Digital Security: Annotated Bibliography

Braden MacDonald

ISA 3100 Section W01

Current Topics in Digital Security

Completed on 10/21/14

Style used: MLA

By submitting this assignment, I affirm that all of the writing presented here is an original creation except where the work of others is set off as a quotation that has been properly cited or is a duly paraphrased passage that is properly cited.

Topic Number: 6

Topic: Good guys and bad guys (and bad things)

Definition & Summary: An online predator is a person who takes advantage of children and teenagers by using the anonymity of the internet to expose children to sexually explicit content, and seducing them into inappropriate relationships with the predator.

According to the U.S. Federal Bureau of Investigation, most predators dedicate a significant

amount of time to slowly defeat the suspicions of their target. Predators gain the trust of their target by giving them attention, sympathizing with the child’s problems, and talking about things that the target is interested in. Once the predator has gained the trust of their target, they gradually introduce them to sexually explicit content that in “successful” cases leads to inappropriate relations.
There are several warning signs that parents need to be aware of. The major signs of a child that is being targeted include spending long periods on time on-line, withdrawing from the family, phone calls to unknown long distance numbers, and abnormal behavior when you approach the child on their device. (FBI)
Personal Response: My parents were always very cautious of my online activity growing up. They monitored my computer use and strongly discouraged the use of social media until I was mature enough to handle the responsibility of owning such accounts. I have always been curious about computer and internet security, so I have always researched threats when they came about.
My main concern from the topic comes from my cousins. Most of my aunts and uncles don’t understand the technology they give their kids, and they don’t know what my cousins do online. Due to this I take time to consult my aunts and uncles on potential threats facing their children.
Links and Captions to Web Images: Online Predator Image - b.vimeocdn.com/ts/185/063/185063530_640.jpg
Links and Captions to Web Media: Online Predators PSA - www.youtube.com/watch?v=9waE2A-uIxQ

Topic Number: 19
Topic: The Wireless revolution: Wireless communications devices and their "issues"
Definition & Summary: Today we live in a wireless world, and while that means greater mobility, unsecured wireless connections make us more susceptible to threats.
There are two main types of wireless connectivity, Bluetooth and Wi-Fi. Bluetooth is a common form of wireless communication in which devices create a trusted connection with the use of keys that are kept in the devices memory. According to Tu Niem of the SANS Institute, if a hacker gets the necessary keys to connect to a Bluetooth device they can then obtain the data on that device. (Niem)
People use local area networks by connecting to a wireless router using Wi-Fi. If a wireless network is not properly configured with a firewall, all devices on that network are susceptible to security threats. People use LANs to connect to other LANs as well as for inner-network communication. A big threat facing an LAN according to Aaron Earle at Information Security Today is if a hacker gets access to a computer on an unsecured network. Once the hacker has access they can use a victim’s computer to attack other computers using malicious code. (Earle)
Personal Response: I am a huge fan of the wireless revolution. Almost every device I own has a wireless capability of some form. To me wireless security is important because that is how I connect to the internet. This topic is also pertinent to me because I connect to public networks often. It’s a dangerous gamble because of the level of knowledge that hackers have today.
When I connect to a public network I do my best not to go to websites that contain important information such as personal medical information, banking, or confidential files. I also try to limit my email use. While these safeguards are good, I also try to sit in a corner with my back to the wall to avoid eavesdropping and shoulder looking.
Links and Captions to Web Images: Unsecured wireless network - http://tinyurl.com/oompk7w
Links and Captions to Web Media: Why Connecting to Open Networks is Dangerous: http://tinyurl.com/nfm8jgj

