Professional Documents
Culture Documents
Its a dangerous world out there in the World Wide Web. Just as your mother may have told
you to never talk to strangers, the same advice holds true for the virtual world. You may
know to be wary of giving strangers your business bank account details. But can you be sure
the website youre logging into is that of your bank and not a forgery created by a
cybercriminal?Cybercriminals use many different methods to lure you into parting with your
confidential personal or business information. As a small company doing business on the
web, you need to be aware of these methods so you can be extra vigilant when online.
Heres a quick explanation of some of the common security threats you may come across:
Malware: Malware is short for malicious software. Wikipedia describes malware as a term
used to mean a variety of forms of hostile, intrusive, or annoying software or program
code. Malware could be computer viruses, worms, Trojan horses, dishonest spyware, and
malicious rootkitsall of which are defined below.
Computer virus: A computer virus is a small piece of software that can spread from one
infected computer to another. The virus could corrupt, steal, or delete data on your
computereven erasing everything on your hard drive. A virus could also use other
programs like your email program to spread itself to other computers.
Rogue security software: Have you ever seen a pop-up window that advertises a security
update or alert? It appears legitimate and asks you to click on a link to install the update or
remove unwanted malicious software that it has apparently detected. This could be rogue
security software designed to lure people into clicking and downloading malicious software.
Microsoft has a useful webpage that describes rogue security software and how you can
protect yourself.
Trojan horse: Users can infect their computers with Trojan horse software simply by
downloading an application they thought was legitimate but was in fact malicious. Once
inside your computer, a Trojan horse can do anything from record your passwords by logging
keystrokes (known as a keystroke logger) to hijacking your webcam to watch and record your
every move.
In February 2010, a Guardian Analytics and Ponemon Institute study of 500 small businesses
in the U.S. found that 55 percent of respondents experienced a fraud attack in the last 12
months. The study reports that [w]ell-funded cyber criminals executed a full-scale assault
on authentication, leveraging widespread infection of end-user computers with banking
Trojans to sneak into online banking accounts completely undetected.
Malicious spyware: Malicious spyware is used to describe the Trojan application that was
created by cybercriminals to spy on their victims. An example would be keylogger software
that records a victims every keystroke on his or her keyboard. The recorded information is
periodically sent back to the originating cybercriminal over the Internet. Keylogging software
is widely available and is marketed to parents or businesses that want to monitor their kids or
employees Internet usage.
Computer worm: A computer worm is a software program that can copy itself from one
computer to another, without human interaction. Worms can replicate in great volume and
with great speed. For example, a worm can send copies of itself to every contact in your
email address book and then send itself to all the contacts in your contacts address books.
Because of their speed of infection, worms often gain notoriety overnight infecting computers
across the globe as quickly as victims around the world switch them on and open their email.
This happened with the Conficker worm (also known as Downadup), which, in just four days,
had more than tripled the number of computers it infected to 8.9 million.
Botnet: A botnet is a group of computers connected to the Internet that have been
compromised by a hacker using a computer virus or Trojan horse. An individual computer in
the group is known as a zombie computer.
The botnet is under the command of a bot herder or a bot master, usually to perform
nefarious activities. This could include distributing spam to the email contact addresses on
each zombie computer, for example. If the botnet is sufficiently big in number, it could be
used to access a targeted website simultaneously in whats known as a denial-of-service
(DoS) attack. The goal of a DoS attack is to bring down a web server by overloading it with
access requests. Popular websites such as Google and Twitter have been victims of DoS
attacks.
Spam: Spam in the security context is primarily used to describe email spam unwanted
messages in your email inbox. Spam, or electronic junk mail, is a nuisance as it can clutter
your mailbox as well as potentially take up space on your mail server. Unwanted junk mail
advertising items you dont care for is harmless, relatively speaking. However, spam
messages can contain links that when clicked on could go to a website that installs malicious
software onto your computer.
Rootkit: According to TechTarget, a rootkit is a collection of tools that are used to obtain
administrator-level access to a computer or a network of computers. A rootkit could be
installed on your computer by a cybercriminal exploiting a vulnerability or security hole in a
legitimate application on your PC and may contain spyware that monitors and records
keystrokes.
Rootkits gained notoriety when, in 2005, a security blogger discovered that a copy-protection
tool inside music CDs from Sony BMG Music Entertainment was secretly installing a rootkit
when users copied the CD onto their computers. At the time, security expert Bruce Schneier
warned that the rootkit could allow a hacker to gain and maintain access to your system and
you wouldnt know it.
