Abstract
The State University of New York (SUNY) College at Old Westbury ( oldwestbury.edu ) is a relatively small U.S. university located in Long Island, New York. The college has 3,300 students and 122 full-time faculty. Internet access is essential for both faculty and students.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Acohido, B. “Black Hat Shows Hacker Exploits Getting More Sophisticated.” USA Today, August 3, 2011 (updated August 9, 2011).
Albanesius, C. “Microsoft, FBI Take Down ‘Citadel’ Botnet Targeting Bank Info.” PCMag.com, June 6, 2013. pcmag.com/article2/0,2817,2420046,00.asp (accessed May 2014).
Apps, P., and J. Finkle. “Suspected Russian Spyware Turla Targets Europe, United States.” Reuters.com U.S. Edition, March 7, 2014. reuters.com/article/2014/03/07/us-russia-cyberespionage-insight-idUSBREA260YI20140307 (accessed May 2014).
Bailey, T., J. Kaplan, and A. Weinberg. “Playing War Games to Prepare for a Cyberattack.” McKinsey Quarterly, July 2012.
BankWest. “About Us.” bankwest-sd.com/about.htm (accessed May 2014).
BBC News Technology, Wordpress website targeted by hackers. April 15, 2013. bbc.com/news/technology-22152296 (accessed December 2013).
BBC News Technology. “Spammers Sought After Botnet Takedown.” March 25, 2011. bbc.com/news/technology-12859591 (accessed May 2014).
Bort, J. “For the First Time, Hackers Have Used a Refrigerator to Attack Businesses.” Business Insider, January 16, 2014.
Brooks, J. “Conficker: What It Is, How to Stop It and Why You May Already Be Protected.” eWeek, March 31, 2009.
Cannel, J. “Cryptolocker Ransomware: What You Need to Know.” October 8, 2013. blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransom (accessed June 2014).
Casti, T. “Phishing Scam Targeting Netflix May Trick You With Phony Customer Service Reps.” The Huffington Post Tech, March 3, 2014a. huffingtonpost.com/2014/03/03/netflix-phishing-scam-customer-support_n_4892048.html (accessed May 2014).
Casti, T. “Scammers are Targeting Netflix Users Again, Preying on the Most Trusting among Us.” The Huffington Post Tech, April 17, 2014b. huffingtonpost.com/2014/04/17/netflix-comcast-phishing-_n_5161680.html (accessed May 2014).
Chickowski, E. “Closing the Security Gap.” Baseline, June 2, 2008. baselinemag.com/c/a/Security/Closing-the-Security-Gap/ (accessed May 2014).
Cluley, G. “Phishing and Diet Spam Attacks Hit Twitter Users.” Cluley Associates Limited, January 9, 2014. grahamcluley.com/2014/01/phishing-diet-spam-attacks-hit-twitter-users (accessed May 2014).
CompTIA. “Trends in Information Security: A CompTIA Analysis of IT Security and the Workforce.” 2008.
Constantin, L. “Kill Timer Found in Shamoon Malware Suggests Possible Connection to Saudi Aramco Attack.” PC World, August 23, 2012.
Cooney, M., “10 Common Mobile Security Problems to Attack.” PC World, September 21, 2012
Cowley, S. “Former FBI Cyber Cop Worries about a Digital 9/11.” July 25, 2012. money.cnn.com/2012/07/25/technology/blackhat-shawn-henry (accessed May 2014).
CyberSource. 13th Annual 2012 Online Fraud Report, CyberSource Corporation (2012).
CyberSource. 14th Annual 2013 Online Fraud Report, CyberSource Corporation (2013).
Dawn Ontario. “Virus Information: Guide to Computer Viruses.” Undated. dawn.thot.net/cd/206.html (accessed May 2014).
Dalton, M., and A. Grossman. Arrests signal breach in ‘darknet’ sites, November 7, 2014. online.wsj.com/articles/illegal-websites-seized-by-eu-u-s-authorities-1415368411 (Accessed November 2014).
Davis, M. A. “Data Encryption: Piling On.” Information Week Reports, January 30, 2012a.
