Tuesday, May 20, 2014

Cyber weapon system

If you are wondering, what the cyber weapon is, you should read Cyber Weapon Target Analysis. The book contains the best definition of cyber weapon. It also presents new models about cyber-target, cyber attack and cyber targeting.

Monday, January 20, 2014

Warning about www.eyeofender.com aka archergames

Here is a real life warning about buing virtual producs (for example Minecraft servers).

I bought an expensive license for my son to www.eyeofender.com/ (archergames). Purchase was made with PayPal, which I still trust at this point of case.

Just in two days, the eyeofender banned my son's account based on false accusition made by an other player. No warning and life time lisence was lost.

However, the admin offered my son a change to buy license again. I don't know much about Minecraft, but I do know a lot about blackmail and scam sites. So it was obvious, not to loose any more money. There were no quarantee about getting the ban again even in same day and more money would be lost.

Same day I contacted sites customer support email (enayet123@eyeofender.com) and two days later, without getting an answer. After that I made a claim through PayPal and now I'm waiting and hoping to get my money back.

---

I have been a PayPal customer over seven years without problems this far. I have also bought many Minecraft licenses on different servers before this, without problems. After 10 years online shopping, this is the first warning I write.

If there is no trust in online shopping, it will be in problem immediately. Buyer on the other side of the World cannot really know, if the seller can be trusted. The trust can be brought by third parties like PayPal, Visa etc. With this, buyer does not have to trust on seller, it is enough, that there is trust on PayPal.

So I'm pretty sure, that if I cannot solve this case, PayPal can.

Sunday, November 11, 2012

Approaches to corporate security

Wikipedia divides corporate security to 12 elements:

Core Elements [of corporate security]

Core elements of Corporate Security are:

  • Personal Security
  • Physical Security
  • Information Security
  • Corporate Governance
  • Compliance and Ethics Programs
  • Crime Prevention and Detection
  • Fraud deterrence
  • Investigations
  • Risk Management
  • Business continuity planning
  • Crisis management
  • Environment, Safety and Health


I have seen similar categories with other references. The problem with this kind of approach is, that for example, risk and crisis management are cross sectional elements.

Perhaps more conclusive solution would be to define elements from structural or process approach.

In structural approach elements might be 1) personal security, 2) property security and 3) information security.

With process approach, you could divide elements to 1) production security, 2) sales security) and 3) support security.

And with threat approach you could use 1) crime and 2) fraud security.

Solution approach could be 1) risk management, 2) crisis management, 3) insurance politics, 4) information protection, 5) personnel protection and 6) property protection.

Thursday, November 8, 2012

Cyber space of cyber environment

International Telecommunication Union (ITU) refers to cyber environment, when it defines cybersecurity, but it does not provide a definition for cyber environment. Cyber environment does not seem to be as used as Cyber space, which has more definitions.

Some online encyclopedias define cyber space as a virtual place for communication.

Cyberspace is the electronic medium of computer networks, in which online communication takes place. Wikipedia, http://en.wikipedia.org/wiki/Cyberspace
Cyberspace is the `place` where a telephone conversation appears to occur. Principia Cybernetica, http://pcp.lanl.gov/cybspace.html
A metaphor for describing the non-physical terrain created by computer systems. Online systems, for example, create a cyberspace within which people can communicate with one another (via e-mail), do research, or simply window shop.... Webopedia, http://www.webopedia.com/TERM/C/cyberspace.html
Cyberspace is a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures. In effect, cyberspace can be thought of as the interconnection of human beings through computers and telecommunication, without regard to physical geography. http://searchsoa.techtarget.com/definition/cyberspace

USA government and SearchSOA.com define cyberspace slightly wider:

What is cyberspace?
National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/HSPD­
23) defines cyberspace as the interdependent network of information technology infrastructures, and includes  the Internet, telecommunications networks, computer systems, and embedded processors and controllers in 
critical industries. Common usage of the term also refers to the virtual environment of information and interactions between people. http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf
Cyberspace is a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures. In effect, cyberspace can be thought of as the interconnection of human beings through computers and telecommunication, without regard to physical geography. http://searchsoa.techtarget.com/definition/cyberspace 

 I would like to expand the concept wider than just interaction between human beings. For example, I would like to include the electricity infrastructure, stock exchange robots, online bot services under the definition of  cyber space.

Cyber space of cyber environment
I don't see a big difference between them. However I find space more wider and more suitable concept than just the environment.

Wednesday, November 7, 2012

Defining cybersecurity


Before we can discuss about any subject with shared understanding, we must have a common and shared definition for the concept. At these days cybersecurity is new and hot word at the field of information security. And, as usual, cybersecurity has several definitions. It is also used in daily discussion without exact definition.

International telecommunication union (ITU) has defined cybersecurity (referring to ITU-T X.1205):

Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets. Organization and user’s assets include connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment. Cybersecurity strives to ensure the attainment and maintenance of the security properties of the organization and user’s assets against relevant security risks in the cyber environment. The general security objectives comprise the following:
  • Availability 
  • Integrity, which may include authenticity and non-repudiation 
  • Confidentiality 

Reference: http://www.itu.int/en/ITU-T/studygroups/com17/Pages/cybersecurity.aspx

Online encylopedia WhatIs.com defines cybersecurity:

Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, the term security implies cybersecurity. [...]

Ensuring cybersecurity requires coordinated efforts throughout an information system. Elements of cybersecurity include:
  • Application security 
  • Information security 
  • Network security 
  • Disaster recovery / business continuity planning 
  • End-user education. 

http://whatis.techtarget.com/definition/cybersecurity


ITU sees cyber environment as a key element for the definition of cybersecurity, but WhatIs.com concentrates on tools and measures of cybersecurity. The concept of cybersecurity is divided on application, information, network, recovery and education.

Conclusion
Before we can define cybersecurity, we must define cyber environment (aka cyber spce). Cybersecurity definition must include the framework, threats, measures and objectives.