Cryptography
Cryptography,[1] or cryptology, is the practice and study of hiding information. It is
sometimes called code, but this is not really a correct name. It is the science used to try to
keep information secret and safe. Modern cryptography is a mix of mathematics, computer
science, and electrical engineering. Cryptography is used in ATM (bank) cards, computer
passwords, and shopping on the internet.
When a message is sent using cryptography, it is changed (or encrypted) before it is sent. The
method of changing text is called a "code" or, more precisely, a "cipher". The changed text is
called "ciphertext". The change makes the message hard to read. Someone who wants to read
it must change it back (or decrypt it). How to change it back is a secret. Both the person that
sends the message and the one that gets it should know the secret way to change it, but other
people should not be able to. Studying the cyphertext to discover the secret is called
"cryptanalysis" or "cracking" or sometimes "code breaking".[2][3]
Different types of cryptography can be easier or harder to use and can hide the secret message
better or worse. Ciphers use a "key" which is a secret that hides the secret messages. The
cryptographic method needn't be secret. Various people can use the same method but
different keys, so they cannot read each other's messages. Since the Caesar cipher has only as
many keys as the number of letters in the alphabet, it is easily cracked by trying all the keys.
Ciphers that allow billions of keys are cracked by more complex methods.
Symmetric
In symmetric cryptography, both the sender and receiver share the key. The sender uses the
key in a certain way to hide the message. Then, the receiver will use the same key in the
opposite way to reveal the message. Most types of cryptography are symmetric. Advanced
Encryption Standard is a widely used one.
Asymmetric
Asymmetric cryptography is harder to use. Each person who wants to use asymmetric
cryptography uses a secret key number, and a different number, a "public key" that they can
tell everyone. If someone else wants to send this person a message, they'll use the number
they've been told to hide the message. Now the message cannot be revealed, even by the
sender, but the receiver can easily reveal the message with his secret or "private key". This
way, nobody else needs to know the secret key.
The details of asymmetric cryptography make it less useful than symmetric cryptography for
actually sending messages[source?]. Instead, it is often used for computer signatures, when a
computer must know that a file was sent from a certain sender. For example, computer
software companies that release updates for their software can sign those updates to prove
that the update was made by them, so that hackers cannot make their own updates that would
cause harm. Computers can also use asymmetric ciphers to give each other the keys for
symmetric ciphers.
Computers
Computers can calculate quickly. They can do very strong encryption, and most 21st century
cryptography uses them. Examples are computer algorithms like RSA, AES, and there are
many others. Using good algorithms like these can make it very hard to read the information
that is sent.
People
Because people are slower than computers, any cryptography they use can probably be
broken if enough of the secret way to change it is known.
Simple forms of cryptography that people can do without machines are Caesar ciphers and
transposition ciphers, but many other kinds were used before computers were used. [4]
It's important that you think broadly when considering types of risks for your business, rather
than just looking at obvious concerns (e.g. fire, theft, market competition).
when, where, why and how are risks likely to happen in your business?
are the risks internal or external?
who might be involved or affected if an incident happens?
1. Identify risks
What are your risks and how likely are they to occur? Some will cause major disruption while
others will be a minor irritation. You must make an educated assessment of both the
likelihood and potential severity of each risk to prioritise your planning efforts.
Use our Emergency Contingency Planner to make sure you cover all bases.
During day to day operations, any number of risks can pop up in a business so it is important
to know how to identify any potential risks before they escalate. This will help you develop
realistic and effective strategies for dealing with risks if they occur.
Essential Information
Application developers design and create software for computers, mobile devices and the
Web. Undergraduate degrees in this field include the Associate of Applied Science in
Application Development and the Bachelor of Science in Information Technology.
Application for the Certificate in Web Application Development requires that the student
have experience in creating web content and programming. A bachelor's degree in a relevant
area is preferred. Students learn the coding needed for developing many types of applications,
including those for mobile devices.
Web programming
Microcomputer applications
Linux configuration
Windows configuration
Web server administration
Visual software
Software testing
Systems design
Human-computer interaction
User interface design
Database management
Web programming
Web technology
Animation programming
Human-computer interfaces
Web application programming and scripting
Mobile application development
Web services and security
Database programmer
Software developer
Application developer
Web developer
Web administrator
A bachelor's degree is the minimum degree level for many software development positions.
Graduates may be prepared for careers in customer support, information and technology,
programming and website development. Possible job titles include:
Degrees in application development can be pursued at the associate's and bachelor's level;
certificates in web development are also available at the graduate level. These programs
prepare students for work developing and managing software on a variety of platforms,
including web, mobile applications and network systems.
