visit us at www.wilber-learndev.com
Briefer:
visit us at www.wilber-learndev.com
In 2011, at least 2.3 billion people – equivalent to more than one-third of the world’s total population – had access to the Internet. Developed countries enjoy higher levels of internet access (70 percent) than developing countries (24 percent). However, the absolute number of internet users in developing countries already far outnumbers that in developed countries. Some 62 percent of all internet users were in developing countries in 2011. In both developed and developing countries, more younger people are online than older people. Some 45 percent of the world’s internet users are below the age of 25 years [i] – a demographic that also broadly corresponds with an age group often at special risk of criminal offending. [ii]
visit us at www.wilber-learndev.com
The Comprehensive Study on Cybercrime by the United Nations Office on Drugs and Crime (UNODC) [iii] highlights the persistent digital divide, emphasizing the discrepancies in internet access across the globe. By mapping global IP addresses, disparities become evident, with certain populated areas in developing countries experiencing limited internet connectivity. Notably, Southern and Eastern Asia, Central America, and Africa exhibit significant gaps in digital access. The report notes that as of mid-2012, over 341 million people in sub-Saharan Africa live beyond a 50km range of a terrestrial fiber-optic network.
visit us at www.wilber-learndev.com
The Broadband Commission for Digital Development, established by the International Telecommunication Union (ITU) and UNESCO, underscores the missed potential for economic and social benefits in regions lacking internet connectivity. The World Bank estimates that a 10 percent increase in broadband penetration could result in a 1.38 percent increase in GDP growth in low and middle-income countries. The report also highlights the higher impact of mobile broadband on GDP growth compared to fixed broadband, attributed to the reduction of inefficiencies. Beyond economic considerations, the study emphasizes the Internet’s role in providing access to essential services such as education, healthcare, and e-governance for remote populations. [iv]
visit us at www.wilber-learndev.com
The role of the private sector
visit us at www.wilber-learndev.com
The private sector plays a significant role in Internet infrastructure, owning and operating a substantial portion of it. Internet access involves various layers, including a ‘passive’ layer consisting of infrastructure like trenches, ducts, optical fiber, mobile base stations, and satellite hardware. An ‘active’ layer includes electronic equipment, and a ‘service’ layer comprises content services and applications. Major global Internet Service Providers (ISPs) like AT&T, NTT Communications, Sprint, Telefonica, and Verizon in foreign countries, and Globe Telecom, Inc., PLDT, Sky, Eastern Telecommunications Philippine, Inc. (ETPI), Converge ICT Solutions Inc., Infinivan, RISE, Edgecomm, Inc., We Are IT Philippines Inc. (WIT), PT&T, Textron, iXs, Radius Telecoms Inc., NexLogic and LaSalTech Inc., own or lease high-capacity fiber optic transport (the Internet backbone) and other core infrastructure such as switches and routers.
visit us at www.wilber-learndev.com
These ISPs interconnect bilaterally and at internet exchange points (IXPs), facilitating peering agreements for fast global connections. Peering agreements involve ISPs agreeing to carry each other’s traffic, enhancing connectivity for their clients. In addition to ISPs, mobile operators and local ISPs manage the ‘last kilometer’ network, consisting of radio cells and local cables, connecting servers to handheld and desktop devices. The private sector’s role is crucial in shaping the internet landscape. Annex Four of the study provides further details about internet infrastructure.
