News

kiwis urged to get new passwords by government cybersecurity agency (big password energy)
ukraine cyber agency reports cyber attack surge
plymouth households hit by clarion housing cyber attack
facebook "unintentionally uploaded" 1.5 million peoles email contacts without their consent
threat maps: https://threatmap.checkpoint.com/ThreatPortal/livemap.html

Threats

events are circumstances that has the potential (risk) to adversely affect assets (reducing their value)

intentional or unintentional (e.g., lightning) acts that can damage or compromise assets.

security is a never ending arms race. Security is improving but so are the number of potential exploits

creation ownership and control of original ideas
common breaches include software priracy
two organisatons investigate software abuse
- software and information industry association (SIIA)
- business software alliance (BSA)
enforcement of copyright laws has been attempted with technical security mechanisms (e.g., watermark, you need an account, must register the software, etc)

when a product is not delivered as expected
info systems depend of successful operation of many interdependent support systems
internet, communications, power irregularities, all affect the availability of information systems
internet:
- ISP failures can considerably undermine the availability of information
- outsourced web hosting assumes responsibility for all internet service as well as for the hardware and the web site operaing system software.
- terms of service ensure that these services are guaranteed
communication and other provider service issues include
- other untilities: telephone, water, wastewater, garbage collection
- these all affect the companies ability to function
power irregularities
- pwer exess, shortages, losses
- sensitive equipment vulnerable to and easily damaged by fluctuations
- controls can be applied to manage power quality e.g., UPS

unauthorized attempts to gain illegal access to information
competitive intelligence vs industrial espionage vs cyber terrorism
shoulder surfing
controls mark the virtual boundaries of an organisations
- controls oftentimes let trespassers know they are encroaching on an organizations cyberspace
- hackers use skill, guile, or fraud, to bypass controls protecting others information
  - expert
    - develop scripts and exploits
    - master of many skills
    - of create software (malware etc) and share with others
    - minority
  - novice
    - script kiddies
    - more common
    - use scripts written by experts
    - do not understand the systems the are hacking
    - packet monkeys: script kiddies that use worms to overload systems
  - cracker
    - cracks or removes software protections designed to precent unauthorized duplication
    - also crack passwords
  - phreaker
    - hacks the public telephone system to make free calls or disrupt services
    - more specific
also includes password attacks
- brute force- tried all possible combinations
- dictionary - include information related to the target user
- rainbow tables - a hacker with access to encrypted password, they can find the corresponding plaintext in a dataset called a rainbow table
- social engineering - e.g., attacks as posing at IT professionals to gain access toa systems information (normally by contacting other employees)