Davis, M. A. “2012 Strategic Security Survey.” Information Week, May 14, 2012b.
Dickey, C., M. Bahari, R. Bergman, and J. Barry.“The Covert War against Iran’s Nuclear Program.” Newsweek, December 13, 2010.
Dog Breed Info Center. “Examples of Scam E-Mails.” Undated. dogbreedinfo.com/internetfraud/scamemailexamples.htm (accessed May 2014).
Drew, S. GPS loophole could allow mass smartphone hacking. August 16, 2012. geoawesomeness.com/gps-loophole-could-allow-mass-smartphone-hacking (accessed December 2014).
Duncan, G. “Why Haven’t Biometrics Replaced Passwords Yet?” Digital Trends, March 9, 2013. digitaltrends.com/computing/can-biometrics-secure-our-digital-lives/#!Qebtp (accessed May 2014).
EMC/RSA. “2013 A Year in Review.” Report # JAN RPT 0114, January 2014. emc.com/collateral/fraud-report/rsa-online-fraud-report-012014.pdf (accessed May 2014).
Esposito, R., and L. Ferran. “Feds: Cyber Criminals Hijacked 4 Million Computers.” November 9, 2011. abcnews.go.com/Blotter/feds-cyber-criminals-hijacked-million-computers/story?id=14915648 (accessed May 2014).
Falliere, N., and E. Chien. “Zeus: King of the Bots.” Security Response White paper, Symantec, November 2009.
Finkle, J. “‘Pony’ Botnet Steals Bitcoins, Digital Currencies: Trustwave.” Reuters.com US Edition, February 24, 2014. reuters.com/article/2014/02/24/us-bitcoin-security-idUSBREA1N1JO20140224 (accessed May 2014).
Fisher, R. The Book on Networks: Everything You Need to Know about the Internet, Online Security and Cloud Computing. Seattle, WA: CreateSpace Independent Publishing Platform, 2014.
Fowler, G. A., and J. Valentino-DeVries. “Spate of Cyberattacks Points to Inside India.” The Wall Street Journal, June 23, 2013.
Gandel, S. “At Financial News Sites, Stock Promoters Make Inroads.” March 20, 2014. fortunewallstreet.wordpress.com/author/stephengandelfortune/page/6 (accessed June 2014).
Gil, P. “Spyware-Malware 101: Understanding the Secret Digital War of the Internet.” July 2013. netforbeginners.about.com/od/antivirusantispyware/a/malware101.htm (accessed May 2014).
Goldman, D. “Hacker Hits on U.S. Power and Nuclear Targets Spiked in 2012.” January 9, 2013. money.cnn.com/2013/01/09/technology/security/infrastructure-cyberattacks (accessed May 2014).
Goldman, D. “The Real Iranian Threat: Cyberattacks.” November 5, 2012. money.cnn.com/2012/11/05/technology/security/iran-cyberattack (accessed May 2014).
Goldman, J. “Data Breach Roundup: January 2014.” February 14, 2014. esecurityplanet.com/network-security/data-breach-roundup-january-2014.html (accessed May 2014).
Goodchild, J. “Policy-Based Security and Access Control.” April 5, 2011. csoonline.com/article/2128022/mobile-security/case-stud--olicy-based-security-and-access-control.html (accessed June 2014).
Goodchild, J. “Social Engineering: The Basics.” December 20, 2012. csoonline.com/article/2124681/security-awareness/social-engineering-the-basics.html (accessed May 2014).
Gudkova, D. “Kaspersky Security Bulletin. Spam Evolution 2013.” Kaspersky Lab. 2014. Available for download at securelist.com/en/analysis/204792322/Kaspersky_Security_Bulletin_Spam_evolution_2013 (accessed May 2014).
Habal, R. “How to Assess Cloud-Based E-Mail Security Vendors.” eWeek, September 28, 2010.
Harkins, J.M. Spyware. Charleston, NC: CreateSpace, 2011.
