Presentation is loading. Please wait.

Presentation is loading. Please wait.

41914F / 4A & 4B Laws, Investigations & Ethical Issues in Security (CIM3562) Test 1 Revision.

Published byRandolph Pope Modified over 6 years ago

Similar presentations

Presentation on theme: "41914F / 4A & 4B Laws, Investigations & Ethical Issues in Security (CIM3562) Test 1 Revision."— Presentation transcript:

1 41914F / 4A & 4B Laws, Investigations & Ethical Issues in Security (CIM3562)
Test 1 Revision

2 Laws, Investigations & Ethical Issues in Security (CIM3562)
Date: 11th April 2013 (Monday), Week 32 Venue: CW/305 Duration : 1 hr. during Lecture (10:20am – 11:20am) Coverage : Chapter 0 to Chapter 3 (up to Slide 61 – up to 3.4.7) Section A : Multiple Choice (30%) Section B : Short Questions (50%) Section C : Long Questions (20%) – Case Study

3 Chapter 0 – HK Legal System
Classification of Laws Criminal Law & Civil Law The Court Hierarchy Magistracy, District Court, High Court, Court of Appeal Highest Level – Court of Final Appeal Major Sources of HK Laws Basic Law HK Ordinances Case Law

4 Chapter 1 What is a computer? What is an information system?
defined in HK Ordinance – Evidence Ordinance (Cap.8 S.22A) “Computer” is defined as “any device for storing, processing or retrieving information”. What is an information system? defined in HK Ordinance – Electronic Transaction Ordinance (Cap.553) … … … => Check it out! What is computer related crime? Computer crime (computer related crime, technology crime, cyber crime) refer to any illegal act committed by application of computer technologies or usage of such technology as a means in the commission of the offence.

5 Chapter 1 Three major categories of computer related crime?
Crime that is directly targeted at the computer e.g. hacking Crime that uses the Internet e.g. online gambling, pornography Crime that involves the retrieval of digital data of evidential value e.g. fraud-data storage or payment record Impacts of computer crime Loss of data and Information Damage of IT resources Wasting bandwidth Unavailability of service … … … Tools for fighting computer crime Firewall, IDS/IPS, risk assessment, Auditing Security for Server / Network => IPS/IDS, Firewall, Log, … … Client machine (e.g. MS Windows XP, MS Windows 7)

6 Chapter 2 Governance of HKSAR Computer / Cyber Crime Ordinances
3 major principles => a follower of global trend, Maintain stability & prosperity, a free trading port Computer / Cyber Crime Ordinances Telecommunications Ordinance Crime Ordinance Theft Ordinance How to apply these ordinances in real cases? Identify which ordinance should be used Identify the key elements (with reference to corresponding section(s) of the ordinance)

7 Chapter 2 TWO perspective to view cyber crime
Criminological, Computer Security HK Ordinance for advancement of Internet Technology Copyright Ordinance, Control of Obscene and Indecent Articles Ordinance, Gambling Ordinance, Personal Data (Privacy) Ordinance 5 group of users for policing of cyberspace (with examples) Internet users and Internet user group Internet service providers Private police agencies State-funded non-public police organization State funded police organization

8 Chapter 3 What is information security?
Refer to the protection of information in order to achieve “C-I-A” Confidentiality, Integrity and Availability Examples of threats and related security concerns e.g. Denial of service attack – availability … … … … What are the three parties in e-Service? Individual (including customers and citizens), Business (including public organization) and Government (C, B and G) B2B, B2C, G2C, G2B, G2B Security tools for electronic services Secure Socket Layer (SSL), Secure Electronic Transaction (SET),Public Key Infrastructure (PKI) and Digital Certificate

9 Chapter 3 TEN Common Vulnerabilities in Web Applications (OWASP)
Cross site scripting (XSS), Injection Flaws, Malicious File Execution, Insecure Direct Object Reference, Cross Site Request Forgery (CSRF), Information Leakage and Improper Error Handling, Broken Authentication and Session Management, Insecure Cryptographic Storage, Insecure Communications, Failure to Restrict URL Access Security Certification – Product Neutral Security Certification – Product Oriented

10 Chapter 3 Security Certification – Product Neutral
DRI Internationals Business Continuity Professional Certificate (BCP) => CBCP, ABCP, CFCP, MBCP SANS Global Information Security Assurance Certifications (GIAC) => GCFW, GCIA, GCIH, GCSC, GBLC, GSAE (ISC)2 Information Security Certifications => CISSP, CSSLP, SSCP, CAPCM Information Systems Audit and Control Association (ISACA) Certifications => CISA, CISM, CGEIT ProfSoft Training’s Certified Internet Webmaster (CIW) Security Analyst => CIW Certified Wireless Security Professional (CWSP) The Security Certified Program (SCP) => SCNS, SCNO, SCNA

11 Chapter 3 Security Certification – Product Oriented
Symantec Certifications => CCSA, CCSE Cisco Certifications => CCSP, CCIE(Security) Wireless Network Service Set Identifier (SSID) Wire Equivalent Privacy Protocol (WEP) – Clear text during authentication process, phasing out Wi-Fi Protected Access (WPA) & Wi-Fi Protected Access 2 (WPA2) –using TKIP & support 802.1X (much better security) Public Key Infrastructure Technology : digital certificate CA in HK : Hong Kong Post Advantage – Low deployment cost Disadvantage – extend beyond the physical boundaries of the area they intend to cover => parking lot attack

12 Materials Note: (0) CIM3562_Intro Legal System(HK).ppt
(1) CIM3562_Ch01.ppt (2) CIM3562_Ch02.ppt (3) CIM3562_Ch03.ppt (up to slide 61 only) Tutorials Tutorial 1 Tutorial 2 Tutorial 3 Tutorial 4 (Case Studies)

Download ppt "41914F / 4A & 4B Laws, Investigations & Ethical Issues in Security (CIM3562) Test 1 Revision."

Similar presentations

Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.

Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.

PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.
Lesson 1. Course Outline E-Commerce and its types, Internet and WWW Basics, Internet standards and protocols, IP addressing, Data communication on internet,

Lesson 1. Course Outline E-Commerce and its types, Internet and WWW Basics, Internet standards and protocols, IP addressing, Data communication on internet,
Security and Personnel

Security and Personnel
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
“Today over 70% of attacks against a company’s network come at the ‘Application Layer’ not the Network or System layer.” - Gartner Is Your Web Application.

“Today over 70% of attacks against a company’s network come at the ‘Application Layer’ not the Network or System layer.” - Gartner Is Your Web Application.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Security Certification

Security Certification
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Software Security Course Course Outline 2-27-09. Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.

Software Security Course Course Outline Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Certification and Training Presented by Sam Jeyandran.

Certification and Training Presented by Sam Jeyandran.
OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Securing Information Systems

Securing Information Systems

Similar presentations

Ads by Google