Presentation is loading. Please wait.

Presentation is loading. Please wait.

PRIVACY AND SECURITY MORAL IMPERATIVE OF PROFESSIONAL ETHICS.

Published byMelanie Gilmore Modified over 9 years ago

Similar presentations

Presentation on theme: "PRIVACY AND SECURITY MORAL IMPERATIVE OF PROFESSIONAL ETHICS."— Presentation transcript:

1 PRIVACY AND SECURITY MORAL IMPERATIVE OF PROFESSIONAL ETHICS

2 MANAGEMENT ISSUES Security is a matter that has to be decided upon and dealt with by managers. The management of an organization must take an active role in setting policies and creating standards and procedures to be followed by the users and the administrators of the systems. Security is a matter that has to be decided upon and dealt with by managers. The management of an organization must take an active role in setting policies and creating standards and procedures to be followed by the users and the administrators of the systems. The managers must divide the tasks of maintaining the system among several people in order to prevent one person from having too much power and control over the system. The managers must divide the tasks of maintaining the system among several people in order to prevent one person from having too much power and control over the system. In developing ‘in house’ systems the management must take steps to create security standards to which all software developed internally must comply. In developing ‘in house’ systems the management must take steps to create security standards to which all software developed internally must comply.

3 INSIDE ORGANIZATIONS An organization must assess how sensitive and valuable their information is, and how much security and assurance they are willing to pay for. An organization must assess how sensitive and valuable their information is, and how much security and assurance they are willing to pay for. The systems that are going to be purchased must meet these security standards. It is often possible to install systems with different security features activated or not. The management must decide on activating or not activating these security features. The systems that are going to be purchased must meet these security standards. It is often possible to install systems with different security features activated or not. The management must decide on activating or not activating these security features.

4 TROJAN HORSES Getting under the skin -- implants code that secretly reads or alters files in an unauthorized way. Getting under the skin -- implants code that secretly reads or alters files in an unauthorized way. actions range from disastrous “rm *” to annoying "I want a cookie" actions range from disastrous “rm *” to annoying "I want a cookie" One good way is to write a popular utility program that everyone will want to use One good way is to write a popular utility program that everyone will want to use Prime targets are utilities that have ultimate privilege (login, passwd, ps, lquota...) Prime targets are utilities that have ultimate privilege (login, passwd, ps, lquota...) Viruses may lurk in compilers: viruses may be planted to detect what program is being compiled and then add code to the object code at the suitable time. Viruses may lurk in compilers: viruses may be planted to detect what program is being compiled and then add code to the object code at the suitable time.

5 VIRUSES Spreading infection like an epidemic Spreading infection like an epidemic They work by sitting with executable (or macro) files so that the virus part acts before the original purpose of the program. They work by sitting with executable (or macro) files so that the virus part acts before the original purpose of the program. Difficult to detect because cause and effect are impossible to fathom when faced with randomness and long time delays. Difficult to detect because cause and effect are impossible to fathom when faced with randomness and long time delays.

6 EXORCISING A VIRUS : How do you get rid of it once you found it? : How do you get rid of it once you found it? Recompile all programs that might have been infected, making sure NOT to execute any of them Recompile all programs that might have been infected, making sure NOT to execute any of them Lots of anti-virus programs availiable Lots of anti-virus programs availiable EVIL IS SEDUCTIVE… (Best place to put a virus is in an anti-virus program...) EVIL IS SEDUCTIVE… (Best place to put a virus is in an anti-virus program...) Ha! Ha! (we’re cool, no?) Ha! Ha! (we’re cool, no?) RECALL THE INNER IMPERATIVES OF WHICH THE CODE OF PROFESSIONAL ETHICS REMIND RECALL THE INNER IMPERATIVES OF WHICH THE CODE OF PROFESSIONAL ETHICS REMIND

7 WORMS Consist of several segments, each is a program running on a separate workstation on the network which is idle. Consist of several segments, each is a program running on a separate workstation on the network which is idle. If a workstation is shut down, the other segments reproduce it on another. If a workstation is shut down, the other segments reproduce it on another. Every workstation must be rebooted simultaneously to eradicate the worm. Every workstation must be rebooted simultaneously to eradicate the worm. HOW TO DEFEND AGAINST SUCH EVIL? HOW TO DEFEND AGAINST SUCH EVIL? Technical mechanisms cannot limit the damage done by infiltrators. Technical mechanisms cannot limit the damage done by infiltrators.

