CHAPTER 3 - PowerPoint PPT Presentation

Chapter 3 l.jpg
Download
1 / 44

CHAPTER 3 Ethics, Privacy and Information Security CHAPTER OUTLINE 3.1 Ethical Issues 3.2 Threats to Information Security 3.3 Protecting Information Resources Ethical Issues Ethics Code of Ethics Fundamental Tenets of Ethics Responsibility Accept consequences of actions

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

CHAPTER 3

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Chapter 3 l.jpg

CHAPTER 3

Ethics, Privacy and Information Security


Chapter outline l.jpg

CHAPTER OUTLINE

3.1 Ethical Issues

3.2 Threats to Information Security

3.3 Protecting Information Resources


Ethical issues l.jpg

Ethical Issues

  • Ethics

  • Code of Ethics


Fundamental tenets of ethics l.jpg

Fundamental Tenets of Ethics

  • Responsibility

    • Accept consequences of actions

  • Accountability

    • Who is responsible for actions

  • Liability

    • Right to recover damages


The four categories of ethical issues l.jpg

The Four Categories of Ethical Issues

  • Privacy Issues

  • Accuracy Issues

  • Property Issues

  • Accessibility Issues

  • See Table 3.1


Privacy issues l.jpg

Privacy Issues

How much privacy do we have left?


Privacy l.jpg

Privacy

  • Privacy. The right to be left alone and to be free of unreasonable personal intrusions.

  • Court decisions have followed two rules:

    (1) The right of privacy is not absolute. Your privacy must be balanced against the needs of society.

    (2) The public’s right to know is superior to the individual’s right of privacy.


Threats to privacy l.jpg

Threats to Privacy

  • Data aggregators, digital dossiers, and profiling

  • Electronic Surveillance

  • Personal Information in Databases

  • Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites


Electronic surveillance l.jpg

Electronic Surveillance

  • See "The State of Surveillance" article in BusinessWeek

  • See the surveillance slideshow

  • See additional surveillance slides

  • And you think you have privacy? (video)


Personal information in databases l.jpg

Personal Information in Databases

  • Banks

  • Utility companies

  • Government agencies

  • Credit reporting agencies


Information on internet bulletin boards newsgroups and social networking sites l.jpg

Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites


Social networking sites can cause you problems l.jpg

Social Networking Sites Can Cause You Problems

Anyone can post derogatory information about you anonymously.

(See this Washington Post article.)

You can also hurt yourself, as this article shows [35% of employers do Google searchers and 23% search on social networks]


What can you do l.jpg

What Can You Do?

First, be careful what information you post on social networking sites.

Second, a company, ReputationDefender, says it can remove derogatory information from the Web.


Protecting privacy l.jpg

Protecting Privacy

  • Privacy Codes and Policies

    • Opt-out Model [collect info until you request otherwise]

    • Opt-in Model [collect info only after you authorize it]


3 2 threats to information security l.jpg

3.2 Threats to Information Security


Factors increasing the threats to information security l.jpg

Factors Increasing the Threats to Information Security

  • Today’s interconnected, interdependent, wirelessly-networked business environment

  • Government legislation [HIPAA]

  • Smaller, faster, cheaper computers and storage devices

  • Decreasing skills necessary to be a computer hacker


Factors increasing the threats to information security continued l.jpg

Factors Increasing the Threats to Information Security (continued)

  • International organized crime turning to cybercrime

  • Downstream liability

  • Increased employee use of unmanaged devices [Wi-Fi networks]

  • Lack of management support


Key information security terms l.jpg

Key Information Security Terms

  • Threat [danger to system of exposure]

  • Exposure [harm, loss, damage due to threat]

  • Vulnerability [possibility of suffering harm by threat]

  • Risk [Likelihood that a threat will occur]

  • Information system controls [preventive measures]


Security threats figure 3 1 l.jpg

Security Threats (Figure 3.1)


Human errors l.jpg

Human Errors

  • Tailgating

  • Shoulder surfing

  • Carelessness with laptops and portable computing devices

  • Opening questionable e-mails

  • Careless Internet surfing

  • Poor password selection and use

  • And more


Anti tailgating door l.jpg

Anti-Tailgating Door


Shoulder surfing l.jpg

Shoulder Surfing


Most dangerous employees l.jpg

Most Dangerous Employees

Human resources and MIS

Remember, these employees hold ALL the information


Social engineering l.jpg

Social Engineering

  • 60 Minutes Interview with Kevin Mitnick, the “King of Social Engineering”

  • Kevin Mitnick served several years in a federal prison. Upon his release, he opened his own consulting firm, advising companies on how to deter people like him,

    • See his company here


Deliberate acts continued l.jpg

Deliberate Acts (continued)

  • Software attacks [see table 3.4, pp. 77]

    • Virus

    • Worm

      • 1988: first widespread worm, created by Robert T. Morris, Jr.

      • (see the rapid spread of the Slammer worm)


Slide26 l.jpg

Deliberate Acts (continued)

  • Software attacks (continued)

    • Phishing attacks

      • Phishing example

    • Distributed denial-of-service attacks

      • See botnet demonstration


Deliberate acts continued27 l.jpg

Deliberate Acts (continued)

  • Software attacks (continued)

    Can you be Phished?


Deliberate acts continued28 l.jpg

Deliberate Acts (continued)

  • Alien Software

    • Spyware (see video)

    • Spamware

    • Cookies

      • Cookie demo


Deliberate acts continued29 l.jpg

Deliberate Acts (continued)

  • Supervisory control and data acquisition (SCADA) attacks

Wireless sensor


A successful experimental scada attack l.jpg

A Successful (Experimental) SCADA Attack

Video of an experimental SCADA attack

that was successful


3 3 protecting information resources l.jpg

3.3 Protecting Information Resources


Slide32 l.jpg

Risk!

There is always risk!


And then there is real risk l.jpg

And then there is real risk!


Risk mitigation strategies l.jpg

Risk Mitigation Strategies

  • Risk Acceptance [pay no attention]

  • Risk limitation [minimize impact]

  • Risk transference [buy insurance]


Risk optimization l.jpg

Risk Optimization


Controls l.jpg

Controls

  • Physical controls

  • Access controls

  • Communications (network) controls

  • Application controls


Where defense mechanisms controls are located l.jpg

Where Defense Mechanisms (Controls) Are Located


Access controls l.jpg

Access Controls

  • Authentication

    • Something the user is (biometrics)

      • The Raytheon Personal Identification Device

    • Something the user has

    • Something the user does

    • Something the user knows

      • passwords

      • passphrases


Basic home firewall top and corporate firewall bottom l.jpg

Basic Home Firewall (top) and Corporate Firewall (bottom)


How digital certificates work l.jpg

How Digital Certificates Work


Virtual private network and tunneling l.jpg

Virtual Private Network and Tunneling


Business continuity planning backup and recovery l.jpg

Business Continuity Planning, Backup, and Recovery

  • Hot Site

  • Warm Site

  • Cold Site


Information systems auditing l.jpg

Information Systems Auditing

  • Types of Auditors and Audits

    • Internal

    • External


Is auditing procedure l.jpg

IS Auditing Procedure

  • Auditing around the computer

  • Auditing through the computer

  • Auditing with the computer


  • Login