Non-Security – Premise of Cybercrime

Presents the concept of cyber crime: electronic deception, phishing, frau by charging, fraud involving online auctions or investments, and identity theft. Details vulnerabilities of IT applications: SQL injection, verbose errors, session handling flaw, source code disclosure, remote code execution, vulnerable third party software, cross-site scripting (XSS), authorization bypass, and logic flaw. Lists types of Internet fraud. Analyzes predisposing factors of cyber crime: usage of online payment methods in unsecured working environments; providing personal information on websites; not using specialized sites that have a high degree of certification for certain activities; paying in advance without having confirmation that products were actually sent; and providing additional information unneeded to validate a transaction. Identifies deficiencies of security systems and builds a model for information security management.