CHAPTER 8CHAPTER 8

PROTECTING PEOPLE AND PROTECTING PEOPLE AND INFORMATIONINFORMATION

Threats and SafeguardsThreats and Safeguards

Open surgery is on the decline while IT-supported surgery is on the increase.

Opening Case: Opening Case: Transformations in Medicine Transformations in Medicine

Mean Better LivesMean Better Lives

INTRODUCTIONINTRODUCTION

Handling information responsibly Handling information responsibly means understanding the following means understanding the following issuesissues EthicsEthics Personal privacyPersonal privacy Threats to informationThreats to information Protection of informationProtection of information

ETHICSETHICS

EthicsEthics the principles and standards that guide the principles and standards that guide

our behavior toward other peopleour behavior toward other peopleEthics are rooted in history, culture, Ethics are rooted in history, culture, and religionand religion

Factors the Determine How Factors the Determine How You Decide Ethical IssuesYou Decide Ethical Issues

Actions in Actions in ethical ethical dilemmas dilemmas determined bydetermined by

Your basic Your basic ethical ethical structurestructure

The The circumstanccircumstances of the es of the situationsituation

Intellectual PropertyIntellectual Property

Intellectual propertyIntellectual property CopyrightCopyright Fair Use DoctrineFair Use Doctrine Pirated softwarePirated software

Using copyrighted software without Using copyrighted software without permission violates copyright lawpermission violates copyright law

PRIVACYPRIVACY

PrivacyPrivacy the right to left alone when you want to the right to left alone when you want to

be, to have control over your own be, to have control over your own personal possessions, and not to be personal possessions, and not to be observed without your consentobserved without your consent

Dimensions of privacyDimensions of privacy Psychological: to have a sense of controlPsychological: to have a sense of control Legal: to be able to protect yourselfLegal: to be able to protect yourself

Privacy and Other Privacy and Other IndividualsIndividuals

Key logger (key trapper) softwareKey logger (key trapper) software a program that, when installed on a computer, records a program that, when installed on a computer, records

every keystroke and mouse clickevery keystroke and mouse click Screen capture programsScreen capture programs

capture screen from video cardcapture screen from video card Hardware key logger Hardware key logger

hardware device that captures keystrokes moving hardware device that captures keystrokes moving between keyboard and motherboard.between keyboard and motherboard.

Event Data Recorders (EDR)Event Data Recorders (EDR) located in the airbag control module and collects data located in the airbag control module and collects data

from your car as you are driving.from your car as you are driving.

An E-Mail is Stored on Many An E-Mail is Stored on Many ComputersComputers

E-mail is stored on many computers as it travels from sender to recipient

Identity TheftIdentity Theft Identity theftIdentity theft

the forging of someone’s identity for the purpose of the forging of someone’s identity for the purpose of fraudfraud

Identity TheftIdentity Theft

Phishing (carding, brand spoofing)Phishing (carding, brand spoofing) http://www.youtube.com/watch?v=7MtYVSGe1ME Spear PhishingSpear Phishing WhalingWhaling NEVERNEVER

Reply without question to an e-mail asking Reply without question to an e-mail asking for personal informationfor personal information

Click directly on a Web site provided in Click directly on a Web site provided in such an e-mailsuch an e-mail

Identify TheftIdentify Theft PharmingPharming

rerouting your request for a legitimate Web rerouting your request for a legitimate Web site site

sending it to a slightly different Web sending it to a slightly different Web addressaddress

or by redirecting you after you are already or by redirecting you after you are already on the legitimate siteon the legitimate site

Pharming is accomplished by gaining access Pharming is accomplished by gaining access to the giant databases that Internet providers to the giant databases that Internet providers use to route Web traffic. use to route Web traffic.

It often works because it’s hard to spot the It often works because it’s hard to spot the tiny difference in the Web site address.tiny difference in the Web site address.

Privacy and EmployeesPrivacy and Employees Companies need information about their Companies need information about their

employees to run their business effectivelyemployees to run their business effectively 60% of employers monitor employee e-mails60% of employers monitor employee e-mails 70% of Web traffic occurs during work hours70% of Web traffic occurs during work hours 78% of employers reported abuse78% of employers reported abuse 60% employees admitted abuse60% employees admitted abuse

Cyberslacking Cyberslacking Visiting inappropriate sitesVisiting inappropriate sites Gaming, chatting, stock trading, etc.Gaming, chatting, stock trading, etc.