8 DEFENSES (back to the ethical values…) Mutual trust between users of a system, coupled with physical security Mutual trust between users of a system, coupled with physical security Educate Users (install updated virus-check…) Educate Users (install updated virus-check…) Secrecy -- do not make information available (doesn’t go well with trust…) RESISTANCE BRINGS RESISTANCE (The best defense is not to act defensively…) Secrecy -- do not make information available (doesn’t go well with trust…) RESISTANCE BRINGS RESISTANCE (The best defense is not to act defensively…) BE AWARE OF YOUR POWER and ACT RESPONSIBLE! BE AWARE OF YOUR POWER and ACT RESPONSIBLE! Cultivate a supportive trusting atmosphere! YOU HAVE THE POWER TO MAKE OR BREAK OUR WORLD! Cultivate a supportive trusting atmosphere! YOU HAVE THE POWER TO MAKE OR BREAK OUR WORLD!

9 PRIVACY "The right to be left alone" "The right to be left alone" "One should have control over his/her own information" "One should have control over his/her own information" MAIN THREATS OF PRIVACY TODAY MAIN THREATS OF PRIVACY TODAY The rapid growth of electronic transactions The rapid growth of electronic transactions The accelerated collection of personal information The accelerated collection of personal information The dramatic increase in the number of communications carriers and service providers. The dramatic increase in the number of communications carriers and service providers. The growing use of technically unsecured channel, such as mobile communication. The growing use of technically unsecured channel, such as mobile communication. LACK OF DIRECTION – LACK OF MORAL AND ETHICAL VALUES! (AWARENESS) LACK OF DIRECTION – LACK OF MORAL AND ETHICAL VALUES! (AWARENESS)

10 CATHEGORIES Confidentiality: The existence of the communication should be known only by the parties involved, without disclosure to a third party. Confidentiality: The existence of the communication should be known only by the parties involved, without disclosure to a third party. Anonymity: The individual's right to disclose his/her identity in a network. Anonymity: The individual's right to disclose his/her identity in a network. Data protection: The collection and use of personal data. Data protection: The collection and use of personal data.

11 EXCEPTIONS (When it is ‘OK’ to trespass privacy) Consent is given by the owner of the information Consent is given by the owner of the information Criminal Investigation (?would this fit in the Code of Ethics…) Criminal Investigation (?would this fit in the Code of Ethics…) For the maintenance of the network (SHOULD CONSENT BE ASKED FOR IN THIS CASE?...) For the maintenance of the network (SHOULD CONSENT BE ASKED FOR IN THIS CASE?...)

12 PRINCIPLES OF PERSONAL RECORD KEEPING There must be no personal data record-keeping systems whose very existence is secret There must be no personal data record-keeping systems whose very existence is secret There must be a way for an individual to find out what information about him/her is in a record and how it is used There must be a way for an individual to find out what information about him/her is in a record and how it is used There must be a way for an individual to prevent information about him/her that was obtained for one purpose from being used or made available for other purposes without his/her consent There must be a way for an individual to prevent information about him/her that was obtained for one purpose from being used or made available for other purposes without his/her consent There must be a way for an individual to correct or amend record of identifiable information about him/her There must be a way for an individual to correct or amend record of identifiable information about him/her Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuse of the data. Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuse of the data.

13 DATAVEILLANCE Systematic use of personal data systems in the investigation or monitoring of the actions or communications of one or more persons Systematic use of personal data systems in the investigation or monitoring of the actions or communications of one or more persons SURVEILLANCE SURVEILLANCE Systematic investigation or monitoring of the actions or communications of one or more persons. Its primary purpose is generally to collect information about them, their activities, or their associates. Systematic investigation or monitoring of the actions or communications of one or more persons. Its primary purpose is generally to collect information about them, their activities, or their associates.

14 SURVEILLANCE… Personal surveillance is the surveillance of an identified person. Personal surveillance is the surveillance of an identified person. In general, a specific reason exists for the investigation or monitoring. In general, a specific reason exists for the investigation or monitoring. Mass surveillance is the surveillance of groups of people, usually large groups. Mass surveillance is the surveillance of groups of people, usually large groups. In general, the reason for investigation or monitoring is to identify individuals who belong to some particular class of interest to the surveillance organization. In general, the reason for investigation or monitoring is to identify individuals who belong to some particular class of interest to the surveillance organization.

