Chapter 3
Download
1 / 44

CHAPTER 3 Ethics - PowerPoint PPT Presentation


  • 330 Views
  • Uploaded on

CHAPTER 3 Ethics, Privacy and Information Security CHAPTER OUTLINE 3.1 Ethical Issues 3.2 Threats to Information Security 3.3 Protecting Information Resources Ethical Issues Ethics Code of Ethics Fundamental Tenets of Ethics Responsibility Accept consequences of actions

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'CHAPTER 3 Ethics' - niveditha


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Chapter 3 l.jpg

CHAPTER 3

Ethics, Privacy and Information Security


Chapter outline l.jpg
CHAPTER OUTLINE

3.1 Ethical Issues

3.2 Threats to Information Security

3.3 Protecting Information Resources


Ethical issues l.jpg
Ethical Issues

  • Ethics

  • Code of Ethics


Fundamental tenets of ethics l.jpg
Fundamental Tenets of Ethics

  • Responsibility

    • Accept consequences of actions

  • Accountability

    • Who is responsible for actions

  • Liability

    • Right to recover damages


The four categories of ethical issues l.jpg
The Four Categories of Ethical Issues

  • Privacy Issues

  • Accuracy Issues

  • Property Issues

  • Accessibility Issues

  • See Table 3.1


Privacy issues l.jpg
Privacy Issues

How much privacy do we have left?


Privacy l.jpg
Privacy

  • Privacy. The right to be left alone and to be free of unreasonable personal intrusions.

  • Court decisions have followed two rules:

    (1) The right of privacy is not absolute. Your privacy must be balanced against the needs of society.

    (2) The public’s right to know is superior to the individual’s right of privacy.


Threats to privacy l.jpg
Threats to Privacy

  • Data aggregators, digital dossiers, and profiling

  • Electronic Surveillance

  • Personal Information in Databases

  • Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites


Electronic surveillance l.jpg
Electronic Surveillance

  • See "The State of Surveillance" article in BusinessWeek

  • See the surveillance slideshow

  • See additional surveillance slides

  • And you think you have privacy? (video)


Personal information in databases l.jpg
Personal Information in Databases

  • Banks

  • Utility companies

  • Government agencies

  • Credit reporting agencies



Social networking sites can cause you problems l.jpg
Social Networking Sites Can Social Networking Sites Cause You Problems

Anyone can post derogatory information about you anonymously.

(See this Washington Post article.)

You can also hurt yourself, as this article shows [35% of employers do Google searchers and 23% search on social networks]


What can you do l.jpg
What Can You Do? Social Networking Sites

First, be careful what information you post on social networking sites.

Second, a company, ReputationDefender, says it can remove derogatory information from the Web.


Protecting privacy l.jpg
Protecting Privacy Social Networking Sites

  • Privacy Codes and Policies

    • Opt-out Model [collect info until you request otherwise]

    • Opt-in Model [collect info only after you authorize it]


3 2 threats to information security l.jpg
3.2 Threats to Information Security Social Networking Sites


Factors increasing the threats to information security l.jpg
Factors Increasing the Threats to Information Security Social Networking Sites

  • Today’s interconnected, interdependent, wirelessly-networked business environment

  • Government legislation [HIPAA]

  • Smaller, faster, cheaper computers and storage devices

  • Decreasing skills necessary to be a computer hacker


Factors increasing the threats to information security continued l.jpg
Factors Increasing the Threats to Information Security (continued)

  • International organized crime turning to cybercrime

  • Downstream liability

  • Increased employee use of unmanaged devices [Wi-Fi networks]

  • Lack of management support


Key information security terms l.jpg
Key Information Security Terms (continued)

  • Threat [danger to system of exposure]

  • Exposure [harm, loss, damage due to threat]

  • Vulnerability [possibility of suffering harm by threat]

  • Risk [Likelihood that a threat will occur]

  • Information system controls [preventive measures]


Security threats figure 3 1 l.jpg
Security Threats (continued)(Figure 3.1)


Human errors l.jpg
Human Errors (continued)

  • Tailgating

  • Shoulder surfing

  • Carelessness with laptops and portable computing devices

  • Opening questionable e-mails

  • Careless Internet surfing

  • Poor password selection and use

  • And more



Shoulder surfing l.jpg
Shoulder Surfing (continued)


Most dangerous employees l.jpg
Most Dangerous Employees (continued)

Human resources and MIS

Remember, these employees hold ALL the information


Social engineering l.jpg
Social Engineering (continued)

  • 60 Minutes Interview with Kevin Mitnick, the “King of Social Engineering”

  • Kevin Mitnick served several years in a federal prison. Upon his release, he opened his own consulting firm, advising companies on how to deter people like him,

    • See his company here


Deliberate acts continued l.jpg
Deliberate Acts (continued)(continued)

  • Software attacks [see table 3.4, pp. 77]

    • Virus

    • Worm

      • 1988: first widespread worm, created by Robert T. Morris, Jr.

      • (see the rapid spread of the Slammer worm)


Slide26 l.jpg

Deliberate Acts (continued)(continued)

  • Software attacks (continued)

    • Phishing attacks

      • Phishing example

    • Distributed denial-of-service attacks

      • See botnet demonstration


Deliberate acts continued27 l.jpg
Deliberate Acts (continued)(continued)

  • Software attacks (continued)

    Can you be Phished?


Deliberate acts continued28 l.jpg
Deliberate Acts (continued) (continued)

  • Alien Software

    • Spyware (see video)

    • Spamware

    • Cookies

      • Cookie demo


Deliberate acts continued29 l.jpg
Deliberate Acts (continued) (continued)

  • Supervisory control and data acquisition (SCADA) attacks

Wireless sensor


A successful experimental scada attack l.jpg
A Successful (Experimental) SCADA (continued) Attack

Video of an experimental SCADA attack

that was successful



Slide32 l.jpg
Risk! (continued)

There is always risk!



Risk mitigation strategies l.jpg
Risk Mitigation Strategies (continued)

  • Risk Acceptance [pay no attention]

  • Risk limitation [minimize impact]

  • Risk transference [buy insurance]


Risk optimization l.jpg
Risk Optimization (continued)


Controls l.jpg
Controls (continued)

  • Physical controls

  • Access controls

  • Communications (network) controls

  • Application controls



Access controls l.jpg
Access Controls (continued)

  • Authentication

    • Something the user is (biometrics)

      • The Raytheon Personal Identification Device

    • Something the user has

    • Something the user does

    • Something the user knows

      • passwords

      • passphrases


Basic home firewall top and corporate firewall bottom l.jpg
Basic Home Firewall (continued)(top) and Corporate Firewall (bottom)




Business continuity planning backup and recovery l.jpg
Business Continuity Planning, Backup, and Recovery (continued)

  • Hot Site

  • Warm Site

  • Cold Site


Information systems auditing l.jpg
Information Systems Auditing (continued)

  • Types of Auditors and Audits

    • Internal

    • External


Is auditing procedure l.jpg
IS Auditing Procedure (continued)

  • Auditing around the computer

  • Auditing through the computer

  • Auditing with the computer


ad