Privacy and Security (additional readings) McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

How to protect yourself, your computer, and others on the internet
Topic 4: Protecting People & Information Ethics, Privacy & Security MGMD 233-MIS AMN 2012.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security, Privacy, and Ethics Online Computer Crimes.
Chapter 8 Protecting People and Information: Threats and Safeguards Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
© , David Gadish, Ph.D.1 Management Information Systems CIS 301 Spring 2006 Week 9 Lectures Dr. David Gadish.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 8 Protecting People and Information Threats and Safeguards
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.
Protecting People and Information Threats and Safeguards
8-1 Management Information Systems for the Information Age Copyright 2004 The McGraw-Hill Companies, Inc. All rights reserved Chapter 8 Protecting People.
1010 CHAPTER PRIVACY AND SECURITY. © 2005 The McGraw-Hill Companies, Inc. All Rights Reserved Competencies Describe concerns associated with computer.
Chapter 8 Protecting People and Information: Threats and Safeguards Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
PROTECTING PEOPLE AND INFORMATION Threats and Safeguards
Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats and Safeguards McGraw-Hill/Irwin Copyright © 2009 by The McGraw-Hill.
Computer Viruses. Where the name came from This is a phrase coined from biology to describe a piece of software that behaves very much like a real virus.
Quiz Review.
Issues Raised by ICT.
Internet safety By Lydia Snowden.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
Chapter 11 Security and Privacy: Computers and the Internet.
Securing Information Systems
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Protecting People and Information: Threats and Safeguards.
Protecting People and Information: Threats and Safeguards
Chapter 8 Protecting People and Information: Threats and Safeguards.
PROTECTING PEOPLE AND INFORMATION Threats and Safeguards
BUSINESS B1 Information Security.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Liam Bradford.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
8-1 Management Information Systems for the Information Age Copyright 2004 The McGraw-Hill Companies, Inc. All rights reserved Chapter 8 Protecting People.
Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
CHAPTER 8 PROTECTING PEOPLE AND INFORMATION Threats and Safeguards.
8-1 Management Information Systems for the Information Age Copyright 2004 The McGraw-Hill Companies, Inc. All rights reserved Chapter 8 Protecting People.
McGraw-Hill Technology Education © 2006 by the McGraw-Hill Companies, Inc. All rights reserved CHAPTER PRIVACY AND SECURITY.
CHAPTER 7: PRIVACY, CRIME, AND SECURITY. Privacy in Cyberspace  Privacy: an individual’s ability to restrict or eliminate the collection, use and sale.
McGraw-Hill/Irwin ©2005 The McGraw-Hill Companies, All rights reserved ©2005 The McGraw-Hill Companies, All rights reserved McGraw-Hill/Irwin.
CHAPTER 8 PROTECTING PEOPLE AND INFORMATION Threats and Safeguards.
Chapter 8 Protecting People and Information: Threats and Safeguards Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Protecting People and Information: Threats and Safeguards.
Chapter 8 Protecting People and Information: Threats and Safeguards
PROTECTING PEOPLE & INFORMATION Threats and Safeguards Chapter 8.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,
Matt Broman Kodiac Gamble Devin Nichol SECTION 4.2 INFORMATION SECURITY.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Be Safe Online. Agree, Disagree, Maybe if…  Worksheet Activity  Discussion.
Any criminal action perpetrated primarily through the use of a computer.
PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.
McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.
Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats and Safeguards.
Security Risks Todays Lesson Security Risks Security Precautions
Protecting People and Information
Securing Information Systems
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Protect Your Computer Against Harmful Attacks!
Securing Information Systems
Protecting People and Information: Threats and Safeguards
HOW DO I KEEP MY COMPUTER SAFE?
PROTECTING PEOPLE & INFORMATION
Chapter 8 Protecting People and Information: Threats and Safeguards
Presentation transcript:

Privacy and Security (additional readings) McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

PRIVACY Privacy – the right to left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent Dimensions of privacy Psychological: to have a sense of control Legal: to be able to protect yourself McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Privacy and Other Individuals Key logger (key trapper) software – a program that, when installed on a computer, records every keystroke and mouse click Screen capture programs – capture screen from video card is stored on many computers as it travels from sender to recipient Hardware key logger – hardware device that captures keystrokes moving between keyboard and motherboard McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

An Is Stored on Many Computers McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Identity Theft Phishing (carding, brand spoofing) – a technique to gain personal information for the purpose of identity theft NEVER Reply without question to an asking for personal information Click directly on a Web site provided in such an e- mail McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Identity Theft McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved. Facts on phishing… February 2005 – 2,625 phishing sites Consumers lost $500 million to phishers in % people report visiting a fake site What to do if you suspect you’re at risk Close your credit card accounts (use ID theft affidavit form) Place a fraud alert on your credit reports Ask government to flag your files