Topic Number: 12
Topic: Web Browser Security
Definition & Summary: Web browser security is about the validity of the websites we visit online and how we can ensure that we are reaching the information we request.
NSS Labs suggests that users should be aware of socially engineered malware and phishing attacks that browsers can protect from when properly implemented. Hackers can implement harmful HTML documents into website that can phish for user information or implement a virus on a user’s computer that can harm the computer itself. NSS suggests using either Internet Explorer or Google Chrome to help protect users from such threats. The browsers have software implemented in them to help block any malicious software or phishing attempts that a user would encounter so that the user never has a chance of making a mistake. (Abrams)
To further protect from scams, users should look for a few things when they go to a website that they feel may be corrupt. According to Tielle Webb, there are four main steps that a user should look for when accessing a website. The first is the spelling of the URL, if the spelling is slightly off it’s a big sign that the user has found an invalid webpage. The second is to consider how the user got to the site, if the user used a link in an email from someone they don’t know they may want to leave that website. A user will also want to make sure they have a secure connection before entering any personal data. The user can check this by looking at the URL and making sure it starts out with https://. Finally look at the website itself, if the main page looks good but other pages look fraudulent, then you may have found a bad website. (Webb)
Personal Response: Browser security is a big issue to me because of the amount of time I spend online. I have a security mindset, so I am constantly looking for the common security signs on a website, and if I feel I have accessed an unsafe site I will immediately back out of that website. What browser security really means to me is making sure that non-tech savvy people don’t get themselves into trouble. My mom for instance is a teacher, and she needs teaching resources. Unfortunately hackers target teaching websites because most of the time those websites are run by teachers without much technical background. I find myself cleaning out my family’s PCs because my mother has gotten so many viruses from these teaching websites. I also have to take the time to teach my family members about the threats of web hoaxes, phishing attempts, and malware when they are surfing online.
Links and Captions to Web Images: Phishing - http://www.microsoft.com/global/security/PublishingImages/online-privacy/phishing_email_example.jpg
Links and Captions to Web Media: Browser security video - https://www.youtube.com/watch?v=2McnhLzmuxs

Topic Number: 1
Topic: Privacy and Personally Identifiable Information (PII)
Definition & Summary: Personally Identifiable Information is any data that is stored by an organization that can be tracked to a specific person. The privacy of that data and the level of security required depends on the level of damage it can cause if it is exploited.
According to the National Institute of Standards and Technology, PII needs to first be identified and then the organization needs to determine the level of security required. If a business keeps a list of customer’s social security numbers, a hacker can use that data to get other data about a person such as banking information, personal health data, and more. That data needs to be protected with upmost integrity. However, if a business keeps a record of how many red apples they sold in a month, but they don’t have any customer information stored, then that data can’t be tracked to a customer and doesn’t need to be protected as much as a social security number.
The level of impact caused by leaked data determines the level of privacy required of PII. That is one of the biggest challenges for organizations to determine, but it is also the most crucial. The levels of impact used to determine the level of privacy are low, moderate, and high. To determine what level the information needs to be at, organizations should consider the identifiability, quantity, sensitivity, and context of the information, as well as the organizational obligation to keep confidentiality. All of those factors impact customers because they have given up their data with the trust that the organization will safeguard the data and use the data responsibly. (McCallister)
Personal Response: Privacy means a lot to me. I think in today’s society it’s not so much if someone steals your information, it’s when they steal your information. I do what I can to protect my personal data, but I understand the importance of keeping up with where I put my data online and what data I give to people. If I don’t trust an organization, I don’t do business with them. If my identity were stolen because of an organization’s lack of care for protecting my data I would be very upset, and I would expect the organization to make immediate changes.
Links and Captions to Web Images: What is PII? - http://blog.scribesoft.com/wp-content/uploads/2013/09/personal_info.png
Links and Captions to Web Media: Introduction to Personal Identity - https://www.youtube.com/watch?v=7eu4LjTQv8o

References / Works Cited
Works Cited
Abrams, Randy.

"Evolutions in Browser Security." NSS Labs. N.p., 28 Oct. 2013. Web. 19 Oct. 2014. <https://www.nsslabs.com/reports/evolutions-browser-security>.

Earle, Aaron E. Wireless Security Handbook. Boca Raton, FL: Auerbach, 2006. Http://www.infosectoday.com/. Web. 19 Oct. 2014.

McCallister, Erika, Tim Grance, and Karen Scarfone. "Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)." NIST SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) (n.d.): n. pag. National Institute of Standards and Technology. Apr. 2010. Web. 19 Oct. 2014. <http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf>.

Niem, Tu C. "Bluetooth And Its Inherent Security Issues." Www.sans.org. N.p., n.d. Web. 19 Oct. 2014. <http%3A%2F%2Fwww.sans.org%2Freading-room%2Fwhitepapers%2Fwireless%2Fbluetooth-inherent-security-issues-945>.

"A Parent's Guide to Internet Security." FBI. FBI, 03 June 2005. Web. 16 Oct. 2014.

Webb, Tielle. "How to Test the Validity or Authenticity of a Website." Small Business. N.p., n.d. Web. 19 Oct. 2014.

.