HP Enterprise Security. “2013 Cost of Cyber Crime Study: Global Report.” A Ponemon Institute Research Report. October 2013. (Available for download at hpenterprisesecurity.com/register/thank-you/2013-fourth-annual-cost-of-cyber-crime-study-global ) (accessed May 2014).
IBM. “IBM X-Force Threat Intelligence Quarterly 1Q 2014.” February 2014. public.dhe.ibm.com/common/ssi/ecm/en/wgl03045usen/WGL03045USEN.PDF (accessed June 2014).
IBM Corporation. “IBM X-Force 2012 Mid-year Trend and Risk Report.” IBM Security Systems, White Paper # WGE03019-USEN-00, September 2012. public.dhe.ibm.com/common/ssi/ecm/en/wgl03014usen/WGL03014USEN.PDF (accessed May 2014).
Jaishankar, K. (Ed.). Cyber Criminology: Exploring Internet Crimes and Criminal Behavior. Boca Raton, Florida: CRC Press, 2011.
Jones and Bartlett Learning LLC. “Fundamentals of Information Systems Security: Unit 1 – Information Systems Security Fundamentals.” 2012. ccahs.net/Fundamentals.U1.pdf (accessed May 2014).
Kaiser, T. “Hackers Use Refrigerator, Other Devices to Send 750,000 Spam Emails.” January 17, 2014. dailytech.com/Hackers+Use+Refrigerator+Other+Devices+to+Send+750000+Spam+Emails+/article34161.htm (accessed May 2014).
Kalomni, R. “Dark Net 101.” Ask The Computer Guy, June 13, 2012. askthecomputerguy.com/opinions/dark-net-101 (accessed May 2014).
Kaplan, J., C. Rezek, and K. Sprague. “Protecting Information in the Cloud.” McKinsey Quarterly, January 2013.
Katz, O. “Analyzing a Malicious Botnet Attack Campaign through the Security Big Data Prism.” January 6, 2014. blogs.akamai.com/2014/01/analyzing-a-malicious-botnet-attack-campaign-through-the-security-big-data-prism.html (accessed May 2014).
Kavilanz, P. “6 Most Dangerous Cyberattacks.” (Last updated November 21, 2013a). money.cnn.com/gallery/smallbusiness/2013/11/21/dangerous-cyberattacks/index.html (accessed May 2014).
Kavilanz, P. “Cyberattacks Devastated My Business!” (Last updated May 28, 2013b). money.cnn.com/gallery/smallbusiness/2013/05/28/cybercrime/index.html?iid=Lead (accessed May 2014).
Kirk, J. “Security Company Scours ‘Dark Web’ for Stolen Data.” Computerworld, September 30, 2013.
Kitten, T. “Case Study: How to Stop Scams.” July 14, 2010. bankinfosecurity.com/case-study-how-to-stop-scams-a-2748 (accessed May 2014).
Kontzer, T. “Cyber-Attacks Spur Innovative Security Approaches.” Baseline, May/June 2011.
LabTech. “Mobile Security: Controlling Growing Threats with Mobile Device Management.” LabTech Software, White Paper #1866272, 2012. thinkhdi.com/~/media/HDICorp/Files/White-Papers/LabTech-Mobile-Security.pdf (accessed May 2014).
Kravets, D. “How China’s Army Hacked America.” May 19, 2014 arstechnica.com/tech-policy/2014/05/how-chinas-army-hacked-american-companies (accessed June 2014).
Lawinski, J. “Companies Spend on Security Amid Mobile and Social Threats.” Baseline, September 14, 2011.
Lawinski, J. “Security Slideshow: Malicious Attacks Skyrocket as Hackers Explore New Targets.” CIO Insight, May 7, 2012.
Lenovo. “Lenovo Recommends 15 Steps to Reducing Security Risks in Enterprise Mobility.” White Paper, August 2013. Available for download in.pdf format at techrepublic.com/resource-library/whitepapers/lenovo-recommends-15-steps-to-reducing-security-risks-in-enterprise-mobility/post (accessed May 2014).
Lerer, L. “Why the SEC Can’t Stop Spam.” Forbes, March 8, 2007.
