rapid change in technology in the past few decades. The era of this technology can be termed as the technological revolution that has potentially brought forward major prospects for the mankind. But, this evolution of this technology has also brought forward major drawbacks and curse. In one word we understand technology means computers, cell phones, Information technology (IT) etc. All along with this one major thing that technology has brought along with it is cyber crime and cyber-attacks. These cyber attacks are very dangerous in terms of information technology. These cyber-attacks cause huge damages which cannot be described in words. These damages are so prolific and potentially dangerous that it can actually root over the whole system and can also harm down major sources and even an individual’s life. This operation of cyber-attacks are mainly performed by the hacktivists, who prolifically without any major order or permission takes down information from the system (computers) and perform illegal task with the major sources they get......

Words: 4844 - Pages: 20

Premium Essay

Cyber Forensics

...International Journal on New Computer Architectures and Their Applications (IJNCAA) 2(1): 127-137 The Society of Digital Information and Wireless Communications, 2012 (ISSN: 2220-9085) Cyber Forensics: Computer Security and Incident Response Virginiah Sekgwathe1, Mohammad Talib2 1 Directorate on Corruption and Economic Crime, Gaborone, BOTSWANA 2 Department of Computer Science, University of Botswana, BOTSWANA ABSTRACT The intensification of Information and Communications Technology usage in all facets of life exceedingly amplify the incidents of information security policy breaches, cyber crimes, fraud, commercial crimes, cyber laundering etc, hence require a well developed approach to tackle these incidents in order to realize legally defensible digital evidence. Since electronic evidence is fragile and can easily be modified, finding this data, collecting, preserving, and presenting it properly in a court of law is the real challenge. There is a need for use of semantic analysis to discover underlying security policy requirements and internal power structures and institutionalization of anti cyber attack, antimoney-laundering and regulatory schemes. The first responders to cyber security incidents often than always are an organization ICT personnel who are technically sound though may be deficient in investigative skill. The scientific standards of cyber forensics dictates the procedure as it......

Words: 5129 - Pages: 21

Premium Essay

Cyber Security: Physical and Digital Security Measures

...Cyber Security: Physical and Digital Security Measures Abstract Due to the issues associated with cyber security and the appropriate application thereof, this paper will strive to address different cybersecurity measures that may be employed, both physically and digitally. It will identify what cyber security is, measures that may be taken, the tools needed to ensure implementation, and provide information regarding the different resources and programs necessary to work to effect greater success in the application thereof. Keywords: cyber security, physical security, digital security, security measures, definition, tools, resources Cyber Security: Physical and Digital Security Measures Introduction In spite of the increasingly prevalent use of technology in today’s digital world, many organizations find the concept of cyber security to be somewhat of a mystery. As a result of a lack of knowledge or an inability to appropriately apply that knowledge, companies like Target, Home Depot, and even Sony, among others, find themselves faced with security nightmares that could have just as easily been avoided (Yang & Jayakumar, 2014; Home Depot, 2014; Steinberg, 2014). In order to be able to approach cyber security properly, an organization must both have the knowledge necessary to implement a system designed to secure their digitized data and must have the ability to apply that knowledge within the constructs of their systems in order to ensure that a breach does......

Words: 3485 - Pages: 14

Premium Essay

Cyber Security

...INTRODUCTION: This research report conducts analysis on security. Technology these days is going up very fast and technology has been changed the route business administered by giving online services to their customers, to secure data in to “cloud” and allowing them to get their data from smart phones and tablets. This process of securing data has given many benefits to small and large business alike. But where the benefits are there will be some risk present. Risk will be like lost of data or to protect data by any attack of security. According to a survey which took place in 2012 about security, the graph of crimes and security attacks is gradually going up every year. As we talk about security it’s a very huge field to do research on it. Security has many different units in a field. One can’t do a research on this topic. The topic I am going to discuss in my research is cyber security. Cyber security these days is important everywhere. Where ever the data is, we need cyber security to protect and maintain our data according to our requirements Cyber crime is far reaching, general and continually joined with different parts of the criminal natural gathering. It runs from the thievery of a specific's character to the complete interruption of a nation's Internet compromise in light of a huge trap against its masterminding and taking care of assets. The definite focus of cybercrime divisions is on information-the information which is stored electronically for resulting......

