Now I want to talk to you about that special case threat type that we
alluded too earlier, namely fraud, and you can also call it theft.
And just to review that's where you steal something, you're not paying money but
you're just basically taking an asset, and
this is an important kind of consideration in cyber security.
Because increasingly with things online and with so much e-commerce going on this
idea of preventing people from stealing is a really big piece in cyber security.
So we do want to take a minute to think about the threat and
how it normally plays out.
And as we said earlier when somebody is committing theft, they're not paying for
a service, and the first sort of place that we can take inventory
where this might happen is anyplace where there's something of value.
So if you're doing an inventory about whether there's a fraud risk and
it's simply is there any financial value in something that's being protected?
Financial value is what attracts fraudsters, okay, because if there's no
financial value then as the security engineer, as the security analyst, as
the security expert, you know that fraud is probably not going to be the big issue.
But when there is financial value then what we need to do then to prevent this,
and we'll get into it later, but I want to give you some motivation now for
the cyber security concept, is we need to look for
hints that fraudsters would typically follow.
Does that make sense?
We're going to do something that would be called behavioral analysis,
that's where I'm watching the behavior of something and
I'm trying to determine whether fraud is being committed.
I'll give you a simple example,
let's say we're keeping track of passwords that are coming into a system, okay.
So you write a program and I watch and I see user ID,
password, and I check and I see wait, not valid.
And I send a response back and go, not valid, sorry and I sit and I wait.
Now the same user ID comes in again, another password comes in and
doesn't match, and I go, sorry, not valid, that's two.