1. Chapter 8 Protecting People and Information: Threats and Safeguards Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin

2. STUDENT LEARNING OUTCOMES 1. Define ethics and describe the two factors that affect how you make a decision concerning an ethical issue. 2. Define and describe intellectual property, copyright, Fair Use Doctrine, and pirated software. 3. Describe privacy and describe ways in which it can be threatened. 4. Describe the ways in which information on your computer or network is vulnerable and list measures you can take to protect it. 8-2

3. SHE LOST $400,000 TO AN E-MAIL SCAM  “419” e-mails are a popular type of scam  419 scams promise you, in an e-mail, that you will get rich if you ante up a small fee  Janella Spears took the bait and spent $400,000 trying to collect her fortune  She even cashed in her husband’s retirement to get the money to send the crooks 8-3

4. Case Study Questions 1. What do you think about this true story? 2. Have you ever been caught in a scam? How did you feel when you discovered that you had been fooled? 3. What would you do if you knew that your parent was being complicity in his or her own victimization? 8-4

5. INTRODUCTION  Handling information responsibly means understanding the following issues  Ethics  Personal privacy  Threats to information  Protection of information 8-5

6. CHAPTER ORGANIZATION 1. Ethics  Learning Outcomes #1 & #2 2. Privacy  Learning Outcome #3 3. Security  Learning Outcome #4 8-6

7. ETHICS  Ethics 8-7

8. Factors the Determine How You Decide Ethical Issues  Actions in ethical dilemmas determined by  1.  2.  Your basic ethical structure determines what you consider to be  1.  2.  3. 8-8

9. Basic Ethical Structure 8-9

10. Circumstances of the Situation 1. 2. 3. 4. 5. 6. 8-10

11. Intellectual Property  Intellectual property  Copyright  Fair Use Doctrine 8-11

12. Intellectual Property  Using copyrighted software without permission violates copyright law  Pirated software 8-12

13. PRIVACY  Privacy  Dimensions of privacy  1.  2. 8-13

14. Privacy and Other Individuals  Key logger (key trapper) software  Screen capture programs  E-mail is stored on many computers as it travels from sender to recipient  Hardware key logger.  Event Data Recorders (EDR) 8-14

15. An E-Mail is Stored on Many Computers 8-15

16. Identity Theft  Identity theft 8-16

17. Identity Theft  Phishing (carding, brand spoofing)  NEVER  Reply without question to an e-mail asking for personal information  Click directly on a Web site provided in such an e- mail 8-17

18. Identity Theft 8-18

19. Pharming  Pharming 8-19

20. Privacy and Employees  Companies need information about their employees to run their business effectively  As of March 2005, 60% of employers monitored employee e-mails  70% of Web traffic occurs during work hours  78% of employers reported abuse  60% employees admitted abuse 8-20

21. Privacy and Employees  Visiting inappropriate sites  Gaming, chatting, stock trading, social networking, etc. 8-21

22. Reasons for Monitoring  1.  2.  3. 8-22

23. Privacy and Consumers  Consumers want businesses to  Know who they are, but not to know too much  Provide what they want, but not gather information on them  Let them know about products, but not pester them with advertising 8-23

24. Cookies  Cookie 8-24

25. Spam  Spam  Gets past spam filters by 8-25

26. Adware and Spyware  Adware  Spyware (sneakware, stealthware) 8-26

27. Adware in Free Version of Eudora 8-27

28. Trojan Horse Software  Trojan horse software 8-28

29. Web Logs  Web log  Clickstream  Anonymous Web browsing (AWB) 8-29

30. Privacy and Government Agencies  About 2,000 government agencies have databases with information on people  Government agencies need information to operate effectively  Whenever you are in contact with government agency, you leave behind information about yourself 8-30

31. Government Agencies Storing Personal Information  Law enforcement  NCIC (National Crime Information Center)  FBI  Electronic Surveillance  Carnivore or DCS-1000  Magic Lantern (software key logger)  NSA (National Security Agency)  Echelon collect electronic information by satellite 8-31

32. Government Agencies Storing Personal Information  IRS  Census Bureau  Student loan services  FICA  Social Security Administration  Social service agencies  Department of Motor Vehicles 8-32

33. Laws on Privacy  Health Insurance Portability and Accountability Act (HIPAA) protects personal health information  Financial Services Modernization Act requires that financial institutions protect personal customer information  Other laws in Figure 8.6 on page 244 8-33

34. SECURITY AND EMPLOYEES  Attacks on information and computer resources come from inside and outside the company  Computer sabotage costs about $10 billion per year  In general, employee misconduct is more costly than assaults from outside 8-34

35. Security and Employees 8-35

36. Security and Outside Threats  Hackers  Computer virus (virus)  Worm  Denial-of-service (DoS) attack 8-36

37. Computer Viruses Can’t  1.  2.  3. 8-37

38. Security Measures 1. Anti-virus software 2. Anti-spyware and anti-adware software 3. Spam protection software – identifies and marks and/or deletes Spam 4. Anti-phishing software – lets you know when phishing attempts are being made 5. Firewall 8-38

39. Security Measures 5. Anti-rootkit software – stops outsiders taking control of your machine 6. Encryption 7. Public Key Encryption (PKE) 8. Biometrics 8-39