1 / 44

CHAPTER 3

CHAPTER 3 Ethics, Privacy and Information Security CHAPTER OUTLINE 3.1 Ethical Issues 3.2 Threats to Information Security 3.3 Protecting Information Resources Ethical Issues Ethics Code of Ethics Fundamental Tenets of Ethics Responsibility Accept consequences of actions

niveditha
Download Presentation

CHAPTER 3

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CHAPTER 3 Ethics, Privacy and Information Security

  2. CHAPTER OUTLINE 3.1 Ethical Issues 3.2 Threats to Information Security 3.3 Protecting Information Resources

  3. Ethical Issues • Ethics • Code of Ethics

  4. Fundamental Tenets of Ethics • Responsibility • Accept consequences of actions • Accountability • Who is responsible for actions • Liability • Right to recover damages

  5. The Four Categories of Ethical Issues • Privacy Issues • Accuracy Issues • Property Issues • Accessibility Issues • See Table 3.1

  6. Privacy Issues How much privacy do we have left?

  7. Privacy • Privacy. The right to be left alone and to be free of unreasonable personal intrusions. • Court decisions have followed two rules: (1) The right of privacy is not absolute. Your privacy must be balanced against the needs of society. (2) The public’s right to know is superior to the individual’s right of privacy.

  8. Threats to Privacy • Data aggregators, digital dossiers, and profiling • Electronic Surveillance • Personal Information in Databases • Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites

  9. Electronic Surveillance • See "The State of Surveillance" article in BusinessWeek • See the surveillance slideshow • See additional surveillance slides • And you think you have privacy? (video)

  10. Personal Information in Databases • Banks • Utility companies • Government agencies • Credit reporting agencies

  11. Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites

  12. Social Networking Sites Can Cause You Problems Anyone can post derogatory information about you anonymously. (See this Washington Post article.) You can also hurt yourself, as this article shows [35% of employers do Google searchers and 23% search on social networks]

  13. What Can You Do? First, be careful what information you post on social networking sites. Second, a company, ReputationDefender, says it can remove derogatory information from the Web.

  14. Protecting Privacy • Privacy Codes and Policies • Opt-out Model [collect info until you request otherwise] • Opt-in Model [collect info only after you authorize it]

  15. 3.2 Threats to Information Security

  16. Factors Increasing the Threats to Information Security • Today’s interconnected, interdependent, wirelessly-networked business environment • Government legislation [HIPAA] • Smaller, faster, cheaper computers and storage devices • Decreasing skills necessary to be a computer hacker

  17. Factors Increasing the Threats to Information Security (continued) • International organized crime turning to cybercrime • Downstream liability • Increased employee use of unmanaged devices [Wi-Fi networks] • Lack of management support

  18. Key Information Security Terms • Threat [danger to system of exposure] • Exposure [harm, loss, damage due to threat] • Vulnerability [possibility of suffering harm by threat] • Risk [Likelihood that a threat will occur] • Information system controls [preventive measures]

  19. Security Threats (Figure 3.1)

  20. Human Errors • Tailgating • Shoulder surfing • Carelessness with laptops and portable computing devices • Opening questionable e-mails • Careless Internet surfing • Poor password selection and use • And more

  21. Anti-Tailgating Door

  22. Shoulder Surfing

  23. Most Dangerous Employees Human resources and MIS Remember, these employees hold ALL the information

  24. Social Engineering • 60 Minutes Interview with Kevin Mitnick, the “King of Social Engineering” • Kevin Mitnick served several years in a federal prison. Upon his release, he opened his own consulting firm, advising companies on how to deter people like him, • See his company here

  25. Deliberate Acts (continued) • Software attacks [see table 3.4, pp. 77] • Virus • Worm • 1988: first widespread worm, created by Robert T. Morris, Jr. • (see the rapid spread of the Slammer worm)

  26. Deliberate Acts (continued) • Software attacks (continued) • Phishing attacks • Phishing example • Distributed denial-of-service attacks • See botnet demonstration

  27. Deliberate Acts (continued) • Software attacks (continued) Can you be Phished?

  28. Deliberate Acts (continued) • Alien Software • Spyware (see video) • Spamware • Cookies • Cookie demo

  29. Deliberate Acts (continued) • Supervisory control and data acquisition (SCADA) attacks Wireless sensor

  30. A Successful (Experimental) SCADA Attack Video of an experimental SCADA attack that was successful

  31. 3.3 Protecting Information Resources

  32. Risk! There is always risk!

  33. And then there is real risk!

  34. Risk Mitigation Strategies • Risk Acceptance [pay no attention] • Risk limitation [minimize impact] • Risk transference [buy insurance]

  35. Risk Optimization

  36. Controls • Physical controls • Access controls • Communications (network) controls • Application controls

  37. Where Defense Mechanisms (Controls) Are Located

  38. Access Controls • Authentication • Something the user is (biometrics) • The Raytheon Personal Identification Device • Something the user has • Something the user does • Something the user knows • passwords • passphrases

  39. Basic Home Firewall (top) and Corporate Firewall (bottom)

  40. How Digital Certificates Work

  41. Virtual Private Network and Tunneling

  42. Business Continuity Planning, Backup, and Recovery • Hot Site • Warm Site • Cold Site

  43. Information Systems Auditing • Types of Auditors and Audits • Internal • External

  44. IS Auditing Procedure • Auditing around the computer • Auditing through the computer • Auditing with the computer

More Related