information, people $ threats

39
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved Chapter 8 Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats and Safeguards Threats and Safeguards

description

 

Transcript of information, people $ threats

Page 1: information, people $ threats

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved

Chapter 8Chapter 8 PROTECTING PEOPLE AND INFORMATION

Threats and SafeguardsThreats and Safeguards

Page 2: information, people $ threats

8-2

THEY KNOW ABOUT 96% OF AMERICAN HOUSEHOLDS

o Customers: 9 of the 10 largest credit-card issuers

o Acxiom has 20 billion records on – 110 million people– 96% of households

o Makes and sells lists to customerso Merges and protects databases

Page 3: information, people $ threats

8-3

Case Study Questions

1. Do you feel comfortable about so many people collecting information about you and distributing it freely?

2. Is it an invasion of your privacy or just good business?

3. Should there be any laws regulating the collection and use of data by data brokers?

Page 4: information, people $ threats

8-4

INTRODUCTION

o Handling information responsibly means understanding the following issues– Ethics– Personal privacy– Threats to information– Protection of information

o Technology makes breaking the rules easier - ?????

Page 5: information, people $ threats

8-5

ETHICS

o Ethics – the principles and standards that guide our behavior toward other people

o Ethics are rooted in history, culture, and religion

o Example? Different cultures?

Page 6: information, people $ threats

8-6

Factors the Determine How You Decide Ethical Issues

o Actions in ethical dilemmas determined by– Your basic ethical structure– The circumstances of the situation

o Your basic ethical structure determines what you consider to be– Minor ethical violations– Serious ethical violations– Very serious ethical violations

Page 7: information, people $ threats

8-7

Basic Ethical Structure

Page 8: information, people $ threats

8-8

Circumstances of the Situation

1. Consequences of the action or inaction

2. Society’s opinion of the action or inaction

3. Likelihood of effect of action or inaction

4. Time to consequences of action or inaction

5. Relatedness of people who will be affected by action or inaction

6. Reach of result of action or inaction

Page 9: information, people $ threats

8-9

Intellectual Property

o Intellectual property – intangible creative work that is embodied in physical form

o Copyright – legal protection afforded an expression of an idea

o Fair Use Doctrine – may use copyrighted material in certain situations

Page 10: information, people $ threats

8-10

Intellectual Property

o Using copyrighted software without permission violates copyright law

o Pirated software – the unauthorized use, duplication, distribution, or sale of copyrighted software

Page 11: information, people $ threats

8-11

PRIVACY

o Privacy – the right to left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent

o Dimensions of privacy– Psychological: to have a sense of control– Legal: to be able to protect yourself

Page 12: information, people $ threats

8-12

Privacy and Other Individuals

o Key logger (key trapper) software – a program that, when installed on a computer, records every keystroke and mouse click

o Screen capture programs – capture screen from video card

o E-mail is stored on many computers as it travels from sender to recipient

o Hardware key logger – hardware device that captures keystrokes moving between keyboard and motherboard.

o Event Data Recorders (EDR) – located in the airbag control module and collects data from your car as you are driving.

Page 13: information, people $ threats

8-13

An E-Mail is Stored on Many Computers

Page 14: information, people $ threats

8-14

Identity Theft

Why make calls when a computer can do it?

Page 15: information, people $ threats

8-15

Page 16: information, people $ threats

8-16

Identity Theft

o Identity theft – the forging of someone’s identity for the purpose of fraud

Page 17: information, people $ threats

8-17

Identity Theft

o Phishing (carding, brand spoofing) – a technique to gain personal information for the purpose of identity theft

o NEVER– Reply without question to an e-mail asking for personal information– Click directly on a Web site provided in such an e-mail

Page 18: information, people $ threats

8-18

Pharming

o Pharming - rerouting your request for a legitimate Web site – sending it to a slightly different Web address

– or by redirecting you after you are already on the legitimate site

o Pharming is accomplished by gaining access to the giant databases that Internet providers use to route Web traffic.

o It often works because it’s hard to spot the tiny difference in the Web site address.

Page 19: information, people $ threats

8-19

Privacy and Employees

o Companies need information about their employees to run their business effectively

o As of March 2005, – 60% of employers monitored employee e-mails– 70% of Web traffic occurs during work hours– 78% of employers reported abuse– 60% employees admitted abuse

Page 20: information, people $ threats

8-20

Privacy and Employees

o Cyberslacking – misuse of company resourceso Visiting inappropriate siteso Gaming, chatting, stock trading, social

networking, etc.

