Part A. Introduction to e-security: Data security in the digital age -- Part B. Risk areas: Unauthorised access to and misuse of information systems -- Insiders -- Outsiders -- Types of attacks -- Attacks against trust - people and applications -- Email spoofing -- Password cracker -- Replay attacks -- IP spoofing -- DNS poisoning -- Case study -- Attacks against confidentiality and integrity -- Network intrusion -- Man-in-the-middle attacks -- Trojan Horse -- Virus -- Worm -- Attacks against availability -- Denial of service -- Email bomb -- Part C. Civil and criminal liability for e-security breaches: Cybercrime laws -- Developments in the United States of America -- Developments in the United Kingdom -- International developments -- Developments in Australia -- Issues that impact on the effectiveness of cybercrime laws -- Taking legal actions against hackers and crackers -- Commencing criminal proceedings against a hacker -- Criminal proceedings - some disadvantages -- Commencing civil proceedings against a hacker -- Administrative action -- Dismissing employees -- General considerations -- Part D. Downstream liability for e-security breaches -- The Main liability game -- Contract laws and trade practices legislation -- Warranties -- Force Majeure -- Frustration -- Directors' liability -- ASX Listing Rule 3.1 -- Negligence -- Facilities management service scenario -- Application service provider scenario -- Duty of care -- Positive duty -- Modbury's case -- Computer fraud case -- Vicarious liability for the acts of employees -- Privacy -- Defining reasonable steps -- One example of reasonable steps -- Other considerations -- De-identifying personal information -- Non-legal -- Evidence in e-security cases -- Reasonable steps - the lynchpin in many civil cases -- Part E. Preventative measures and e-security strategies - taking reasonable steps: A Definition of reasonable steps -- Risk management approach -- Structural approach -- Polices and procedures -- IT security policy -- Guidelines and procedures -- Security incident management -- Architecture and development -- Risk assessment and management -- Redundancy and diversity -- Securing transactions and communications -- The Main problem areas -- A Complex example - legislative developments -- Operations and monitoring -- Network monitoring -- Logging -- Passive network monitors -- Intrusion detection systems -- Intelligence -- Configuration management -- Audit and compliance -- Reporting -- Audits -- Personnel and business -- Purchasing -- Agreements -- Insurance -- Administrative measures -- Training and education -- Conclusion -- Part F. Evidence: Admissibility -- Reliability -- Increasing obligations for organisations -- Responsibilities of management
Summary
This is the fourth in a series of reports that look at the most pressing issues legal and business professionals in the e commerce today
Analysis
Computer security
Electronic commerce
Risk
Risk management
Liability
Internet & WWW Law
Notes
Includes index
Published as Special Report 4 of the series: E-commerce: the implications for the law