Words: 1426 - Pages: 6

Premium Essay

Information Security Policy in Malaysia.

...Introduction Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Governments, military, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about a businesses customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement. For the individual,......

Words: 6195 - Pages: 25

Free Essay

Steganography: a Review of Information Security Research and Development in Muslim World

...Steganography: A Review of Information Security Research and Development in Muslim World Abstract Conveying secret information and establishing hidden relationship has been a great interest since long time ago. Therefore, there are a lot of methods that have been widely used since long past. This paper reviewed one of the methods for establishing hidden communication in information security and has gained attraction in recent years that is Steganography. Steganography is the art and science of hiding a secret message in a cover media such as image, text, signals or sound in such a way that no one, except the intended recipient knows the existence of the data. In this paper, the research and development of steganography from three years back starting from 2010 until recently, 2013 in Muslim world are reviewed. The future research in the field of Steganography is briefly discussed. Keywords Cover Image, Stego Image, Cryptography, Steganography, Information Hiding, Information Security, Muslim World 1 Introduction In today’s information technology era, the internet has played a vital part in the communication and information sharing. Due to the rapid development in Information Technology and Communication and the Internet, the security of the data and the information has raised concerned. Every day, confidential data has been compromised and unauthorized access of data has crossed the limits. Great measures should be taken to protect the data and information [5,......

Words: 3746 - Pages: 15

Free Essay

Cyber Law

...FULL PAPER. AUTHOR’S NAME: NUPUR AGARWAL AFFILIATION: INSTITUTE OF LAW , NIRMA UNIVERSITY MAILING ADDRESS: 1 , RADHANPUR SOCIETY , BEHIND SWAMINARAYAN MANDIR , RAMBAUG , MANINAGAR , AHMEDABAD – 380008 PHONE NO: 09898839289 EMAIL-ID: CO-AUTHOR’S NAME: NUPUR JOSHI AFFILIATION: UNITED WORLD , SCHOOL OF LAW MAILING ADDRESS: 67, SWAGAT CITY , GANDHINAGAR – MEHSANA ROAD ADALAJ GANDHINAGAR PHONE NO: 9408968686 EMAIL-ID: TITLE OF THE PAPER: CYBER SPACE MASS SURVEILLANCE PROGRAMS,INFRINGEMENT OF PRIVACY OF INDIVIDUALS, BY STATE IN THE NAME OF NATIONAL SECURITY. ABSTRACT: In this present era of cyber revolution and globalization, citizens have turned into “Netizens”. The advancements in the field of technology is also accompanied with the development of various methods of surveillance and intervention by the State into individuals’ private information. Governments are keeping an eagle eye by monitoring individual's movements, businesses transactions and also the means of communication, which includes cyberspace. It is alleged that the United States of America’s National Security Agency runs a program known as PRISM, which enables the US government to gain access to e- mails , conversations, pictures, voice calls and even sign in details of people using websites and applications associated with 1|Page Facebook, Yahoo, Microsoft, to name a few. Failure of cyber law mechanisms and national authorities to advance legislation......