Page 21: information, people $ threats

8-21

Reasons for Monitoring

o Hire the best people possibleo Ensure appropriate behavior on the

jobo Avoid litigation for employee

misconduct

Page 22: information, people $ threats

8-22

Privacy and Consumers

o Consumers want businesses to– Know who they are, but not to know too

much– Provide what they want, but not gather

information on them

o Let them know about products, but not pester them with advertising

o Yet your computer has information about you…..

Page 23: information, people $ threats

8-23

Cookies

o Cookie – a small file that contains information about you and your Web activities, which a Web site places on your computer

o Handle cookies by using– Web browser cookie management option

Page 24: information, people $ threats

8-24

Spam

o Spam – unsolicited e-mail from businesses advertising goods and services

o Gets past spam filters by – Inserting extra characters– Inserting HTML tags that do nothing– Replying usually increases, rather than

decreases, amount of spam

o This can be filtered at the server level and therefore never get to you

Page 25: information, people $ threats

8-25

Adware and Spyware

o Adware – software to generate ads that installs itself when you download another program

o Spyware (sneakware, stealthware) – software that comes hidden in downloaded software and helps itself to your computer resources

Page 26: information, people $ threats

8-26

Adware in Free Version of Eudora

Page 27: information, people $ threats

8-27

Trojan Horse Software

o Trojan horse software – software you don’t want inside software you do want

o Some ways to detect Trojan horse software– AdAware at www.lavasoftUSA.com – The Cleaner at www.moosoft.com – Trojan First Aid Kit (TFAK) at

www.wilders.org – Check it out before you download at

www.spychecker.com

Page 28: information, people $ threats

8-28

Web Logso Web log – one line of information for every

visitor to a Web siteo Clickstream – records information about you

during a Web surfing session such as what Web sites you visited, how long you were there, what ads you looked at, and what you bought.

o Anonymous Web browsing (AWB) – hides your identity from the Web sites you visit– The Anonymizer at www.anonymizer.com – SuftSecret at www.surfsecret.com

Page 29: information, people $ threats

8-29

Privacy and Government Agencies

o About 2,000 government agencies have databases with information on people

o Government agencies need information to operate effectively

o Whenever you are in contact with government agency, you leave behind information about yourself

Page 30: information, people $ threats

8-30

Government Agencies Storing Personal Information

o Law enforcement– NCIC (National Crime Information Center)– FBI

o Electronic Surveillance– Carnivore or DCS-1000– Magic Lantern (software key logger)– NSA (National Security Agency)– Echelon collect electronic information by

satellite

Page 31: information, people $ threats

8-31

Government Agencies Storing Personal Information

o IRSo Census Bureau o Student loan serviceso Social Security Administrationo Social service agencieso Department of Motor Vehicles

Page 32: information, people $ threats

8-32

SECURITY AND EMPLOYEES

o Attacks on information and computer resources come from inside and outside the company

o Computer sabotage costs about $10 billion per year

o In general, employee misconduct is

more costly than assaults from outside

Page 33: information, people $ threats

8-33

Security and Outside Threats

o Hackers – knowledgeable computer users who use their knowledge to invade other people's computers

o Computer virus (virus) – software that is written with malicious intent to cause annoyance or damage

o Worm – type of virus that spreads itself from computer to computer usually via e-mail

o Denial-of-service (DoS) attack – floods a Web site with so many requests for service that it slows down or crashes

Page 34: information, people $ threats

8-34

Computer Viruses Can’t

o Hurt your hardware– Ex: Monitors, printers, processors, etc.

o Hurt any files they weren’t designed to attack– Ex: A worm designed to attack Outlook

won’t attack other e-mail programs

o Infect files on write-protected media

Page 35: information, people $ threats

8-35

How fast can a “worm” spread“The Sapphire worm”

Page 36: information, people $ threats

8-36

74855 infected in 30 minutes

Page 37: information, people $ threats

8-37

Security Measures

1. Anti-virus software – detects and removes or quarantines computer viruses

2. Anti-spyware and anti-adware software

3. Spam protection software – identifies and marks and/or deletes Spam

4. Anti-phishing software – lets you know when phishing attempts are being made

5. Firewall – hardware and/or software that protects a computer or network from intruders

Page 38: information, people $ threats

8-38

Security Measures

5. Anti-rootkit software – stops outsiders taking control of your machine

6. Encryption – scrambles the contents of a file so that you can’t read it without the decryption key – hard drive specific

7. Biometrics – the use of physiological characteristics for identification purposes

Page 39: information, people $ threats

8-39

o Management is fully responsible for what happens with their – Servers– Communications network . Ex. WIFI– Workstations and personal computers

o The greatest threat is from the internet and without it ???????????????