1 / 20

Computer Security And Computer Crimes

Computer Security And Computer Crimes. Problem under consideration.

jamese
Download Presentation

Computer Security And Computer Crimes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Security And Computer Crimes

  2. Problem under consideration • A software flaw was found in a national bank's web site that allows anyone who knows about the flaw to read all information about other people's bank accounts. You consider it a serious privacy risk. You sent e-mail to the bank about the problem but received no answer. What should you do next? Discuss pros and cons of various possible actions.

  3. Discussions covered • Individual’s standpoint • Bank’s perspective

  4. Individual’s stand pointCustomer Decision Tree Stage I Stage II

  5. Individual’s stand point (cont’d.)[Customer Decision Tree…] (Try Again) (Take Advantage) (Do Nothing) Follow Executive Hierarchy Harmless Hacking Close Account Repetition till remedy Malicious Hacking Hactivism Eye on possibility of threats

  6. Individual’s standpoint (cont’d.)1.Take Advantage of the Situation • Use your knowledge to hack the web site • Harmless hacking • Let the bank know they have been hacked • Probably illegal • Forces the bank to confront security breach • Is this ethically justified?

  7. Individual’s standpoint (cont’d.)[ 1.Take Advantage of the Situation…] • Malicious hacking • Access accounts yourself • Disrupt service and/or steal money • Very much illegal • Severe penalties • No ethical justification

  8. Individual’s standpoint (cont’d.)[ 1.Take Advantage of the Situation…] • Hacktivism • Disrupt service • Tell other customers that web site is unsafe • Very much illegal or valid civil disobedience? • Penalties may not be as severe

  9. Individual’s standpoint (cont’d.)[ 1.Take Advantage of the Situation…] • In all three hacking examples the bank may incur serious losses • Financial • Customer relationships • Service disruptions

  10. Individual’s standpoint (cont’d.)2. Do Nothing • Close account and go away • Problem still exists • Save your own hide • No recognition of responsibility to anyone beyond yourself; socially irresponsible • Absolutely the least one can do • Don’t care about bank’s further actions

  11. Individual’s standpoint (cont’d.)3. Try again • Go up one level in complaint • Threaten to leave • Threaten to go to authorities (FDIC) • Threaten to go to media • Repeat process as necessary, through chain of command

  12. Individual’s standpoint (cont’d.)[ 3. Try again…] • Follow through on threats • Shows • Social responsibility • Customer loyalty

  13. Bank’s PerspectiveDecision Tree

  14. Bank’s Perspective1. Keep quiet about it • Don’t draw attention • Keep secret from hackers • Reliance on secrecy • Cheap • Cost of fix vs. cost of liability • Cost of exposure could have consequences beyond the cost of fixing the problem

  15. Bank’s Perspective (cont’d.) 2. Analyze and fix problem internally • Problem can be fixed without undue publicity • Minimal disruption of service • Question of competence • Can we trust the people who broke it to fix it? • Potentially most cost effective

  16. Bank’s Perspective (cont’d.) [ 2. Analyze and fix problem internally…] • Check the flaw and see if any others exist • Check on potential of IT team • Maybe hire a hacker to test other parts of the system • Let it stay within the bank

  17. Bank’s Perspective (cont’d.) 3. Third party security audit • What requires auditing? • Hardware • Software • Network • Personnel evaluation

  18. Bank’s Perspective (cont’d.) [ 3. Third party security audit …] • Question of security • Threat of exposure • Exposes secrets to outside entity

  19. Bank’s Perspective (cont’d.) • How to decide • Has anyone been injured • Loss of money • Loss of personal information • Consequences of breach becoming known • Known only to hackers • Known to general public • Ethical considerations

  20. Comments / Questions

More Related