Privacy and Employees Companies need information about their employees to run their business effectively As of March 2005, 60% of employers monitored employee s 70% of Web traffic occurs during work hours 78% of employers reported abuse 60% employees admitted abuse McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Privacy and Employees Cyberslacking – misuse of company resources Visiting inappropriate sites Gaming, chatting, stock trading, etc. McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Monitoring Technology Example of cost of misuse Watching an online fashion show uses as much bandwidth as downloading the entire Encyclopedia Britannica Reasons for monitoring Hire the best people possible Ensure appropriate behavior on the job Avoid litigation for employee misconduct McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Privacy and Consumers Consumers want businesses to know who they are, but not to know too much Provide what they want, but not gather information on them Let them know about products, but not pester them with advertising McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Cookies Cookie – a small file that contains information about you and your Web activities, which a Web site places on your computer Handle cookies by using Web browser cookie management option Buy a program that manages cookies McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Spam Spam – unsolicited from businesses advertising goods and services McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Adware and Spyware Adware – software to generate ads that installs itself when you download another program Spyware (sneakware, stealthware) – software that comes hidden in downloaded software and helps itself to your computer resources McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Adware in Free Version of Eudora McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Trojan Horse Software Trojan horse software – software you don’t want inside software you do want Some ways to detect Trojan horse software AdAware at The Cleaner at Trojan First Aid Kit (TFAK) at Check it out before you download at McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Web Logs Web log – one line of information for every visitor to a Web site Anonymous Web browsing (AWB) – hides your identity from the Web sites you visit The Anonymizer at SuftSecret at McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Privacy and Government Agencies About 2,000 government agencies have databases with information on people Government agencies need information to operate effectively Whenever you are in contact with government agency, you leave behind information about yourself McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Government Agencies Storing Personal Information Law enforcement NCIC (National Crime Information Center) FBI Electronic Surveillance Carnivore or DCS-1000 Magic Lantern (software key logger) NSA (National Security Agency) Echelon collect electronic information by satellite McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Government Agencies Storing Personal Information IRS Census Bureau Student loan services FICA Social Security Administration Social service agencies Department of Motor Vehicles McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Laws on Privacy Health Insurance Portability and Accountability Act (HIPAA) protects personal health information Financial Services Modernization Act requires that financial institutions protect personal customer information Other laws in Figure 8.7 on page 374 McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

SECURITY Attacks on information and computer resources come from inside and outside the company Computer sabotage costs about $10 billion per year In general, employee misconduct is more costly than assaults from outside McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Security and Employees Statistics on white-collar crime Costs an estimated $400 billion annually Average nonmanagerial embezzlement is $60,000 Average managerial embezzlement is $250,000 Two-thirds of insider fraud is not reported Of known losses, one-quarter cost more than $1 million McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Types of Cyber Crime Computer virus (virus) – software that is written with malicious intent to cause annoyance or damage Worm – type of virus that spreads itself from computer to computer usually via Denial-of-service (DoS) attack – floods a Web site with so many requests for service that it slows down or crashes McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Computer Viruses Can’t… Hurt your hardware Ex: Monitors, printers, processors, etc. Hurt any files they weren’t designed to attack Ex: A worm designed to attack Outlook won’t attack other programs Infect files on write-protected media McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Risk Management & Assessment Risk management – The identification of risks or threats The implementation of security measures Monitoring of measures for effectiveness Risk assessment – asks What can go wrong? How likely is it to go wrong? What will the consequences be? McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Security Precautions 1. Backup – process of making a copy of information 2. Anti-virus software – detects and removes or quarantines computer viruses 3. Firewall – hardware and/or software that protects a computer or network from intruders McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Security Precautions 4. Access Authentication Biometrics – the use of physiological characteristics for identification purposes 5. Encryption – scrambles the contents of a file so that you can’t read it without the decryption key Public Key Encryption (PKE) – an encryption system with two keys: a public for everyone and a private one for the recipient McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Security Precautions 6. Intrusion detection software – looks for people on the network who shouldn’t be there or who are acting suspiciously 7. Security-auditing software – checks out your computer or network for potential weaknesses McGraw-Hill© 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Computer Forensics (see more on different lecture) Computer forensics - the collection, authentication, preservation, and examination of electronic information for presentation in court. In a well-conducted computer forensics investigation, there are two major phases: 1. Collecting and authenticating electronic evidence. 2. Analyzing the findings. Computer forensics experts use special hardware and software tools to conduct investigations.