15 THE ETHICS OF SURVEILLANCE… Concern about freedom from tyranny is a trademark of democracy. Surveillance is one of the elements of tyranny. Concern about freedom from tyranny is a trademark of democracy. Surveillance is one of the elements of tyranny. Nevertheless, some classes of people, at least when they undertake some classes of activity, are deemed by society to warrant surveillance. Nevertheless, some classes of people, at least when they undertake some classes of activity, are deemed by society to warrant surveillance. The computer has been accused of harboring a potential for increased surveillance of the citizen by the state, and the consumer by the corporation The computer has been accused of harboring a potential for increased surveillance of the citizen by the state, and the consumer by the corporation ? HOW DOES THIS LOOK IN THE CONTEXT OF THE SHIFT OUR WORLD TOOK AFTER SEPT. 11 ? HOW DOES THIS LOOK IN THE CONTEXT OF THE SHIFT OUR WORLD TOOK AFTER SEPT. 11

16 MAIN THREATS … Dangers of personal dataveillance Dangers of personal dataveillance Wrong identification Wrong identification Low data quality Low data quality Acontextual use of data Acontextual use of data Low quality decisions Low quality decisions Lack of subject knowledge of data flows Lack of subject knowledge of data flows Lack of subject consent to data flows Lack of subject consent to data flows Blacklisting Blacklisting Denial of redemption Denial of redemption

17 DANGERS OF MASS DATAVEILLANCE To the individual To the individual Acontextual data merger Acontextual data merger Complexity and incomprehensibility of data Complexity and incomprehensibility of data Witch hunts Witch hunts Selective advertising Selective advertising Unknown accusations and accusers Unknown accusations and accusers

18 DANGERS OF DATAVEILLANCE… To society To society Prevailing climate of suspicion (threatens TRUST) Prevailing climate of suspicion (threatens TRUST) Adversarial relationships Adversarial relationships Focus of law enforcement on easily detectable offenses Focus of law enforcement on easily detectable offenses Inequitable application of the law Inequitable application of the law Decreased respect for the law (DAMAGES FAITH IN ETHICS) Decreased respect for the law (DAMAGES FAITH IN ETHICS) Reduction in meaningfulness of individual actions Reduction in meaningfulness of individual actions Reduction in self-reliance, self-determination Reduction in self-reliance, self-determination Stultification of originality Stultification of originality Tendency to opt out of the official level of society Tendency to opt out of the official level of society Weakening of society's moral fiber and cohesion Weakening of society's moral fiber and cohesion Destabilization potential for a totalitarian government Destabilization potential for a totalitarian government

Download ppt "PRIVACY AND SECURITY MORAL IMPERATIVE OF PROFESSIONAL ETHICS."

Similar presentations

Operating System Security

Operating System Security
Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
Criteria For Approval 45 CFR 46.111 25 CFR 56.111 Minimized risks Reasonable risk/benefit ratio Equitable subject selection Informed consent process Informed.

Criteria For Approval 45 CFR CFR Minimized risks Reasonable risk/benefit ratio Equitable subject selection Informed consent process Informed.
AUP Acceptable Use Policy Summarized by Mr. Kirsch from the Sioux Falls School District Technology Plan.

AUP Acceptable Use Policy Summarized by Mr. Kirsch from the Sioux Falls School District Technology Plan.
COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.

COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.
Ethical and Social...J.M.Kizza 1 Module 5: Anonymity, Security, Privacy and Civil Liberties IntroductionAnonymitySecurityPrivacy Ethical and Social Issues.

Ethical and Social...J.M.Kizza 1 Module 5: Anonymity, Security, Privacy and Civil Liberties IntroductionAnonymitySecurityPrivacy Ethical and Social Issues.
Breaking Trust On The Internet

Breaking Trust On The Internet
What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.

What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Data Retention LIS 550 Winter 2010 Unsworth Tuesday, March 02, 2010.

Data Retention LIS 550 Winter 2010 Unsworth Tuesday, March 02, 2010.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Introducing Computer and Network Security

Introducing Computer and Network Security
1 The Engineer as a Professional Privacy. 2 After reading the articles please answer the following questions. 1) Is privacy a concern that engineers have.

1 The Engineer as a Professional Privacy. 2 After reading the articles please answer the following questions. 1) Is privacy a concern that engineers have.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
INTERNET and CODE OF CONDUCT

INTERNET and CODE OF CONDUCT

Similar presentations

Ads by Google