E-security / by Leif Gamertsfelder, Rob McMillan, Andrew Handelsmann and Phillip Hourigan.

Pyrmont, N.S.W. : Lawbook, 2002.

22590

Electronic commerce -- Australia.

Internet -- Australia.

Computer crimes -- Australia.

Information technology -- Australia.

Part A. Introduction to e-security: Data security in the digital age

Part B. Risk areas: Unauthorised access to and misuse of information systems

Insiders

Outsiders

Types of attacks

Attacks against trust - people and applications

Email spoofing

Password cracker

Replay attacks

IP spoofing

DNS poisoning

Case study

Attacks against confidentiality and integrity

Network intrusion

Man-in-the-middle attacks

Trojan Horse

Virus

Worm

Attacks against availability

Denial of service

Email bomb

Part C. Civil and criminal liability for e-security breaches: Cybercrime laws

Developments in the United States of America

Developments in the United Kingdom

International developments

Developments in Australia

Issues that impact on the effectiveness of cybercrime laws

Taking legal actions against hackers and crackers

Commencing criminal proceedings against a hacker

Criminal proceedings - some disadvantages

Commencing civil proceedings against a hacker

Administrative action

Dismissing employees

General considerations

Part D. Downstream liability for e-security breaches

The Main liability game

Contract laws and trade practices legislation

Warranties

Force Majeure

Frustration

Directors' liability

ASX Listing Rule 3.1

Negligence

Facilities management service scenario

Application service provider scenario

Duty of care

Positive duty

Modbury's case

Computer fraud case

Vicarious liability for the acts of employees

Privacy

Defining reasonable steps

One example of reasonable steps

Other considerations

De-identifying personal information

Non-legal

Evidence in e-security cases

Reasonable steps - the lynchpin in many civil cases

Part E. Preventative measures and e-security strategies - taking reasonable steps: A Definition of reasonable steps

Risk management approach

Structural approach

Polices and procedures

IT security policy

Guidelines and procedures

Security incident management

Architecture and development

Risk assessment and management

Redundancy and diversity

Securing transactions and communications

The Main problem areas

A Complex example - legislative developments

Operations and monitoring

Network monitoring

Logging

Passive network monitors

Intrusion detection systems

Intelligence

Configuration management

Audit and compliance

Reporting

Audits

Personnel and business

Purchasing

Agreements

Insurance

Administrative measures

Training and education

Conclusion

Part F. Evidence: Admissibility

Reliability

Increasing obligations for organisations

Responsibilities of management.

045521851X

xiv, 98 p.