The capability of the Internet to support these applications depends on whether the relevant
technical needs are met and whether the operational aspects of the systems involved are
understood and manageable. As with any information technology system, the technical
requirements depend heavily on the specific characteristics of the individual systemsthe
number of anticipated users, degree of real-time interaction desired, number of simultaneous
sessions that must be supported, and so on.
Consumer Health
Consumer health is one of the areas that could be most dramatically reshaped by the Internet.
Consumer health refers to a set of activities aimed at giving consumers a more pronounced
role in their own health and health care, ranging from the development of tools for self-
assessment of health risks and management of chronic diseases, to home-based monitoring of
health status and delivery of care. This area is similar to public health (discussed later in this
chapter) in that it aims to provide consumers with the information and tools needed to
improve their health, but it is less concerned with the detection of regional outbreaks of
disease and is not part of government-based reporting structures. The Internet could become a
significant enabler of consumer health initiatives in that it provides an increasingly accessible
communications channel for a growing segment of the population. Moreover, in comparison
to televisionalso a widely available medium for reaching consumersthe Internet offers
greater interactivity and better tailoring of information to individual needs. These capabilities
may lead to significant changes in consumer behavior (e.g., cessation of smoking, changes in
diet) that could greatly improve health.
Bandwidth and availability are not issues in the near term because most messages currently
consist of text only and are not used for time-critical communications. The most pressing
technical issue is security. Most e-mail exchanges between patient and provider involve
discussions of personal health information, which must be suitably protected from breaches
of confidentiality and, to a lesser extent, alteration. Most e-mail is not encrypted during either
transmission or storage, and its point of origin is not authenticated. It is therefore much easier
to forge an e-mail message than a clinician's note or telephone call.
Like e-mail used for clinical purposes, Web-based medical records require considerable
attention to security to minimize the risks of inappropriate disclosure. Personal medical
records must be protected against inappropriate disclosure, both to outsiders who attempt to
break into the system and to those who operate and maintain the Web sites. Most existing
services use SSL encryption to protect data communications between users and the host Web
site and a combination of user names and passwords (transmitted securely over the Internet)
to authenticate end users.
Bandwidth ++
Consumer health applications vary considerably in the bandwidth they demand. The retrieval
of information from health-related Web sites demands little bandwidth on the consumer end,
but the potentially large volume of requests made of any particular site could drive up the
aggregate bandwidth requirement on the information provider's side. Access to patient health
records could demand somewhat greater bandwidth than is typically available today or
significantly greater if records include enhanced content, such as medical images or
videotapes of telemedicine consultations.
Latency +
In general, applications that support consumer health do not require the instantaneous
delivery of information, so the latency requirements of the Internet are not great. In some
patient-monitoring applications, timeliness is a concern, but delays of a few seconds would
not threaten a patient's well-being. Latency could become more of an issue if online medical
records became the norm and care provider organizations needed timely access to them for
purposes of treating patients. In many instances, however, records could be uploaded from
remote sites in advance of scheduled appointments, and latency would be a significant issue
only in emergency situations.
Availability ++
The need for network availability differs significantly among consumer health applications.
The Internet is already sufficiently available for the distribution of health information to
consumers and for exchanges of e-mail between patients and providers. Somewhat greater
availability would be needed for remote monitoring and remote control operations, although
most home monitoring devices and medical equipment could be designed to buffer enough
data to overcome short lapses of connectivity. Home monitoring and control will not become
commonplace, however, until providers (and consumers) of such services receive guarantees
that lengthy network outages will occur very infrequently.
Remote Consultation
Remote medical consultation has long been pursued as a means of overcoming the unequal
distribution of clinical expertise. It is a method of offering expert consultations to patients in
remote rural areas, for example, or underserved urban areas or prisons. Even where clinical
expertise is available, but inconvenient for either the patient or the provider, remote medical
consultations may be a cost-effective alternative to staffing multiple clinics with
subspecialists. Remote consultations may also be useful to specialized service organizations
that attempt to establish economies of scale for particular types of clinical service, such as the
interpretation of radiological images (e.g., CT and magnetic resonance images), while also
developing more effective bargaining units for health care contracting. These organizations,
which are becoming more numerous, can benefit insofar as their reach is extended beyond
their immediate geographical area, allowing them to serve a broader pool of consumers.
Account Management
In banking, activities start with banks automating customer accounts, which allows personnel
to create, update and maintain customer records. Banking hardware and software have
enhanced the accuracy of accounts that tellers and other banking personnel process. Banking
software performs customer transactions through a centralized data record system. Account
management is the genesis and backbone of all banking information systems.
