chapter 10 guo


 Chapter 10: Information Security

  1. Insider threats constitute one of the most threatening and dangerous cyber crimes we are facing today, due to their internal access to data and privileges.

  2. Money, government sponsorship, culture-related, ideology-driven, personal ego activism are all realistic and powerful factors driving the proliferation of cyber crimes.

  3. Antivirus programs are passive safeguards we use to defense against rampant computer viruses and other malicious programs

  4. Anti virus is indispensable and we cannot solely rely on anti-virus for our protection

  5. Having a clear definition as to our digital assets (things we hold on to, valuable), their scope, and constituents is a critical (often the first) step to conceive our cybersecurity strategy.


Components of a Cyber-Security Model

  • Assets/Target

  • Resource or info that needs to be protected(cost of repair or replacement)

  • We must have clear understandings and communications about the scope of assets we try to safeguard, while keeping the cost of protection, replacement and repair in mind.

  • Threat

  • Capabilities, intentions, and methods for harm to an asset can be human error, computer crime, or natural events. A person or organization that seeks to obtain or alter data or assets

  • Threats include both humans and natural factors.

  • Vulnerabilities

  • Weakness in an info system that can lead to a threat or create opportunity for bad guys to gain access to our assets

    Vulnerabilities themselves do not cause problems, except when coupled with external threats. Therefore, we must use safeguards and controls to minimize the chance/probability of how threats may exploit vulnerabilities.


  • Safeguards/Controls

  • Used to block or minimize the impact of threats, do things that make sense to enhance protection.

    We must have clear understandings and communications about the scope of assets we try to safeguard, while keeping the cost of protection, replacement and repair in mind.

  • DDOS- Distributed Denial of Service

  • Aims to take down or disable service of a victim, direct them in the wrong way/direction. DDOS can be used as a way to cause distraction, nudging the defense team in the wrong direction, or used as a way for ransom or coercion, or can be used to outperform a competition. TO safeguard against them, we often rely on collaboration with ISP (Internet Service Providers).

  • Authentication vs Authorization

  • Authentication is about gaining access to the persons who claim certain identities. Authorization is about assigning privileges to users according to their identities (allocation of resources AFTER the user is authenticated). When someone is authenticated, the person is not authorized; when someone is authorized, the person must have been authenticated somehow.

  • Encryption is about converting a plaintext to cipher, which is scrambled from plaintext to hide its original meaning and implications out of privacy or confidentiality concerns. For example, JMU → (Key=using the numerical location of each letter in the alphabet) → the same key to decrypt → JMU. If encryption and decryption are using the same key (e.g, JMU). This is symmetric encryption * private key encryption). IF we are using different keys for encryption and decryption, this is asymmetric.

  • You can think of Firewall as the TSA at the airport except the firewall inspects data coming and going out of the network. Firewall works in a similar way to antivirus, but works in a different capacity (network-focused) whereas antivirus almost exclusively works in hosts (e.g, computers). 

  • Insider threats constitute one of the most devastating and pernicious threats agents that make it almost impossible to guarantee human safeguards effectiveness.