Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security and Privacy: Panel of Perspectives Rick Skeel University of Oklahoma.

Published byMyles Fisher Modified over 9 years ago

Similar presentations

Presentation on theme: "Security and Privacy: Panel of Perspectives Rick Skeel University of Oklahoma."— Presentation transcript:

1 Security and Privacy: Panel of Perspectives Rick Skeel University of Oklahoma

2 Where Are We Most Vulnerable To Security Issues?  Integrity of the record  Privacy of the record  At sending and receiving points

3 How it can and does happen... –Destruction, Alteration, Disclosure of Data  65% Carelessness, Honest Mistakes  19% Disgruntled Employees  13% Physical Damage  3% From Outside - Hackers Source: “ Session 8.1 Security and Acknowledgement ” by Jeanenne Rothenberger, SPEEDE Workshop, Baltimore MD, October 18-20, 1992

4 How it can and does happen (cont’d)... “ Globally, 79% of participants in 12 countries said that a breach in their e-commerce system would most likely be perpetrated through the Internet or other external access. It is well documented, however, that the greatest risk is from internal perpetrators – such as disgruntled or former employees or external service providers who have an established relationship with the company – who may commit the breach, or may supply the information necessary to do so to someone else.” Source: KPMG Survey, as reported by Antoinette Panton, KPMG, March 2001 Press Release “ Companies underestimate internal threat, says KPMG ”

5 So you see...  For sending and receiving data, the more serious security risks are within our own offices - not in transit  Can be overcome with... –Office policies and procedures –Controlled access to sensitive information –Audit mechanisms –User training and education –User documentation and support

6 EDI – One Approach For Security  Fewer Paper Handlers  Eliminate U.S. Mail  Require a more Sophisticated Tamperer  Acknowledgment and Receipt  Easier Tracking for Sender and Receiver

7 Security … EDI-style Transcript Exchange  Control counts built into data … integrity –transaction set, functional group, interchange  Unique identifiers for trading partners … authentication  Acknowledgements … non-repudiation, integrity  Encryption … confidentiality –Can choose to add or not –Works better in small, closed system –Large effort to counter smallest risk (remember the 3%?)

8 Are signatures still relevant?  Outside our own jurisdiction, who recognizes and/or verifies? –e.g. banks & checks (cheques )  General acceptance of new paradigm without signature –Credit cards, debit cards  “Acceptance” of “implied confirmation” –Computer software (“By breaking this seal, you accept…”) –Check boxes (“I agree…”)  Digital signatures –Link you to the computer, not necessarily the person intention –Carry the same notion of intention as hand-written signature? –http://www.schneier.com/crypto-gram-0011.html

9 Identity Theft – The Newest Threat  Serious issue or just in the news?  Use of the SSN on campus –Who really needs access? –Who wants access? –Who gets access?  ID number on student & faculty/staff cards

Download ppt "Security and Privacy: Panel of Perspectives Rick Skeel University of Oklahoma."

Similar presentations

Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,

Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,
COMPUTER CRIMES CREDIT CARD FRAUD “A BILLION DOLLAR PROBLEM”

COMPUTER CRIMES CREDIT CARD FRAUD “A BILLION DOLLAR PROBLEM”
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.
ELECTRONIC COMMUNICATION ACT 2000 Raashida & Sangeetha.

ELECTRONIC COMMUNICATION ACT 2000 Raashida & Sangeetha.
© Julia Wilk (FHÖV NRW) 1 Digital Signatures. © Julia Wilk (FHÖV NRW)2 Structure 1. Introduction 2. Basics 3. Elements of digital signatures 4. Realisation.

© Julia Wilk (FHÖV NRW) 1 Digital Signatures. © Julia Wilk (FHÖV NRW)2 Structure 1. Introduction 2. Basics 3. Elements of digital signatures 4. Realisation.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

Similar presentations

Ads by Google