SECURITY IN COMPUTING FIETH EDITION Chapter 12: Emerging Topics 授课教师:高海波 可南中医药大学 信息管理与信息系统教研室 From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
SECURITY IN COMPUTING, FIFTH EDITION Chapter 12: Emerging Topics From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 1 授课教师:高海波 河南中医药大学 信息管理与信息系统教研室
2 Chapter 12 Objectives Define the Internet of Things and discuss associated emerging security issues Discuss nascent efforts to financially measure cybersecurity to make sound investment decisions Explore the evolving field of electronic voting, which has been an important and open security research problem for over a decade Study potential examples of cyber warfare and their policy implications From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Chapter 12 Objectives • Define the Internet of Things and discuss associated emerging security issues • Discuss nascent efforts to financially measure cybersecurity to make sound investment decisions • Explore the evolving field of electronic voting, which has been an important and open security research problem for over a decade • Study potential examples of cyber warfare and their policy implications 2
3 The Internet of Things(loT lo T refers to the connection of everyday devices to the Internet, making a world of so-called smart devices Examples Smart appliances, such as refrigerators and dishwashers Smart home such as thermostats and alarm systems Smart health such as fitness monitors and insulin pumps Smart transportation such as driverless cars Smart entertainment. such as video recorders Potential downsides Loss of privacy Loss of control of data Potential for subversion Mistaken identification Uncontrolled access From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. The Internet of Things (IoT) • IoT refers to the connection of everyday devices to the Internet, making a world of so-called smart devices • Examples: • Smart appliances, such as refrigerators and dishwashers • Smart home, such as thermostats and alarm systems • Smart health, such as fitness monitors and insulin pumps • Smart transportation, such as driverless cars • Smart entertainment, such as video recorders • Potential downsides: • Loss of privacy • Loss of control of data • Potential for subversion • Mistaken identification • Uncontrolled access 3
Smartphones Smartphones are the control hub of the lot In 2013, Kaspersky Labs identified 143, 211 distinct new forms of malware against mobile devices 98% targeted Android devices, far in excess of its market share Android, unlike its competitors does not limit the software users are allowed to install and is thus an easier target Apple, in contrast, only allows apps from its app store to be installed on its smartphones All apps go through an approval process, which includes some security review Once approved, apps are signed, using a certificate approach similar to that described in Chapter 2 From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Smartphones • Smartphones are the control hub of the IoT • In 2013, Kaspersky Labs identified 143,211 distinct new forms of malware against mobile devices • 98% targeted Android devices, far in excess of its market share • Android, unlike its competitors, does not limit the software users are allowed to install and is thus an easier target • Apple, in contrast, only allows apps from its app store to be installed on its smartphones • All apps go through an approval process, which includes some security review • Once approved, apps are signed, using a certificate approach similar to that described in Chapter 2 4
5 Economics Cybersecurity planning includes deciding how to allocate scarce resources for investing in security controls Making a business case a description of the problem or need to be addressed A list of possible solutions A list of constraints on solving the problem A list of underlying assumptions An analysis of the risks, costs, and benefits of each alternative A summary of why the proposed investment is a good idea From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Economics • Cybersecurity planning includes deciding how to allocate scarce resources for investing in security controls • Making a business case: • A description of the problem or need to be addressed • A list of possible solutions • A list of constraints on solving the problem • A list of underlying assumptions • An analysis of the risks, costs, and benefits of each alternative • A summary of why the proposed investment is a good idea 5