Lyne, J. “What Justin Bieber’s Twitter Hack Teaches Us about Social Media Security.” March 12, 2014. forbes.com/sites/jameslyne/2014/03/12/what-justin-biebers-twitter-hack-teaches-us-about-social-security (accessed May 2014).
Mandalia, R. “Spammers, Phishers Increasingly Targeting Users of Social Networking Sites.” December 27, 2011. itproportal.com/2011/12/27/spammers-phishers-increasingly-targeting-users-social-networking-sites/ (accessed May 2014).
Mashable Team. “The Heartbleed Hit List: The Password You Need to Change.” April 9, 2014. mashable.com/2014/04/09/heartbleed-bug-websites-affected (accessed June 2014).
McAfee. “Global Energy Cyberattacks: ‘Night Dragon.’” White paper. Santa Clara, CA: McAfee Foundstone Professional Services and McAfee Labs, February 10, 2011. mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf (accessed May 2014).
McMillan, R. “90 Percent of E-Mail Is Spam, Symantec Says.” PCWorld, May 26, 2009. pcworld.com/article/165533/article.html (accessed May 2014).
McNeal, A. “What’s Your Fraud IQ?” Journal of Accountancy, August 2012. journalofaccountancy.com/Issues/2012/Aug/20125443.htm (accessed May 2014).
MessageLabs. “How to Defend Against New Botnet Attacks.” A MessageLabs (Now Part of Symantec) White paper, 1011979. 2009.
Murray, A. C. “Omnipotent Hacker Myth Lets Business Off the Hook.” InformationWeek, June 27, 2011. informationweek.com/it-leadership/omnipotent-hacker-myth-lets-business-off-the-hook/d/d-id/1098580 (accessed May 2014).
Nakashima, E. “Foreign Hackers Targeted U.S. Water Plant in Apparent Malicious Cyber Attack, Expert Says.” Washington Post, November 18, 2011. washingtonpost.com/blogs/checkpoint-washington/post/foreign-hackers-broke-into-illinois-water-plant-control-system-industry-expert-says/2011/11/18/gIQAgmTZYN_blog.html (accessed May 2014).
News24. “Hackers Hit Western Oil Firms.” News24.com, February 11, 2011. news24.com/SciTech/News/Hackers-hit-Western-oil-firms-20110211 (accessed May 2014).
Nuerm, J. Identity Theft Manual: Practical Tips, Legal Hints and Other Secret Revealed. Seattle, WA: Amazon Digital Services, Inc., 2012.
Nugent, J. “Classical Bank Robbery with a Cyber Twist.” Forbes.com, November 11, 2013. forbes.com/sites/riskmap/2013/11/08/classical-bank-robbery-with-a-cyber-twist (accessed May 2014).
Pagliery, J. “Drug Site Silk Road Wiped Out by Bitcoin Glitch.” CNN Money, February 14, 2014. money.cnn.com/2014/02/14/technology/security/silk-road-bitcoin (accessed May 2014).
Palgon, G. “Simple Steps to Data Protection.” Security Management, June 2008. (No longer available online.)
Pate, S. “Encryption as an Enabler: The Top 10 Benefits.” April 30, 2013. networkworld.com/news/tech/2013/042613-encryption-269183.html?page=1 (accessed May 2014).
Pattison, III, W. B. Attack of the Internet: Phishing Attempts, Pharming Scams, Swindles and Frauds. Seattle, WA: Amazon Digital Services, Inc., 2012.
Perez, E. “Hackers Siphoned $70 Million.” Wall Street Journal, Updated October 2, 2010.
Phneah, E. “Five Security Risks of Moving Data in BYOD Era.” February 4, 2013. zdnet.com/five-security-risks-of-moving-data-in-byod-era-7000010665 (accessed May 2014).
Pontrioli, S. “Social Engineering, Hacking the Human OS.” December 20, 2013. blog.kaspersky.com/social-engineering-hacking-the-human-os (accessed May 2014).
Prince, B. “Kneber Botnet Highlights Trend of Social Networking Data Being Used by Hackers.” eWeek, February 18, 2010a.