Monitoring TechnologyMonitoring Technology

Example of cost of misuseExample of cost of misuse Watching an online fashion show uses Watching an online fashion show uses

as much bandwidth as downloading the as much bandwidth as downloading the entire entire Encyclopedia BritannicaEncyclopedia Britannica

Reasons for monitoringReasons for monitoring Hire the best people possibleHire the best people possible Ensure appropriate behavior on the jobEnsure appropriate behavior on the job Avoid litigation for employee misconductAvoid litigation for employee misconduct

Privacy and ConsumersPrivacy and Consumers

Consumers want businesses toConsumers want businesses to Know who they are, but not to know too Know who they are, but not to know too

muchmuch Provide what they want, but not gather Provide what they want, but not gather

information on theminformation on them Let them know about products, but not Let them know about products, but not

pester them with advertisingpester them with advertising

Consumer Privacy IssuesConsumer Privacy Issues

CookieCookie SpamSpam

Replying usually increases, rather than Replying usually increases, rather than decreases, amount of spamdecreases, amount of spam

Adware and Trojan horse softwareAdware and Trojan horse software Spyware (sneakware, Spyware (sneakware,

stealthware)stealthware)

Web logWeb log ClickstreamClickstream

Privacy and Government Privacy and Government AgenciesAgencies

About 2,000 government agencies About 2,000 government agencies have databases with information on have databases with information on peoplepeople

Government agencies need Government agencies need information to operate effectivelyinformation to operate effectively

Whenever you are in contact with Whenever you are in contact with government agency, you leave government agency, you leave behind information about yourselfbehind information about yourself

Government Agencies Government Agencies Storing Personal InformationStoring Personal InformationLaw enforcementLaw enforcement

NCIC (National Crime Information Center)NCIC (National Crime Information Center) FBIFBI

Electronic SurveillanceElectronic Surveillance Carnivore or DCS-1000Carnivore or DCS-1000 Magic Lantern (software key logger)Magic Lantern (software key logger) NSA (National Security Agency)NSA (National Security Agency) Echelon collect electronic information by Echelon collect electronic information by

satellitesatellite

Government Agencies Government Agencies Storing Personal InformationStoring Personal Information IRSIRSCensus BureauCensus BureauStudent loan servicesStudent loan servicesFICAFICASocial Security AdministrationSocial Security AdministrationSocial service agenciesSocial service agenciesDepartment of Motor VehiclesDepartment of Motor Vehicles

Laws on PrivacyLaws on Privacy

Health Insurance Portability and Health Insurance Portability and Accountability Act (HIPAA)Accountability Act (HIPAA) protects personal health informationprotects personal health information

Financial Services Modernization ActFinancial Services Modernization Act requires that financial institutions protect requires that financial institutions protect

personal customer informationpersonal customer informationOther laws in Figure 8.6 on page 243Other laws in Figure 8.6 on page 243

SECURITY AND EMPLOYEESSECURITY AND EMPLOYEES

Attacks on information and computer Attacks on information and computer resources come from inside and resources come from inside and outside the companyoutside the company

Computer sabotage costs about $400 Computer sabotage costs about $400 billion per yearbillion per year

In general, employee misconduct is In general, employee misconduct is more costly than assaults from more costly than assaults from outsideoutside

Security and EmployeesSecurity and Employees

Security and Outside Security and Outside ThreatsThreats

HackersHackers knowledgeable computer users who use their knowledgeable computer users who use their

knowledge to invade other people's computersknowledge to invade other people's computers Computer virus (virus)Computer virus (virus)

software that is written with malicious intent to software that is written with malicious intent to cause annoyance or damagecause annoyance or damage

WormWorm type of virus that spreads itself from computer type of virus that spreads itself from computer

to computer usually via e-mailto computer usually via e-mail Denial-of-service (DoS) attackDenial-of-service (DoS) attack

floods a Web site with so many requests for floods a Web site with so many requests for service that it slows down or crashesservice that it slows down or crashes

Security MeasuresSecurity Measures1.1. Anti-virus softwareAnti-virus software – detects and removes – detects and removes

or quarantines computer virusesor quarantines computer viruses

2.2. Anti-spyware and anti-adware softwareAnti-spyware and anti-adware software

3.3. Spam protection softwareSpam protection software – identifies and – identifies and marks and/or deletes Spammarks and/or deletes Spam

4.4. Anti-phishing software Anti-phishing software – – lets you know lets you know when phishing attempts are being madewhen phishing attempts are being made

5.5. FirewallFirewall – hardware and/or software that – hardware and/or software that protects a computer or network from protects a computer or network from intrudersintruders

Security MeasuresSecurity Measures6.6. EncryptionEncryption – scrambles the contents of a – scrambles the contents of a

file so that you can’t read it without the file so that you can’t read it without the decryption keydecryption key

7.7. Public Key Encryption (PKE)Public Key Encryption (PKE) – an – an encryption system with two keys: a public encryption system with two keys: a public for everyone and a private one for the for everyone and a private one for the recipientrecipient

8.8. BiometricsBiometrics – the use of physiological – the use of physiological characteristics for identification purposescharacteristics for identification purposes