ch15 power point
DESCRIPTION
TRANSCRIPT
![Page 1: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/1.jpg)
Chapter 15Information Copyright and Fair
Use and Network Security
![Page 2: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/2.jpg)
Objectives
• Explore information fair use and copyright restrictions.
• Describe processes for securing information in a computer network.
• Identify various methods of user authentication and relate authentication to security of a network.
• Explain methods to anticipate and prevent typical threats to network security.
![Page 3: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/3.jpg)
Fair Use of Information and Sharing
• Copyright laws in the world of technology are notoriously misunderstood.
• The same copyright laws that cover physical books, artwork, and other creative material are still applicable in the digital world.
![Page 4: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/4.jpg)
Fair Use of Information and Sharing
• Almost all software, music CDs, and movie DVDs come with restrictions of how and when copies may be made.
• Most computer software developers allow for a backup copy of the software without restriction.
• Technology advances have made the sharing of information easy and extremely fast, thus open to violations of copyright and fair use.
![Page 5: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/5.jpg)
Fair Use of Information and Sharing
• Avoid downloading music illegally from the Internet and do not use information from the Internet without permission to do so or citing the reference appropriately.
• Health care organizations that allow access to the Internet from a network computer should ensure that users are well aware of and compliant with copyright and fair use principles.
![Page 6: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/6.jpg)
Fair use• Permits the limited use of original works
without copyright holder’s permission.• An example would be quoting or citing an
author in a scholarly manuscript.• The user is responsible for developing
appropriate citations. • Citing inappropriately or not at all is
plagiarism.
![Page 7: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/7.jpg)
Securing Network Information
• The linking of computers together and to the outside creates the possibility of a breach of network security, and exposes the information to unauthorized use.
• The three main areas of secure network information are confidentiality, availability, and integrity.
![Page 8: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/8.jpg)
Confidentiality
• Safeguarding all personal information by ensuring that access is limited to only those who are authorized.
• “Shoulder surfing” or watching over someone’s back as they are working, is still a major way that confidentiality is compromised.
![Page 9: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/9.jpg)
Acceptable Use
• Organizations protect the availability of their networks with an acceptable use policy.
• Defines the types of activities that are acceptable and not acceptable on the corporate computer network
• Defines the consequences for violations.
![Page 10: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/10.jpg)
Information Integrity
• Quality and accuracy of networked information
• Organizations need clear policies to clarify:– how data is actually inputted, – who has the authorization to change such data
and – to track how and when data are changed and
by whom.
![Page 11: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/11.jpg)
Authentication of Users
• Authentication of employees is also used by organizations in their security policies.
• Organizations authenticate by:– something the user knows (password), – something the user has (ID badge), or – something the user is (biometrics)
![Page 12: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/12.jpg)
More About Authentication• Policies typically include the enforcement
of changing passwords every thirty or sixty days.
• Biometric devices include recognizing thumb prints, retina patterns or facial patterns.
• Organizations may use a combination of these types of authentication.
![Page 13: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/13.jpg)
Threats to Security
• A 2003 nationwide survey by the Computing Technology Industry Association (CompTIA) found that human error was the most likely cause of problems with security breaches.
• The first line of defense is strictly physical. • The power of a locked door, an operating system
that locks down after five minutes of inactivity, and regular security training programs are extremely effective.
![Page 14: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/14.jpg)
Threats to Security
• One way to address this physical security risk is to limit the authorization to ‘write’ files to a device.
• Organizations are also ‘turning’ off the CD/DVD burners and USB ports on company desktops.
![Page 15: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/15.jpg)
Threats to Security
• The most common threats a corporate network faces from the outside world are hackers, malicious code (spyware, viruses, worms, Trojan horses) and the malicious insider.
• Spyware is normally controlled by limiting functions of the browser used to surf the Internet.
![Page 16: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/16.jpg)
Cookies
• A “cookie” is a very small file written to the hard drive of a user surfing the Internet.
• On the negative side, cookies can also follow the user’s travels on the Internet.
• Spying cookies related to marketing typically do not track keystrokes to steal user ids and passwords.
