chapter 3 l.
Skip this Video
Loading SlideShow in 5 Seconds..
CHAPTER 3 PowerPoint Presentation
Download Presentation

Loading in 2 Seconds...

play fullscreen
1 / 44

CHAPTER 3 - PowerPoint PPT Presentation

  • Uploaded on

CHAPTER 3 Ethics, Privacy and Information Security CHAPTER OUTLINE 3.1 Ethical Issues 3.2 Threats to Information Security 3.3 Protecting Information Resources Ethical Issues Ethics Code of Ethics Fundamental Tenets of Ethics Responsibility Accept consequences of actions

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
chapter 3


Ethics, Privacy and Information Security

chapter outline

3.1 Ethical Issues

3.2 Threats to Information Security

3.3 Protecting Information Resources

ethical issues
Ethical Issues
  • Ethics
  • Code of Ethics
fundamental tenets of ethics
Fundamental Tenets of Ethics
  • Responsibility
    • Accept consequences of actions
  • Accountability
    • Who is responsible for actions
  • Liability
    • Right to recover damages
the four categories of ethical issues
The Four Categories of Ethical Issues
  • Privacy Issues
  • Accuracy Issues
  • Property Issues
  • Accessibility Issues
  • See Table 3.1
privacy issues
Privacy Issues

How much privacy do we have left?

  • Privacy. The right to be left alone and to be free of unreasonable personal intrusions.
  • Court decisions have followed two rules:

(1) The right of privacy is not absolute. Your privacy must be balanced against the needs of society.

(2) The public’s right to know is superior to the individual’s right of privacy.

threats to privacy
Threats to Privacy
  • Data aggregators, digital dossiers, and profiling
  • Electronic Surveillance
  • Personal Information in Databases
  • Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites
electronic surveillance
Electronic Surveillance
  • See "The State of Surveillance" article in BusinessWeek
  • See the surveillance slideshow
  • See additional surveillance slides
  • And you think you have privacy? (video)
personal information in databases
Personal Information in Databases
  • Banks
  • Utility companies
  • Government agencies
  • Credit reporting agencies
social networking sites can cause you problems
Social Networking Sites Can Cause You Problems

Anyone can post derogatory information about you anonymously.

(See this Washington Post article.)

You can also hurt yourself, as this article shows [35% of employers do Google searchers and 23% search on social networks]

what can you do
What Can You Do?

First, be careful what information you post on social networking sites.

Second, a company, ReputationDefender, says it can remove derogatory information from the Web.

protecting privacy
Protecting Privacy
  • Privacy Codes and Policies
    • Opt-out Model [collect info until you request otherwise]
    • Opt-in Model [collect info only after you authorize it]
factors increasing the threats to information security
Factors Increasing the Threats to Information Security
  • Today’s interconnected, interdependent, wirelessly-networked business environment
  • Government legislation [HIPAA]
  • Smaller, faster, cheaper computers and storage devices
  • Decreasing skills necessary to be a computer hacker
factors increasing the threats to information security continued
Factors Increasing the Threats to Information Security (continued)
  • International organized crime turning to cybercrime
  • Downstream liability
  • Increased employee use of unmanaged devices [Wi-Fi networks]
  • Lack of management support
key information security terms
Key Information Security Terms
  • Threat [danger to system of exposure]
  • Exposure [harm, loss, damage due to threat]
  • Vulnerability [possibility of suffering harm by threat]
  • Risk [Likelihood that a threat will occur]
  • Information system controls [preventive measures]
human errors
Human Errors
  • Tailgating
  • Shoulder surfing
  • Carelessness with laptops and portable computing devices
  • Opening questionable e-mails
  • Careless Internet surfing
  • Poor password selection and use
  • And more
most dangerous employees
Most Dangerous Employees

Human resources and MIS

Remember, these employees hold ALL the information

social engineering
Social Engineering
  • 60 Minutes Interview with Kevin Mitnick, the “King of Social Engineering”
  • Kevin Mitnick served several years in a federal prison. Upon his release, he opened his own consulting firm, advising companies on how to deter people like him,
    • See his company here
deliberate acts continued
Deliberate Acts (continued)
  • Software attacks [see table 3.4, pp. 77]
    • Virus
    • Worm
      • 1988: first widespread worm, created by Robert T. Morris, Jr.
      • (see the rapid spread of the Slammer worm)

Deliberate Acts (continued)

  • Software attacks (continued)
    • Phishing attacks
      • Phishing example
    • Distributed denial-of-service attacks
      • See botnet demonstration
deliberate acts continued27
Deliberate Acts (continued)
  • Software attacks (continued)

Can you be Phished?

deliberate acts continued28
Deliberate Acts (continued)
  • Alien Software
    • Spyware (see video)
    • Spamware
    • Cookies
      • Cookie demo
deliberate acts continued29
Deliberate Acts (continued)
  • Supervisory control and data acquisition (SCADA) attacks

Wireless sensor

a successful experimental scada attack
A Successful (Experimental) SCADA Attack

Video of an experimental SCADA attack

that was successful


There is always risk!

risk mitigation strategies
Risk Mitigation Strategies
  • Risk Acceptance [pay no attention]
  • Risk limitation [minimize impact]
  • Risk transference [buy insurance]
  • Physical controls
  • Access controls
  • Communications (network) controls
  • Application controls
access controls
Access Controls
  • Authentication
    • Something the user is (biometrics)
      • The Raytheon Personal Identification Device
    • Something the user has
    • Something the user does
    • Something the user knows
      • passwords
      • passphrases
information systems auditing
Information Systems Auditing
  • Types of Auditors and Audits
    • Internal
    • External
is auditing procedure
IS Auditing Procedure
  • Auditing around the computer
  • Auditing through the computer
  • Auditing with the computer