Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ethics, Privacy and Information Security

Published byZayne Slatton Modified over 9 years ago

Similar presentations

Presentation on theme: "Ethics, Privacy and Information Security"— Presentation transcript:

1 Ethics, Privacy and Information Security
CHAPTER 3 Ethics, Privacy and Information Security

2 CHAPTER OUTLINE 3.1 Ethical Issues 3.2 Threats to Information Security 3.3 Protecting Information Resources

3 LEARNING OBJECTIVES Describe the major ethical issues related to information technology and identify situations in which they occur. Describe the many threats to information security. Understand the various defense mechanisms used to protect information systems. Explain IT auditing and planning for disaster recovery.

4 Ethical Issues Ethics Code of Ethics

5 Fundamental Tenets of Ethics
Responsibility Accountability Liability

6 Unethical vs. Illegal What is unethical is not necessarily illegal.

7 The Four Categories of Ethical Issues
Privacy Issues Accuracy Issues Property Issues Accessibility Issues

8 Privacy Court decisions have followed two rules: (1) The right of privacy is not absolute. Your privacy must be balanced against the needs of society. (2) The public’s right to know is superior to the individual’s right of privacy.

9 Threats to Privacy Data aggregators, digital dossiers, and profiling
Electronic Surveillance Personal Information in Databases Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites

10 Data Aggregators Digital Dossiers Profiling

11 Personal Information in Databases
Banks Utility companies Government agencies Credit reporting agencies

12 Social Networking Sites Can Cause You Problems
Anyone can post derogatory information about you anonymously. You can also hurt yourself.

13 What Can You Do? First, be careful what information you post on social networking sites. Second, a company, ReputationDefender, says it can remove derogatory information from the Web.

14 Protecting Privacy Privacy Codes and Policies Opt-out Model
Opt-in Model

15 3.2 Threats to Information Security

16 Factors Increasing the Threats to Information Security
Today’s interconnected, interdependent, wirelessly-networked business environment Government legislation Smaller, faster, cheaper computers and storage devices Decreasing skills necessary to be a computer hacker

17 Factors Increasing the Threats to Information Security (continued)
Downstream liability Due diligence Unmanaged devices Lack of management support

18 Key Information Security Terms
Threat Exposure Vulnerability Risk Information system controls

19 Categories of Threats to Information Systems
Unintentional acts Natural disasters Technical failures Management failures Deliberate acts

20 Unintentional Acts Human errors
Deviations in quality of service by service providers (e.g., utilities) Environmental hazards (e.g., dirt, dust, humidity)

21 Human Errors Tailgating Shoulder surfing
Carelessness with laptops and portable computing devices Opening questionable s Careless Internet surfing Poor password selection and use And more

22 Shoulder Surfing Shoulder surfing occurs when…

23 Most Dangerous Employees
Human resources and MIS Remember, these employees hold ALL the information

24 Social Engineering Social engineering
Kevin Mitnick served several years in a federal prison. Upon his release, he opened his own consulting firm, advising companies on how to deter people like him

25 Deliberate Acts Espionage or trespass Information extortion
Sabotage or vandalism Theft of equipment or information For example, dumpster diving

26 Deliberate Acts (continued)
Software attacks Virus Worm Logic Bomb

27 Deliberate Acts (continued)
Software attacks (continued) Phishing attacks Distributed denial-of-service attacks

28 Deliberate Acts (continued)
Alien Software Spyware Spamware Cookies

29 Deliberate Acts (continued)
Supervisory control and data acquisition (SCADA) attacks

30 3.3 Protecting Information Resources

31 Risk Management Risk Risk management Risk analysis Risk mitigation

32 Risk Mitigation Strategies
Risk Acceptance Risk limitation Risk transference

33 Controls Physical controls Access controls
Communications (network) controls Application controls

34 Access Controls Authentication Something the user is
Something the user has Something the user does Something the user knows Passwords passphrases

35 Access Controls (continued)
Authorization Privilege Least privilege

36 Communication or Network Controls
Firewalls Anti-malware systems Whitelisting and Blacklisting Intrusion detection systems Encryption

37 How Digital Certificates Work
Certificate Authorities

38 Communication or Network Controls (continued)
Virtual private networking Secure Socket Layer (now transport layer security) Vulnerability management systems Employee monitoring systems

39 Virtual Private Network and Tunneling

40 Business Continuity Planning, Backup, and Recovery
Hot Site Warm Site Cold Site

41 Information Systems Auditing
Types of Auditors and Audits Internal External

42 IS Auditing Procedure Auditing around the computer
Auditing through the computer Auditing with the computer

Download ppt "Ethics, Privacy and Information Security"

Similar presentations

4 Information Security.

4 Information Security.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
CHAPTER 3 Ethics, Privacy and Information Security.

CHAPTER 3 Ethics, Privacy and Information Security.
CHAPTER 4 Information Security

CHAPTER 4 Information Security
CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.
CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments.

CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments.
CHAPTER 3 Ethics and Privacy. Outline for Today Chapter 3: Ethics and Privacy Tech Guide: Protecting Information Assets REMINDER: Project 1 due tonight.

CHAPTER 3 Ethics and Privacy. Outline for Today Chapter 3: Ethics and Privacy Tech Guide: Protecting Information Assets REMINDER: Project 1 due tonight.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
1010 CHAPTER PRIVACY AND SECURITY. © 2005 The McGraw-Hill Companies, Inc. All Rights Reserved. 10-2 Competencies Describe concerns associated with computer.

1010 CHAPTER PRIVACY AND SECURITY. © 2005 The McGraw-Hill Companies, Inc. All Rights Reserved Competencies Describe concerns associated with computer.
Ethics and Privacy. Utilitarian approach: an ethical action is the one that provides the most good or does the least harm. Rights approach: ethical action.

Ethics and Privacy. Utilitarian approach: an ethical action is the one that provides the most good or does the least harm. Rights approach: ethical action.

Similar presentations

Ads by Google