Hardware Technology
In the 1960s, bank hardware consisted of a mainframe and a punch card machine. Punch
cards contained customer account information and were read into the main system by a punch
card machine. Midrange and client/server hardware configurations, which are no larger than a
minitower system, can run an entire bank in addition to receiving transactions from affiliated
bank branches. These new hardware technologies can process more transactions than legacy
banking hardware systems. Hardware technologies have enabled advances into wireless
banking and telecommunications banking.
Electronic Transactions
Banking systems must perform electronic transactions. Direct deposit is an example of an
electronic transaction. Computers processing electronic transactions must have hardware and
software encryption capabilities to keep data from being compromised during a transmission.
After the computer performs electronic transmissions, it transfer the information to the main
computer system for processing and updating. Banks have extended electronic transaction
capabilities through landline and cell phones, the Internet and ATMs.
Web-based Banking
Web-based banking systems use a dedicated server through a bank network system. An area
of the banking system is partitioned for Internet applications. Web-based banking systems by
law must include secure servers and authenticated certificates regarding transactions from the
Federal Deposit Insurance Company and the Federal Reserve Board. Customers who choose
to bank online can access their account through a web interface, which integrates with the
main computer. A customer's credentials -- user ID and password -- pass through several
checkpoints before entering the main system to perform a web-based transaction.
There are many challenges in implementing E governance model in India as well as at global
scale. The actual challenge is how to develop and withstand successful e-governance projects
and deliver state of the art e-services to inhabitants. Unfortunately, it is not as easy to develop
e governance website in service delivery mechanism. Efficacious e-governance initiatives can
never be taken in hurriedness. With reference to India, e-Governance should enable seamless
access to information and seamless flow of information across the state and central
government.
1. Spoofing: In this practice, the attacker attempts to gain the access of the E-
Governance system by using fallacious identity either by stealth or by using false IP
address. Once the access is gained, the assailant abuses the E-Governance system by
elevation of the privileges.
2. Tampering of E-Governance system: As soon as the system is compromised and
privileges are raised, the classified information of the E-Governance mechanism
becomes very much susceptible to illegal adjustments.
3. Repudiation: Even the attacker can mount refutation attack during the E-Governance
transaction, which is the ability of the user to reject its performed transaction.
4. Disclosure of E-Governance Information: In case of the compromised E-Governance
system, the undesirable information disclosure can take place very easily.
5. Denial of Service: In this technique, attacker can perform Denial of Service (DoS)
attack by flooding the E-Governance server with request to consume all of its
resources so as to crash down the mechanism.
6. Elevation of privilege: Once an E-Governance system is compromised; the attacker
pretending to be a low profile user attempts to escalate to the high profiles so as to
access its privileges to initiate further damage to the system.
7. Cyber Crimes: Advancement of science and technology increase the rate of the
cybercrime. It is a threat to the transactions accomplished between the Government
and its Citizenry within the E-Governance methodology.
So niche networking sites are specialized groups of social networking sites. There are niche
networking sites for people who want to learn a language and niche networking sites for
people who want to control their finances. There are niche networking sites on all sorts of
topics. You can probably find a niche networking site on just about anything.
A good example of a niche networking site would be Athlete Focus. This is a niche
networking site just for athletes that are into action type sports. Another example of a niche
networking site is 43Things which is a niche networking site set up for people who have
goals they want to accomplish.
The "older" crowd has a lot to offer, and I recommend they get out and do just that.
Join a few social networking sites, find old friends, meet new ones. Offer up help where you
can. Maybe even create your own social networking site.
Governance can be defined as "whose hands are on the helm and how did they get there?" We
used to know whose hands were on the helm and we knew the process of how they got there.
To continue with the metaphor, we also had a pretty good idea of where the corporate and
national ship of state was heading and which maps were being used. Today there are multiple
hands on the helm, we are often bewildered as to how they got there and as to the maps, route
and direction of travel there is concern and bewilderment by citizens, elected officials and
public and private bureaucrats alike.
Broadly speaking our bewilderment is a result of the rapid move from an industrial to an
information-based economy. The maps and ways of behaving in an industrial, largely nation-
based economy no longer serve us well in a networked, largely global economy. Public and
private governance structures from an era of smokestacks and railways must be modified in
the new era of electronics and digital networks. We need new mental maps and shared
understandings of where we are. Only then can we evolve a system of governance that will
allow us to optimize the outcomes for all citizens in the new networked economy.