Prince, B. “Massive Check Fraud Operation Run by Hackers Revealed at Black Hat.” eWeek, July 28, 2010b.
PWC. “Key Findings from the 2013 US State of Cybercrime Survey.” June 2013. pwc.com/en_US/us/increasing-it-effectiveness/publications/assets/us-state-of-cybercrime.pdf (accessed June 2014).
Rand, D. “Threats When Using Online Social Networks.” CSIS Security Group, May 16, 2007. csis.dk/downloads/LinkedIn.pdf (accessed May 2014).
Reisinger, D. “10 Mobile Security Issues that Should Worry You.” eWeek, February 11, 2014.
Reske, H. J., and J. Bachmann. “Lieberman Worried that Cyber Attack ‘Could be Imminent.’” July 24, 2012. newsmax.com/TheWire/cyber-attacklieberman-bill/2012/07/24/id/446429 (accessed May 2014).
Riley, M., B. Elgin, D. Lawrence, and C. Matlack. “Missed Alarms and 40 Million Credit Cards Numbers: How Target Blew It.” Businessweek.com, March 13, 2014. businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data (accessed May 2014).
Rhodes-Ousley, M. Information Security the Complete Reference, 2nd edition. New York: McGraw-Hill, 2013.
Rubens, P. “Biometric Authentication: How it Works.” August 17, 2012. esecurityplanet.com/trends/biometric-authentication-how-it-works.html (accessed May 2014).
Russell, K. “Here’s How to Protect Yourself from the Massive Security Flaw That’s Taken over the Internet.” Business Insider, April 8, 2014.
Sarrel, M. “Stay Safe, Productive on Social Networks.” eWeek, March 28, 2010.
Schwartz, M. J. “10 Best Ways to Stop Insider Attacks.” Information Week Dark Reading, March 12, 2012. darkreading.com/attacks-and-breaches/10-best-ways-to-stop-insider-attacks-/d/d-id/1103321? (accessed May 2014).
Schwartz, M. J. “Target Breach: Phishing Attack Implicated.” Information Week Dark Reading, February 13, 2014. darkreading.com/attacks-and-breaches/target-breach-phishing-attack-implicated/d/d-id/1113829 (accessed May 2014).
Scott, W. Information Security 249 Success Secrets- 249 Most Asked Questions on Information Security- What You Need to Know. Brisbane, Queensland, Australia: Emereo Publishing, 2014.
Smith, C. “It Turns Out Target Could Have Easily Prevented Its Massive Security Breach.” March 13, 2014. bgr.com/2014/03/13/target-data-hack-how-it-happened (accessed May 2014).
Snyder, J. “Staying One Step Ahead of Modern Hackers.” BizTech Magazine, March 14, 2014.
Stone, B. “Sports Leagues Battle Video Pirates Showing Bootleg Live Games on Internet.” February 24, 2011. bloomberg.com/news/2011-02-24/sports-leagues-battle-video-pirates-showing-bootleg-live-games-on-internet.html (accessed May 2014).
Suby, M. “The 2013 (ISC)2 Global Information Security Workforce Study.” Mountain View, CA: Frost and Sullivan, 2013.
Sullivan, D. “The Shortcut Guide to Business Security Measures Using SSL.” Symantec White paper, Realtime Publishers, 2009. Available for download at realtimepublishers.com/chapters/1562/sgbsmus-2.pdf (accessed May 2014).
SUNY College at Old Westbury. “Website Privacy Policy Statement.” 2014. oldwestbury.edu/policy/privacy_policy.cfm (accessed May 2014).
Swann, C. T. Marlins Cry a Phishing Story. Spokane, WA: Cutting Edge Communications, Inc., 2012.
Symantec. “Infographic: The State of Financial Trojans 2013.” Updated January 8, 2014. symantec.com/connect/blogs/state-financial-trojans-2013 (accessed June 2014).
Symantec. “Reducing the Cost and Complexity of Web Vulnerability Management.” White Paper, Symantec Corp., 2011. verisign.com/ssl/ssl-information-center/ssl-resources/vulnerability-management-whitepaper.pdf (accessed May 2014).