Words: 6245 - Pages: 25

Free Essay

The New Digital Age

...Yen Nguyen ISM 6026 The New Digital Age – Reshape the Future of People, Nation and business book review “The New Digital Age” by Eric Schmidt and Jared Cohen gives us their vision of how technology will impact and reshape our lives in the future; a world of fully connectivity where every individual will be a part of the whole virtual world through the critical development of technology. Schmidt and Cohen’s argument is that the rapid improvement of computer technology with internet access will significantly connect and transfer every aspect of life from the physical world to the new virtual one, whether it is for the better, for the worse, or just different. The book also addresses the way humans interact with, apply, and explore technology in life and the guidance for humans to adapt the changes in the new technological revolution. The two authors start by introducing a variety of new technologies which are created and used to increase our efficiency such as smart devices, “additive manufacturing” _ 3-D printing, artificial intelligence, voice and gesture recognition, and robotics. These new technologies provide new opportunities for not only business but also many other fields including: education, healthcare, and entertainment. They indicate that the global trend will be supported strongly as connectivity spreads become power in the future, and an effective working environment will be created when the new technology’s invention removes language and......

Words: 1182 - Pages: 5

Premium Essay

Data Encryption

...Unit 2 Assignment – Data Encryption Security & Lab 3.10D and Lab 3.10E Oren Shedo Kaplan University Abstract Computer key encryption is becoming popular day by day because of hackers within the online world. Hackers are cracking into peoples systems left and right for their own personal gain and gaining information that can be used for identity theft. Identity theft is one of the biggest cybercrimes out there today. There are numerous security protocols and techniques out there to secure your computer though from hackers and curious people out there in the Internet. Security protocols such as secure socket layer and transport layer security are the most popular now for securing ecommerce websites. Secure socket layer is even popular for securing peoples email system as well as sender policy framework for filtering spam mail and not cluttering your inbox with junk. Another topic that is popular these days is what type of security key should we put on our networks. This report will go through why a WPA2 type security key is vital to a network for security. Part 1 - Lab 3.10D – Using the Windows Encrypting File System (EFS) 1. 2 to 6. 7. When a networked user tried to access the encrypted test3 folder, they were given an access denied error. 9. 11. When transferring test1.txt into the test3 folder, it turned into an encrypted file. 12. 13-14. for #13, the test5.txt stayed encrypted within the test folder. 16. Operation of exporting certificate......

Words: 1801 - Pages: 8

Premium Essay

Mis 513 Chapter1

...CHAPTER 1 Managing in the Digital World CHAPTER OBJECTIVES After reading this chapter, you will be able to do the following: 1. 2. 3. 4. 5. Describe the characteristics of the digital world and the advent of the information age. Define globalization, describe how it evolved over time, and describe the key drivers of globalization. Explain what an information system is, contrasting its data, technology, people, and organizational components. Describe the dual nature of information systems in the success and failure of modern organizations. Describe how computer ethics impact the use of information systems and discuss the ethical concerns associated with information privacy and intellectual property. CHAPTER OVERVIEW This chapter helps the student understand the role of information systems as organizations move into the digital world, and how they have helped fuel globalization. The student will learn what information systems are, how they have evolved to become a vital part of modern organizations, and why this understanding is necessary to become an effective manager in the digital world. The student will also learn how globalization evolved, and what opportunities globalization presents for organizations. The importance of ethics as it relates to IS is discussed especially as it relates to information privacy, accuracy, property, and accessibility. A number of cases and illustrations are used, for example, Apple products and how they have evolved over time (such......

Words: 3147 - Pages: 13

Premium Essay

Vl Bank

...VL Bank Case Security Risk Analysis Scenario: You are the chief information security officer (CISO) for the VL Bank based in Atlanta, Georgia. Recently, a highly sophisticated and cleverly orchestrated crime was brought to your attention by the information security analysts in your department and by a growing number of business customers. Your company’s commercial customers utilize a digital certificate multifactor authentication process to access wire transfers, cash management, deposit operations, and account management applications common to all business customers. The problem is that several customers have reported that new user accounts have been set up under their names without their authorization and these accounts are initiating. The main term used in risk analysis Digital certificate multifactor will be defined and will be covered along with risk mitigation . A discussion of acceptable and unacceptable risk and how to follow specific federal best practice standards for securing communications and preventing cybercrime , provide a cybercrime prevention strategy using National Institute of Standards and Technology (NIST) federal guidelines. Digital Certificate : The most common method for authentication E-commerce transaction is via the exchange of digital certificates. Its contain digital signature which is unique representation of the certification authority. The digital signature is a distinctive mark that cannot be replicated by another entity. When affixed......