visit us at www.wilber-learndev.com
Computers work wonders to achieve the efficiency that both government and private industry seek. Many information systems in different countries make use of the computer to facilitate important social objectives, such as better law enforcement, faster delivery of public services, more efficient management of credit and insurance programs, improvement of telecommunications, and streamlining of financial activities. Used wisely, data stored in the computer could help good administration by making accurate and comprehensive information for those who have to frame policy and make key decisions. The benefits of the computer have revolutionized information technology. It developed the internet and introduced the concept of cyberspace and the information superhighway where the individual, armed only with his personal computer, may surf and search all kinds and classes of information from libraries and databases connected to the net. [v]
visit us at www.wilber-learndev.com
Privacy Defined
visit us at www.wilber-learndev.com
The essence of privacy is the right to be left alone. In context, the right to privacy means the right to be free from unwarranted exploitation of one’s person or from intrusion into one’s private activities in such a way as to cause humiliation to a person’s ordinary sensibilities. [vi]
visit us at www.wilber-learndev.com
Principles of Cryptography
visit us at www.wilber-learndev.com
We need to preserve records of everything that happens in our lives. In other words, information could be a valuable asset a bit like the other. Information must be safeguarded against cyber-attacks because it is a valuable asset. To be safe, information must be protected against illegal access (confidentiality), protected from unlawful change (integrity), and accessible only to authorized parties when needed (availability). [vii]
visit us at www.wilber-learndev.com
CIA TRIAD
visit us at www.wilber-learndev.com
visit us at www.wilber-learndev.com
Confidentiality
visit us at www.wilber-learndev.com
The most common feature of information security is confidentiality. We must safeguard our private information. An organization must protect itself against actions that jeopardize the confidentiality of its critical data. Confidentiality of data usually refers to it being known to only approve user data. Confidentiality is an important layer of data security. Control of confidential information is a major worry in the military. The operation of an organization necessitates the concealment of some information from others. It ensures that confidential information can be accessed only by an authorized person and should be reserved away from all those who are not authorized to access it. [viii]
visit us at www.wilber-learndev.com
Confidentiality ensures that sensitive information is kept private and only accessed by authorized individuals or entities. This protects against unauthorized disclosure of sensitive data, which can result in financial loss, reputational damage, or legal liability. [ix]
visit us at www.wilber-learndev.com
Integrity [x]
visit us at www.wilber-learndev.com
Integrity refers to the accuracy, trustworthiness, and original form of data, and it must be regularly updated by authorized individuals using permitted procedures. Integrity violations can result from various factors, including system disruptions and not necessarily malicious behavior. The protection of data integrity involves measures to prevent unauthorized access, accidental changes, and deliberate alterations.
visit us at www.wilber-learndev.com
Here, it emphasizes that data integrity is crucial in various sectors, especially in the financial industry, where transactions must be secure and trustworthy. These countermeasures include access control, strong authentication, hash checking, digital signatures, management controls, and training.
visit us at www.wilber-learndev.com
The analogy of sending a parcel illustrates the concept of integrity in data transmission. The data sent by the sender should reach the receiver accurately, completely, and reliably, without any alterations. The module concludes by highlighting the potential negative impact of compromised data integrity, such as transferring an employee’s salary to the wrong account due to corruption in the database. Overall, maintaining data integrity is essential for ensuring the reliability and trustworthiness of information in various systems and industries.
visit us at www.wilber-learndev.com
Hence, integrity ensures that data is accurate, complete, and unaltered. This is essential for maintaining trust in the information and making informed decisions. Without data integrity, organizations can face significant risks such as financial losses, operational disruptions, and legal liabilities. [xi]
visit us at www.wilber-learndev.com
Availability
visit us at www.wilber-learndev.com
Availability is the third crucial component of information security, ensuring that the information created and stored by an organization is accessible to authorized parties. Regular updates are necessary to maintain availability, allowing users to access data when needed. A lack of availability is as detrimental as a lack of secrecy or integrity. Users entering data into a system rely on availability to access that data promptly. The importance of availability is exemplified by the impact on a bank if consumers couldn’t access their accounts for transactions.
visit us at www.wilber-learndev.com
The level of availability required depends on the significance of the component or service. For example, a university’s public website might be considered a medium availability need, as its absence could be embarrassing but not critical to the overall information system. Availability assessments ensure that authorized users have consistent access to the system. Non-malicious threats, such as hardware failures, unplanned software downtime, and network challenges, can impact availability.
visit us at www.wilber-learndev.com
Malicious attacks, like Distributed Denial of Service (DoS) attacks, pose a considerable threat to availability. DoS attacks involve overwhelming a server with unnecessary requests, disrupting service for legitimate users. Defenses against such attacks have evolved, but hackers continually adapt. System availability is crucial for businesses, as disruptions can lead to lost revenue, customer complaints, and damage to reputation. To safeguard availability, organizations employ measures like redundant systems, backup servers, and data repositories in separate locations. Monitoring tools, firewalls, and routers play vital roles in preventing and mitigating availability challenges. The economic impact of service outages emphasizes the importance of maintaining high availability, especially for systems supporting essential functions and services.
visit us at www.wilber-learndev.com
Availability ensures that information is accessible and usable when needed. This is important for maintaining business continuity and ensuring that critical systems and data are available during emergencies or crises. Without availability, organizations can experience significant disruptions to their operations and lose access to critical data and systems. [xii]
visit us at www.wilber-learndev.com
Computer Security and Cybersecurity
visit us at www.wilber-learndev.com
Computer Security means reducing risks to an acceptable residual level for computer systems running specific operating systems, by conferring Confidentiality, Integrity, and Availability (CIA) properties to a required level.
