Chapter 9Security, Privacy,

and Ethics

• Computer Waste and Mistakes• Computer Crime• Privacy• Health Concerns

Topics:

Please turn your cell phone off.

Computer Waste & Mistakes

Chapter 9.1

3

Computer Waste

Discarded technology Unused systems Personal use of corporate time &

technology

Proper Management

4

Computer Mistakes

Data entry or capture errors Programming Errors/Bugs File Management Errors Insufficient Disaster Recovery Plan

Proper Management

5

Preventing Computer Waste & Mistakes Implement Preventive Policies and

Procedures Computer acquisition & use Individual & workgroup training Maintenance & use of computer systems Approval for applications & systems

Technology: The Dark Side

Hackers

Crackers

Viruses

Worms

Identity Theft

Trojan Horse

Spyware Scams

Computer Crime

8

Computer Crime

In 2000: 70% of companies report serious computer breaches 74% acknowledge suffering financial loss from

computer security breaches 85% report virus contamination

9

Computer As A Tool to Commit Crime

Computer systems as tools to commit crimes Used to gain access to valuable information (credit

card numbers). Two requirements

Access to the system Knowledge of how to manipulate the

system

10

Social Engineering The practice of talking a critical computer password

out of an individual Social Engineering

Dumpster Diving Searching through garbage for important pieces

of information that can help crack an organization’s computers of be used to convince someone at the company to give someone access to the computers

Cards for Sale: http://www.internetnews.com/ec-news/article.php/1467331

Computer As A Tool to Commit Crime

11

Cyberterrorist: intimidates or coerces a government or organization to advance his or her political or social objectives by launching computer-based attacks against computers, networks, and the information stored on them

Identity theft: An imposter obtains key pieces of personal identification information, such as Social Security or driver’s license numbers, in order to impersonate someone else

Computer As A Tool to Commit Crime

12

Computer As The Object Of The Crime Hacker: A person who enjoys computer

technology and spends time learning and using computer systems

Cracker (criminal hacker): A computer-savvy person who attempts to gain unauthorized or illegal access to computer systems http://www.2600.com/

13

Computer As The Object Of The Crime Script bunnies: Wannabe crackers with little

technical savvy who download programs-scripts-that automate the job of breaking into computers

Insider: An employee, disgruntled or otherwise, working solo on in concert with outsiders to compromise corporate systems

14

Computer As The Object Of The Crime Virus: a computer program capable of

attaching to disks or other files and replicating itself repeatedly, typically without the user’s knowledge or permission

Worm: an independent program that replicates its own program files until it interrupts the operation of networks and computer systems

•http://www.mcafee.com/anti-virus/default.asp?ag=1&vso=true&oemid=•http://vil.mcafee.com/dispVirus.asp?virus_k=99528

15

Computer As The Object Of The Crime Trojan Horse: a program that appears to be

useful but actually masks a destructive program

Logic bomb: an application or system virus designed to “explode” or execute at a specified time and date

16

PayPal

   We are currently performing regular maintenance of our security measures. Your account has been selected for this maintenance, and you will now be taken through a series of identity verification pages.

     Protecting the security of your PayPal account is our primary concern, and we apologize for any inconvenience this may cause.

    To update your PayPal Account, you must click the link below and complete all steps from the following page as we try to verify your identity.Click here to verify your account

Thank you for using PayPal!The PayPal Team  Please do not reply to this email. This mailbox is not monitored and you will not receive a response.

PayPal Email ID: PP468 

Computer As The Object Of The Crime: Phishing

www.apwg.com

17

Adware: any software application in which advertising banners are displayed while the program is running.

Spyware: On the Internet, spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. Spyware can get in a computer as a software virus or

as the result of installing a new program. File-sharing users beware… Xupiter (Wired article)

Ad-Aware (http://www.lavasoftusa.com/)

Adware & Spyware

18

Using AntiVirus Programs

Antivirus program: program or utility that prevents viruses and recovers from them if they infect a computer

An antivirus software should be run and updated often

19

To obtain illegal access, criminal hackers require identification numbers and passwords Password sniffer

A small program hidden in a network or a computer system that records identification numbers and passwords

Theft of data and software Theft of computer systems and

equipment

Information & Equipment Theft

20

Software piracy: the act of illegally duplicating software

Internet software piracy: illegally downloading software from the Internet

Software & Internet Software Piracy

21

Spam is unsolicited e-mail on the Internet. Internet Fraud uses the Web & Email to

solicit donations for illegitimate causes.

Spam / Fraud

22

Preventing Computer-Related Crime Crime prevention by state and federal agencies Crime prevention by corporations

Public key infrastructure (PKI): a means to enable users of an unsecured public network such as the Internet to securely and privately exchange data through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority

Biometrics: the measurement of one of a person’s traits, whether physical or behavioral

23

Table 9.8: Common Methods Used to Commit Computer Crimes

Preventing Computer-Related Crime

24

Intrusion detection system (IDS): software that monitors system and network resources and notifies network security personnel when it senses a possible intrusion

Managed security service provider (MSSP): an organization that monitors, manages, and maintains network security hardware and software for its client companies

Internet laws for libel and protection of decency

Preventing Computer-Related Crime

25

Problem Cure

Hacking Personal Firewall: ZoneAlarm, Norton, McAfee, Black Ice.

Viruses/Worms Caution: Don’t open email attachments!Antivirus Utility updated frequently: Norton or McAfee.

Phishing Do not trust anything that comes to you. You go to it.

Spyware/Spyware Caution: Read the fine print when installing software.Utility Program: Ad-Aware available at www.lavasoft.de (www.lavasoftusa.com).

Identity Theft Use Extreme Caution with private info.Trust No One.

Internet Fraud Knowledge & Caution.The Truth is Out There.

Preventing Computer-Related Crime

Privacy Issue

27

Privacy Issues

Privacy and the Federal Government Privacy Act of 1974: This national guideline

provides knowledge, and limited control (notice and consent) over your fed records.

Privacy at work E-mail privacy

Florida Sunshine Law

28

Privacy Issues: Privacy & the Internet Platform for Privacy Preferences (P3P)

A screening technology that shields users from Web sites that don’t provide the level of privacy protection they desire

P3P

29

Ethical Issues in Information Systems

“Old contract” of business: the only responsibility of business is to its stockholders and owners

“Social contract” of business: businesses are responsible to society

30

The AITP Code of Ethics

Obligation to management Obligation to fellow AITP members Obligation to society Obligation to college or university Obligation to the employer Obligation to country

31

The ACM Code of Professional Conduct Strive to achieve the highest quality,

effectiveness, and dignity in both the process and products of professional work

Acquire and maintain professional competence Know and respect existing laws pertaining to

professional work Accept and provide appropriate professional

review Give comprehensive and thorough evaluations

of computer systems and their impact, including analysis of possible risks

32

The ACM Code of Professional Conduct Honor contracts, agreements, and assigned

responsibilities Improve public understanding of computing and

its consequences Access computing and communication

resources only when authorized to do so

33

Shameless Plug

PC Security and Maintenance

Taught by yours truly!

Questions?

?? ????