Words: 2557 - Pages: 11

Free Essay

Ethics in Information Security

...Ethics in Information Security The Gramm-Leach-Bliley Act of 1999 (GLBA) The Gramm-Leach-Bliley Act requires financial institutions that offer consumers financial products or services like loans, financial or investment advice, or insurance to explain their information sharing practices to their customers and to safeguard sensitive data. Strengths: * Allow customers to know how confidential information will be treated. Instead of hoping a financial services company will treat their personal data as confidential, consumers will receive an explicit disclosure of how such information will be used by the firm. Weakness: * GLBA notices are confusing and limit the transparency of information practices. GLBA assumes a company will explain a complex set of legal definitions added to numerous exceptions to the law in a way that will allow for an informed choice and in transparent language. There are reservations about a company's desire to do this. Health Insurance Portability and Accountability Act (HIPAA) The Health Insurance Portability and Accountability Act of 1996 protect the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data exchange. Strengths: * Allows patients the legal right to see, copy, and correct their personal medical information. Also it enabled patients with pre-existing conditions to change jobs without worrying that their conditions would not be covered under a......

Words: 629 - Pages: 3

Premium Essay

Security on the Internet

...Keese Instructor: David Belva Course: CIS175 Security on the Internet The Internet has had security problems since its earliest days as a pure research project. Today, after several years and orders of magnitude of growth, is still has security problems. It is being used for a purpose for which it was never intended: commerce. It is somewhat ironic that the early Internet was design as a prototype for a high-availability command and control network that could resist outages resulting from enemy actions, yet it cannot resist college undergraduates. The problem is that the attackers are on, and make up apart of, the network they are attacking. Designing a system that is capable of resisting attack from within, is still growing and evolving at a fast pace, is probably impossible. Changes are needed, and once you have achieved a certain amount of size, the sheer inertia of the installed base may make it impossible to apply fixes. The challenges for the security industry are growing. With the electronic commerce spreading over the Internet, there are issues such as nonrepudiation to be solved. Financial institutions will have both technical concerns, such as the security of a credit card number or banking information, and legal concerns for holding individuals responsible for their actions such as their purchases or sales over the Internet. Issuance and......

Words: 2435 - Pages: 10

Free Essay


...INDIA-An Introduction Samsung India Electronics Private Limited (SIEL) is the Indian subsidiary of the US $55.2 billion Samsung Electronics Corporation (SEC) headquartered in Seoul, Korea. It is the hub of Samsung’s South West Asia Regional Operations, and looks after its business in Nepal, Bangladesh, Maldives & Bhutan besides India. SIEL commenced operations in India in December, 1995. Initially, a player only in the Colour Televisions segment, it later diversified into colour monitors (1999) and refrigerators (2003). Today, it is recognized as one of the fastest growing brands in the sphere of digital technology, and enjoys a sales turnover of over $ US 1 billion in a just a decade of operations in India. Samsung in India has a presence in the following areas of business: • • • Consumer Electronics (CE)/Audio Visual (AV) Business Home Appliances (HA) Business Information Technology (IT) Business Its operations are broadly divided into the following key sub-functions: • • • Sales & Marketing Manufacturing Software Centre Operations THE SALES & MARKETING FUNCTION Headquartered in New Delhi, Samsung India has a network of 19 branches and 16 Area Sales Offices (ASOs) located all over the country, and the number is expected to grow, as the organization continues to expand its horizons. The Sales & Marketing function at Samsung is primarily divided into two categories: • • Sales & Marketing (IT) Sales & Marketing (AV/HA) Apart from......

Words: 4641 - Pages: 19