visit us at www.wilber-learndev.com
Network Security similarly means providing the means to confer these Confidentiality, Integrity, and Availability (CIA) properties on the transmission of data between network hosts and the centralized services that enable networks to perform their functions. Network security includes firewalls, intrusion detection and prevention systems, virtual private networks (VPNs), authentication, and authorization protocols.
visit us at www.wilber-learndev.com
The distinction between Hypertext Transfer Protocol (HTTP) and Hypertext Transfer Protocol Secure (HTTPS) illustrates a classic example of Computer and Network Security:
visit us at www.wilber-learndev.com
HTTP traffic lacks confidentiality between the client and server, making it susceptible to interception and reading by any intermediate hosts operating promiscuously.
visit us at www.wilber-learndev.com
In contrast, HTTPS employs public key cryptography, establishing a transparent layer of confidentiality. While intermediate hosts can intercept the traffic, they are unable to interpret the data unless the cryptographic keys are compromised. This highlights the enhanced security provided by HTTPS in protecting the confidentiality of transmitted information compared to the less secure nature of HTTP.
visit us at www.wilber-learndev.com
Cybersecurity has a much broader meaning than just computer and network security, though the core principles behind computer and network security are still the main goals, the context is much wider and typically relates to threats posed to critical infrastructure and also critical technologies.
visit us at www.wilber-learndev.com
Cybersecurity extends beyond the scope of computer and network security, encompassing a broader context that addresses threats to critical infrastructure and technologies. While the fundamental principles of computer and network security remain central, the focus widens to include vital systems, networks, and assets crucial for the security, economy, public health, and safety of a nation. Critical infrastructure spans diverse sectors like power grids, water treatment plants, transportation systems, communication networks, financial institutions, and government buildings. Frameworks such as the NIST Cybersecurity Framework, ISO27001, the Essential Eight, and various reference-based approaches are employed to ensure cybersecurity and safeguard against potential threats to these essential elements of a nation’s well-being.
visit us at www.wilber-learndev.com
Non-repudiation
visit us at www.wilber-learndev.com
To repudiate means to deny or contest something. Therefore, non-repudiation must be the ability to ensure that someone cannot deny or contest that thing. This is usually seen in electronic communications where one side denies seeing or signing a contract or paper or cannot be confirmed as the recipient. Non-repudiation means putting measures in place that will prevent one party from denying they received or agreed to a transaction.
visit us at www.wilber-learndev.com
Access Control
visit us at www.wilber-learndev.com
Authentication and authorization are the keys to access control. In terms of security, access management is vital. [xiii]. It is “the process of approving or rejecting various requests.” The following components are considered for this procedure:
visit us at www.wilber-learndev.com
visit us at www.wilber-learndev.com
Access Control (ISO/IEC 27,000, 2009) refers to the process of allowing and controlling access to assets based on business and security requirements. The practice of monitoring and regulating who has access to what systems, information, or data is known as access control. In almost all cases, access must be restricted to people or computers who have been given authorization. To manage access based on rights, it generally follows the phases of identification, authentication, and authorization. By providing a log, for example, a better accountability method can achieve an entity’s responsibility for its activities (Foley et al. 2011).
visit us at www.wilber-learndev.com
Identification
visit us at www.wilber-learndev.com
The procedure is recognizing or acknowledging a person or system. An identity will be checked during the identification procedure, which may or may not be true. A public piece of information, such as a username or an identification number, is usually provided by the subject. [xiv]
visit us at www.wilber-learndev.com
Authentication
visit us at www.wilber-learndev.com
Authentication is the process of verifying that a user’s identity is genuine. Most systems require a user to be authenticated prior to granting access to the system. [xv]
visit us at www.wilber-learndev.com
User authentication is a process that involves verifying the identity of an individual accessing a system. This verification is typically achieved by the user providing certain credentials. The user can input a password, insert a smart card, enter a personal identification number (PIN), present a biometric (such as a fingerprint, voice pattern sample, or retinal scan), or a combination of these elements to validate their claimed identity.
visit us at www.wilber-learndev.com
The provided credentials are then compared to previously associated information for that user. This matching process can occur within the system being accessed or through a trusted external source. If the credentials match the stored data, the system authenticates the user’s identity and grants access. This multi-step authentication process enhances security by ensuring that only authorized individuals can gain entry to the system.