Symantec. Symantec Report on the Underground Economy: July 07–June 08. Symantec Corp., November 2008, Report #14525717. eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_underground_economy_report_11-2008-14525717.en-us.pdf (accessed May 2014).
Symantec. “Web-Based Attacks.” White paper, #20016955, February 2009. symantec.com/content/en/us/enterprise/media/security_response/whitepapers/web_based_attacks_02-2009.pdf (accessed May 2014).
Talabis, M., and J. Martin. Information Security Risk Assessment Toolkit: Practical Assessment through Data Collection and Data Analysis. Maryland Heights, MO: Syngress, 2013.
Teller, T. “Social Engineering: Hacking the Human Mind.” Forbes, March 29, 2012.
Thomson, L. (Ed.) Data Breach and Encryption Handbook. Chicago, IL: American Bar Association, 2012.
Timberg, C. “Foreign Regimes Use Spyware against Journalists, Even in U.S.” February 12, 2014. washingtonpost.com/business/technology/foreign-regimes-use-spyware-against-journalists-even-in-us/2014/02/12/9501a20e-9043-11e3-84e1-27626c5ef5fb_story.html (accessed May 2014).
Wang, R. “Malware B-Z: Inside the Threat from Blackhole to Zero Access.” A Sophos White Paper, Sophos Ltd., January 2013. sophos.com/en-us/medialibrary/Gated%20Assets/white%20papers/sophos_from_blackhole_to_zeroaccess_wpna.pdf (accessed May 2014).
Westervelt, R. “Top 10 BYOD Risks Facing the Enterprise.” July 26, 2013. crn.com/slide-shows/security/240157796/top-10-byod-risks-facing-the-enterprise.htm (accessed May 2014).
Willhite, J. “On Alert against Cybercrime.” The Wall Street Journal Blogs – CFO Journal, August 13, 2013. blogs.wsj.com/cfo/2013/08/13/on-alert-against-cybercrime (accessed May 2014).
Worley, B., “Does Your PC Have a Virus? Or Is It Just Slow?” April 4, 2012. news.yahoo.com/blogs/upgrade-your-life/does-pc-virus-just-slow-181117610.html (accessed May 2014).
Yadron, D. “Newest Hacker Target: Ads.” The Wall Street Journal Tech, January 31, 2014. online.wsj.com/news/articles/SB10001424052702303743604579350654103483462 (accessed May 2014).
Author information
Authors and Affiliations
1 Electronic Supplementary material
Glossary
- Access control
-
A defense mechanism that determines who (person, program, or machine) can legitimately use the organization’s computing resources (which resources, when, and how).
- Application controls
-
Controls that guard applications.
- Authentication
-
A process to verify (assure) the real identity of an EC entity, which could be an individual, software agent, computer program, or EC website.
- Authorization
-
The provision of permission to an authenticated person to access systems and perform certain operations in those specific systems.
- Availability
-
The assurance that access to any relevant data, information websites, or other EC services and their use is available in real time, whenever and wherever needed.
- Banking Trojan
-
Malicious software programmed to create damage when users visit certain online banking or e-commerce sites.
- Biometric authentication
-
A technology that measures and analyzes the identity of people based on measurable biological or behavioral characteristics or physiological signals.
- Biometric systems
-
A system that can identify a previously registered person by searching through a database for a possible match based on the person’s observed physical, biological, or behavioral traits, or the system can verify a person’s identity by matching an individual’s measured biometric traits against a previously stored version.
- Botnet
-
Malicious software that criminals distribute, usually to infect a large number of computers.
- Business continuity plan
-
A plan that keeps the business running after a disaster occurs. Each function in the business should have a valid recovery capability plan.
- Business impact analysis (BIA)
-
An analysis of the impact of losing the functionality of an EC activity (e.g., e-procurement, e-ordering) to an organization.
- Certificate authorities (CAs)
-
Independent agencies that issue digital certificates or SSL certificates, which are electronic files that uniquely identify individuals and websites and enable encrypted communication.
