The DVs are all those computer systems and digital identities that are direct and/or indirect object of a computer attack. A direct digital victim is a system voluntarily attacked by one or more hackers with the purpose of tampering with normal operation. An indirect digital victim is a system that remains damaged by the attack although it is not the system on which the threat was targeted. This type of digital victim occurs predominantly in large scale attacks.
Digital victims also include the virtual identities of the subject, who may, with an unwanted action, be corrupted, stolen or, more generally, tampered with. An email account, a social media account, a forum account, are all examples of digital identity.
Digital victims are not services, as services are part of the life cycle of the attacking systems, they are their production, and therefore it is problematic to define them directly as digital victims.
Why talk about Digital Victims?
The aim is to raise awareness among the actors around the management of the ICT sector, not just the technicians, and to provide a more accurate picture when it comes to a cyber attack. Exactly as in other contexts as a simple fever, in which one person asks the other "how much fever do you have?", a more accurate question than "how are you?".
Speaking of Digital Victims means speaking in the "generic" sense and absolutely not in a legal sense. Speaking of Digital Victims means limiting the ICT context to a specific event: an attack by one or more hackers and is a useful concept for anyone that comes into contact with the industry.
It is a definition that hopefully will help to raise awareness of the general IT context and not just the technical people. It is important to understand that information, intended as a complex structure of data and systems, must always remain at the center of the observation, protection and management activity of all the organs concerned, and not just some.
Cybersecurity Expert, Chief Information Security Officer (CISO), and Certified Information Systems Auditor (CISA)
Copyright 2013. John Giordani. All Rights Reserved.