visit us at www.wilber-learndev.com
Authentication is defined by the International Organization for Standardization (ISO) as “providing assurance that a claimed attribute of an object is actual” (ISO/IEC 27,000, 2009).
visit us at www.wilber-learndev.com
In the realm of information security, a user’s identity is commonly established through a username (public) and a password (private information). The username serves as a claim to identity, while the password is compared to a pre-stored user password to validate the user’s identity. Authentication occurs when the provided username and password match the stored data.
visit us at www.wilber-learndev.com
Additionally, identification and authentication can also be achieved through biometric information, like fingerprints, or electronic technologies such as RFID tokens or smart cards. These methods vary in terms of effort, dependability, and security. Employing a combination of measures, known as multifactor authentication, can enhance security and mitigate the risk of identity theft. For instance, if an RFID tag is used alongside a username and password, it reduces the likelihood of unauthorized access and identity theft.
visit us at www.wilber-learndev.com
The three general features (i.e., components) utilized to authenticate identification are as follows. [xvi]
visit us at www.wilber-learndev.com
- Something the user owns or possesses (for example, a token or smart card)
- Something the customer recognizes (a phrase or a PIN)
- Something to which the user alone has access (e.g., biometric identification). [xvii]
visit us at www.wilber-learndev.com
Authorization
visit us at www.wilber-learndev.com
It is the process of determining and approving authorized users’ access permissions. It also describes what data and actions a properly identified and authenticated person or machine is permitted to access and perform.
Sources:
visit us at www.wilber-learndev.com
[i] International Telecommunication Union, 2012. Measuring the Information Society, and World Telecommunication/ICT Indicators Database. See also Moore, R., Guntupalli, N.T., and Lee, T., 2010. Parental regulation and online activities: Examining factors that influence a youth’s potential to become a victim of online harassment. International Journal of Cyber Criminology, 4(1&2):685–698.
[ii] European Commission, 2012. Special Eurobarometer 390: Cyber Security Report. See also Fawn, T. and Paternoster, R., 2011. Cybercrime Victimization: An examination of individual and situational level factors. International Journal of Cyber Criminology, 5(1):773-793, 782.
[iii] Title: Comprehensive Study on Cybercrime Authors: United Nations Office on Drugs and Crime (UNODC) Publication Date: February 13, 2013 URL: https://www.unodc.org/documents/organized-crime/UNODC_CCPCJ_EG.4_2013/CYBERCRIME_STUDY_210213.pdf
[iv] Citation: Comprehensive Study on Cybercrime by UNODC
[v] Ople v. Torres, G.R. No. 127685 July 23, 1998
[vi] G.R. No. 157870, 158633 and 161658, November 3, 2008;
[vii] Failed 2019; Hambouz et al. 2019
[viii] Saxena, S., & Pradhan, A. K. (2022). Internet of Things: Security and Privacy in Cyberspace. Transactions on Computer Systems and Networks. ISBN 978-981-19-1584-0 (Print), ISBN 978-981-19-1585-7 (eBook). DOI: https://doi.org/10.1007/978-981-19-1585-7
[ix] Watters, P. A. (2024). Title of the Work. Routledge | Taylor & Francis Group. ISBN: 1032524499, 9781032524498, 1032524510, 9781032524511, 1003406734, 9781003406730.
[x] Internet of Things: Security and Privacy in Cyberspace by Saxena, S., & Pradhan, A. K., DOI: https://doi.org/10.1007/978-981-19-1585-7
[xi] Watters, P. A. (2024). Title of the Work. Routledge | Taylor & Francis Group. ISBN: 1032524499, 9781032524498, 1032524510, 9781032524511, 1003406734, 9781003406730.
[xii] Watters, P. A. (2024). Title of the Work. Routledge | Taylor & Francis Group. ISBN: 1032524499, 9781032524498, 1032524510, 9781032524511, 1003406734, 9781003406730.
[xiii] (Bauer et al. 2005)
[xiv] Internet of Things: Security and Privacy in Cyberspace by Saxena, S., & Pradhan, A. K., DOI: https://doi.org/10.1007/978-981-19-1585-7
[xv] Saxena et al. 2014
[xvi] Yuan et al. 2002
[xvii] Crowe et al. 2004
visit us at www.wilber-learndev.com
— END OF LESSON 4 —
visit us at www.wilber-learndev.com