- CIA security triad (CIA triad)
-
A point of reference used to identify problem areas and evaluate the information security of an organization that includes confidentiality, integrity, and availability.
- Ciphertext
-
An encrypted plaintext.
- Controlling the assault of non-solicited pornography and marketing (CAN-SPAM) act
-
Law that makes it a crime to send commercial e-mail messages with spam.
- Cracker
-
A malicious hacker who may be more damaging than a hacker.
- Confidentiality
-
The assurance of data secrecy and privacy. Namely, the data is disclosed only to authorized people.
- Cybercrime
-
Intentional crimes carried out on the Internet.
- Cybercriminal
-
A person who intentionally carries out crimes over the Internet.
- Data breach
-
A security incident in which data are obtained illegally and then published or processed.
- Denial-of-service (DoS) attack
-
“A malicious attempt to make a server or network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet.” (Incapsula, Inc.)
- Detection measures
-
Methods that help find security breaches in computer systems. Usually this means to find out whether intruders are attempting (or have attempted) to break into the EC system, whether they were successful, whether they are still damaging the system, and what damage they may have done.
- Deterrent methods
-
Countermeasures that make criminals abandon their idea of attacking a specific system (e.g., a possible deterrent is a realistic expectation of being caught and punished).
- Digital envelop
-
The pair of encryptions that occurs the sender encrypts with the recipients’ public key, both the original message and the digital signature.
- Digital signatures
-
The electronic equivalent of personal signatures on paper. They are difficult to forge since they authenticate the identity of the sender that uses the public key.
- EC security strategy
-
Multiple layers of defense that includes several methods. This defense aims to deter, prevent, and detect unauthorized entry into an organization’s computer and information systems.
- E-mail spam
-
Occurs when almost identical messages are e-mailed to many recipients (sometimes millions of unsolicited e-mails).
- Encryption
-
The process of encoding data into a form (called a ciphertext) that will be difficult, expensive, or time-consuming for an unauthorized person to understand.
- Encryption algorithm
-
The set of procedures or mathematical algorithms used to encrypt or decrypt a message.
- Exposure
-
The estimated cost, loss, or damage that can result if a threat exploits a vulnerability.
- Firewalls
-
Barriers between an internal trusted network (or a PC) and the untrustworthy Internet. Technically, it is composed of hardware and a software package that separates a private computer network (e.g., your LAN) from a public network (the Internet).
- Fraud
-
Any business activity that uses deceitful practices or devices to deprive another of property or other rights.
- General controls
-
Controls designed to protect all system applications.
- Hacker
-
Someone who gains unauthorized access to a computer system.
- Hash function
-
A secured mathematical algorithm applied to a message.
- Honeynet
-
A network of honeypots designed to attract hackers, just as bees are attracted to honey.
- Honeypot
-
Simulated information system components such as EC servers, payments gates, routers, database servers, and even firewalls that look like real working systems.
- Identity theft
-
Wrongfully obtaining and using the identity of another person in some way to commit crimes that involve fraud or deception (e.g., for economic gain).
- Information assurance (IA)
-
The performance of activities (steps) to protect information systems and their processes against all risks. The assurance includes all tools and defense methods.
- Information security
-
Measures taken to protect information systems and their processes against all risks.
- Integrity
-
The assurance that data are accurate and that they cannot be altered.
- Internet underground economy
-
E-markets for stolen information made up of thousands of websites that sell credit card numbers, social security numbers, e-mail addresses, bank account numbers, social network IDs, passwords, and much more.
- Intrusion detection system (IDS)
-
A device composed of software and/or hardware designed to monitor the activities of computer networks and computer systems in order to detect and define unauthorized and malicious attempts to access, manipulate, and/or disable these networks and systems.
- Key (key value)
-
The secret piece used with the algorithm to encrypt (or decrypt) the message.
- Key space
-
The total universe of possible key values that can be created by a specific encryption algorithm.
- Keystroke logging (keylogging)
-
The process of using a device or software program that tracks and records the activity of a user in real time (without the user’s knowledge or consent) by the keyboard keys they press.