![Page 17: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/17.jpg)
Threats to Security
• Spyware that does steal user ids and passwords contains malicious code that is normally hidden in a seemingly innocent file download.
• Another huge threat to corporate security is social engineering, or the manipulation of a relationship based on one’s position in an organization.
![Page 18: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/18.jpg)
Malicious Insider
• The number one security threat to a corporate network is the malicious insider.
• There is also software available to track and thus monitor employee activity.
• Depending on the number of employees, organizations may also employ a full time electronic auditor who does nothing but monitor activity logs.
![Page 19: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/19.jpg)
Security Tools
• There are a wide range of tools available to an organization to protect the organizational network and information.
• These tools can be either a software solution such as antivirus software or a hardware tool such as a proxy server.
![Page 20: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/20.jpg)
Security Tools
• E-mail scanning software and antivirus software should never be turned off and updates should be run weekly, and ideally, daily.
• Software is also available to scan instant messages and to automatically delete spam e-mail.
![Page 21: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/21.jpg)
Firewalls
• A firewall can be either hardware or software or a combination of both.
• A firewall can be set up to examines traffic to and from the network
• Firewalls are basically electronic security guards at the gate of the corporate network.
![Page 22: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/22.jpg)
Proxy Servers• Hardware security tool to help protect the
organization against security breaches by:– preventing users from directly accessing the
Internet from corporate computers. – Issuing masks to protect the identity of a
corporation’s employees accessing the World Wide Web.
– tracking which employees are using which masks and directing the traffic appropriately.
![Page 23: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/23.jpg)
Intrusion detection systems• Hardware and software to monitor who is
using the organizational network and what files that user has accessed.
• Corporations must diligently monitor for unauthorized access of their networks.
• Remember: Any use of a secured network leaves a digital footprint that can be easily tracked by electronic auditing software.
![Page 24: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/24.jpg)
Offsite Use of Portable Devices
• Off site uses of portable devices such as laptops, PDA’s, home computing systems, smart phones, and portable data storage devices can help to streamline the delivery of health care.
• Some agencies have developed a virtual private network (VPN) that the user must log in to in order to reach the network.
• The VPN ensures that all data transmitted via this gateway is encrypted.
![Page 25: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/25.jpg)
Offsite Use of Portable Devices
• Only essential data for the job should be contained on the mobile device, and other non-clinical information such as a social security numbers should never be carried outside the secure network.
• The agency is ultimately responsible for the integrity of the data contained on these devices as required by HITECH and HIPAA regulations.
![Page 26: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/26.jpg)
Offsite Use of Portable Devices• If a device is lost or stolen, the agency must have clear
procedures in place to help insure that sensitive data does not get released or used inappropriately.
• The Department of Health and Human Services (2006) identifies potential risks and proposes risk management strategies for accessing, storing, and transmitting EPHI. Visit this website for detailed tabular information (p 4-6) on potential risks and risk management strategies: http://www.cms.hhs.gov/SecurityStandard/Downloads/SecurityGuidanceforRemoteUseFinal122806.pdf
![Page 27: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/27.jpg)
Thought Provoking Questions
1. Jean, a diabetes nurse educator recently read an article in an online journal that she accessed through her health agency’s database subscription. The article provided a comprehensive checklist for managing diabetes in older adults that she prints and distributes to her patients in a diabetes education class. Does this constitute fair use or is this a copyright violation?
![Page 28: Ch15 power point](https://reader033.vdocuments.site/reader033/viewer/2022051400/54beaa3a4a7959fb7c8b458c/html5/thumbnails/28.jpg)
Thought Provoking Questions2. Sue is a COPD clinic nurse enrolled in a Master’s
education program. She is interested in writing a paper on the factors that are associated with poor compliance with medical regimens and associated re-hospitalization of COPD patients. She downloads patient information from the clinic database to a thumb drive that she later accesses on her home computer. Sue understands rules about privacy of information and believes that since she is a nurse and needs this information for a graduate school assignment that she is entitled to the information. Is Sue correct in her thinking?