Cybersecurity guide for developing countries
PREFACE
FOREWORD
EXECUTIVE SUMMARY
HOW TO READ THIS GUIDE
ACKNOWLEDGMENTS
TABLE OF CONTENTS
PART I – CYBERSECURITY – CONTEXT, CHALLENGES, SOLUTIONS
Section I.1 – Cyberspace and the information society
I.1.1 Digitization
I.1.2 The information revolution
Section I.2 – Cybersecurity
I.2.1 The security context of the communication infrastructure
I.2.2 What is at stake with cybersecurity
I.2.3 The security deficit
I.2.4 Lessons to be drawn
I.2.5 The management perspective
I.2.6 The political dimension
I.2.7 The economic dimension
I.2.8 The social dimension
I.2.9 The legal dimension
I.2.10 Cybersecurity basics
PART II – CONTROLLING CYBERCRIME
Section II.1 – Cybercrime
II.1.1 Computer-related crime and cybercrime
II.1.2 Factors that make the internet attractive for criminal elements
II.1.3 Traditional crime and cybercrime
II.1.4 Cybercrime, economic crime and money-laundering
II.1.5 Cybercrime - an extension of ordinary crime
II.1.6 Cybercrime and terrorism
II.1.7 Hackers
II.1.8 Nuisances and malware
II.1.9 Principal forms of internet crime
II.1.10 Security incidents and unreported cybercrime
II.1.11 Preparing for the cybercrime threat: a responsibility to protect
Section II.2 – Cyberattacks
II.2.1 Types of cyberattack
II.2.2 Theft of users' passwords to penetrate systems
II.2.3 Denial-of-service attacks
II.2.4 Defacement attacks
II.2.5 Spoofing attacks
II.2.6 Attacks against critical infrastructure
II.2.7 Phases in a cyberattack
PART III – TECHNOLOGICAL APPROACH
Section III.1 – Telecommunication infrastructures
III.1.1 Characteristics
III.1.2 Fundamental principles
III.1.3 Network components
III.1.4 Telecommunication infrastructure and information highway
III.1.5 The internet
Section III.2 – Security tools
III.2.1 Data encryption
III.2.2 Secure IP protocol
III.2.3 Security of applications
III.2.4 Secure sockets layer (SSL) and secure HTTP (S-HTTP) protocols
III.2.5 E-mail and name server security
III.2.6 Intrusion detection
III.2.7 Environment partitioning
III.2.8 Access control
III.2.9 Protection and management of communication infrastructures
PART IV – A COMPREHENSIVE APPROACH
Section IV.1 – Various aspects of the law regulating new technologies
IV.1.1 Personal data protection and e-commerce
IV.1.2 E-commerce and contracting in cyberspace
IV.1.3 Cyberspace and intellectual property
IV.1.4 Spam: a number of legal considerations
IV.1.5 Summary of the main legal issues relating to cyberspace
Section IV.2 – Prospects
IV.2.1 Educate - train - heighten awareness among all cybersecurity stakeholders
IV.2.2 A new approach to security
IV.2.3 The characteristics of a security policy
IV.2.4 Identifying sensitive resources in order to protect them
IV.2.5 Objectives, mission and fundamental principles of cybersecurity
IV.2.6 Success factors
PART V – ANNEXES
Annex A – Glossary of main security terms
Annex B – Table of contents of ISO/IEC standard 17799:2005, which serves as a reference for security management
Annex C – Mandate and activities of ITU-D in cybersecurity and combating spam
Annex D – Main ITU-T Questions relating to security under study in the 2005-2008 study period
Annex E – Bibliographical references
Annex F – OECD Guidelines for the security of information systems and networks: Towards a culture of security