- Macro virus (macro worm)
-
A malware code that is attached to a data file rather than to an executable program (e.g., a Word file).
- Malware (malicious software)
-
A generic term for malicious software.
- Message digest
-
The results of the hash function that is a special summary of the message converted into a string of digits.
- Nonrepudiation
-
The assurance that online customers or trading partners cannot falsely deny (repudiate) their purchase, transaction, sale, or other obligation.
- Packet
-
Segment of the data and information exchanged between computers over the Internet.
- Page hijacking
-
Illegally copying website content so that a user is misdirected to a different website.
- Penetration test (pen test)
-
A method of assessing the vulnerability of a computer system, which is done by allowing experts to act as malicious attackers.
- Personal firewall
-
A firewall that protects desktop systems by monitoring all incoming traffic to your computer.
- Pharming
-
A scam where malicious code is installed on a computer and used to redirect victims to a bogus websites without their knowledge or consent.
- Phishing
-
A fraudulent process of attempting to acquire sensitive information by masquerading as a trustworthy entity.
- Plaintext
-
A human-readable text or message.
- Prevention measures
-
Ways to help stop unauthorized people from accessing the EC system (e.g., by using authentication devices and firewalls or by using intrusion prevention which is, according to TechTarget “a preemptive approach to network security used to identify potential threats and respond to them swiftly”).
- Private key
-
A key that only its owner knows.
- Protocol tunneling
-
Method used to ensure confidentiality and integrity of data transmitted over the Internet by encrypting data packets, and then encapsulating them in packets that can be transmitted across the Internet.
- Public key
-
A key that is known to all.
- Public (asymmetric) key encryption
-
An encryption method that uses two keys: public key and private key.
- Public key infrastructure (PKI)
-
A comprehensive framework for securing data flow and information exchange that overcomes some of the shortcomings of the one-key system.
- Risk
-
The probability that a vulnerability will be known and used.
- Search engine spam
-
The technology that enables the creation of spam sites.
- Social engineering
-
A type of nontechnical attack that uses some ruse to trick users into revealing information or performing an action that compromises a computer or network.
- Spam
-
The electronic equivalent of junk mail.
- Spam site
-
Pages that trick search engines into offering biased search results such so that the ranking of certain pages is inflated.
- Splog
-
Blogs created by spammers solely for advertising.
- Spyware
-
Tracking software that is installed by criminals or advertisers, without the user’s consent, in order to gather information about the user and direct it to advertisers or other third parties.
- Standard of due care
-
The minimum and customary practice that a company is reasonably expected to take to protect the company and its resources from possible risks.
- Symmetric (private) key encryption
-
A scheme in which the same key is used to encrypt and decrypt the plaintext.
- Trojan horse
-
A program that seems to be harmless or even looks useful but actually contains a hidden malicious code.
- Virtual private network (VPN)
-
A network that uses the Internet to transfer information in a secure manner.
- Virus
-
Programmed software inserted by criminals into a computer to damage the system; running the infected host program activates the virus.
- Vulnerability
-
Weakness in software or other mechanism that threatens the confidentiality, integrity, or availability of an asset (recall the CIA model). It can be directly used by a hacker to gain access to a system or network.
- Vulnerability assessment
-
A process of identifying and evaluating problem areas that are vulnerable to attack on a computerized system.
- Worm
-
A software code that can replicate itself automatically (as a “standalone” – without any human intervention). Worms use networks to propagate and infect a computer or handheld device and can even spread via instant messages.
- Zombies
-
Computers infected with malware that are under the control of a spammer, hacker, or other criminal.
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Turban, E., King, D., Lee, J.K., Liang, TP., Turban, D.C. (2015). E-Commerce Security and Fraud Issues and Protections. In: Electronic Commerce. Springer Texts in Business and Economics. Springer, Cham. https://doi.org/10.1007/978-3-319-10091-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-10091-3_10
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10090-6
Online ISBN: 978-3-319-10091-3
eBook Packages: Business and EconomicsBusiness and Management (R0)