chapter 9 security, privacy, and ethics computer waste and mistakes computer crime privacy health...
TRANSCRIPT
Chapter 9Security, Privacy,
and Ethics
• Computer Waste and Mistakes• Computer Crime• Privacy• Health Concerns
Topics:
Please turn your cell phone off.
3
Computer Waste
Discarded technology Unused systems Personal use of corporate time &
technology
Proper Management
4
Computer Mistakes
Data entry or capture errors Programming Errors/Bugs File Management Errors Insufficient Disaster Recovery Plan
Proper Management
5
Preventing Computer Waste & Mistakes Implement Preventive Policies and
Procedures Computer acquisition & use Individual & workgroup training Maintenance & use of computer systems Approval for applications & systems
8
Computer Crime
In 2000: 70% of companies report serious computer breaches 74% acknowledge suffering financial loss from
computer security breaches 85% report virus contamination
9
Computer As A Tool to Commit Crime
Computer systems as tools to commit crimes Used to gain access to valuable information (credit
card numbers). Two requirements
Access to the system Knowledge of how to manipulate the
system
10
Social Engineering The practice of talking a critical computer password
out of an individual Social Engineering
Dumpster Diving Searching through garbage for important pieces
of information that can help crack an organization’s computers of be used to convince someone at the company to give someone access to the computers
Cards for Sale: http://www.internetnews.com/ec-news/article.php/1467331
Computer As A Tool to Commit Crime
11
Cyberterrorist: intimidates or coerces a government or organization to advance his or her political or social objectives by launching computer-based attacks against computers, networks, and the information stored on them
Identity theft: An imposter obtains key pieces of personal identification information, such as Social Security or driver’s license numbers, in order to impersonate someone else
Computer As A Tool to Commit Crime
12
Computer As The Object Of The Crime Hacker: A person who enjoys computer
technology and spends time learning and using computer systems
Cracker (criminal hacker): A computer-savvy person who attempts to gain unauthorized or illegal access to computer systems http://www.2600.com/
13
Computer As The Object Of The Crime Script bunnies: Wannabe crackers with little
technical savvy who download programs-scripts-that automate the job of breaking into computers
Insider: An employee, disgruntled or otherwise, working solo on in concert with outsiders to compromise corporate systems
14
Computer As The Object Of The Crime Virus: a computer program capable of
attaching to disks or other files and replicating itself repeatedly, typically without the user’s knowledge or permission
Worm: an independent program that replicates its own program files until it interrupts the operation of networks and computer systems
•http://www.mcafee.com/anti-virus/default.asp?ag=1&vso=true&oemid=•http://vil.mcafee.com/dispVirus.asp?virus_k=99528
15
Computer As The Object Of The Crime Trojan Horse: a program that appears to be
useful but actually masks a destructive program
Logic bomb: an application or system virus designed to “explode” or execute at a specified time and date
16
PayPal
We are currently performing regular maintenance of our security measures. Your account has been selected for this maintenance, and you will now be taken through a series of identity verification pages.
Protecting the security of your PayPal account is our primary concern, and we apologize for any inconvenience this may cause.
To update your PayPal Account, you must click the link below and complete all steps from the following page as we try to verify your identity.Click here to verify your account
Thank you for using PayPal!The PayPal Team Please do not reply to this email. This mailbox is not monitored and you will not receive a response.
PayPal Email ID: PP468
Computer As The Object Of The Crime: Phishing
www.apwg.com
17
Adware: any software application in which advertising banners are displayed while the program is running.
Spyware: On the Internet, spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. Spyware can get in a computer as a software virus or
as the result of installing a new program. File-sharing users beware… Xupiter (Wired article)
Ad-Aware (http://www.lavasoftusa.com/)
Adware & Spyware
18
Using AntiVirus Programs
Antivirus program: program or utility that prevents viruses and recovers from them if they infect a computer
An antivirus software should be run and updated often
19
To obtain illegal access, criminal hackers require identification numbers and passwords Password sniffer
A small program hidden in a network or a computer system that records identification numbers and passwords
Theft of data and software Theft of computer systems and
equipment
Information & Equipment Theft
20
Software piracy: the act of illegally duplicating software
Internet software piracy: illegally downloading software from the Internet
Software & Internet Software Piracy
21
Spam is unsolicited e-mail on the Internet. Internet Fraud uses the Web & Email to
solicit donations for illegitimate causes.
Spam / Fraud
22
Preventing Computer-Related Crime Crime prevention by state and federal agencies Crime prevention by corporations
Public key infrastructure (PKI): a means to enable users of an unsecured public network such as the Internet to securely and privately exchange data through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority
Biometrics: the measurement of one of a person’s traits, whether physical or behavioral
24
Intrusion detection system (IDS): software that monitors system and network resources and notifies network security personnel when it senses a possible intrusion
Managed security service provider (MSSP): an organization that monitors, manages, and maintains network security hardware and software for its client companies
Internet laws for libel and protection of decency
Preventing Computer-Related Crime
25
Problem Cure
Hacking Personal Firewall: ZoneAlarm, Norton, McAfee, Black Ice.
Viruses/Worms Caution: Don’t open email attachments!Antivirus Utility updated frequently: Norton or McAfee.
Phishing Do not trust anything that comes to you. You go to it.
Spyware/Spyware Caution: Read the fine print when installing software.Utility Program: Ad-Aware available at www.lavasoft.de (www.lavasoftusa.com).
Identity Theft Use Extreme Caution with private info.Trust No One.
Internet Fraud Knowledge & Caution.The Truth is Out There.
Preventing Computer-Related Crime
27
Privacy Issues
Privacy and the Federal Government Privacy Act of 1974: This national guideline
provides knowledge, and limited control (notice and consent) over your fed records.
Privacy at work E-mail privacy
Florida Sunshine Law
28
Privacy Issues: Privacy & the Internet Platform for Privacy Preferences (P3P)
A screening technology that shields users from Web sites that don’t provide the level of privacy protection they desire
P3P
29
Ethical Issues in Information Systems
“Old contract” of business: the only responsibility of business is to its stockholders and owners
“Social contract” of business: businesses are responsible to society
30
The AITP Code of Ethics
Obligation to management Obligation to fellow AITP members Obligation to society Obligation to college or university Obligation to the employer Obligation to country
31
The ACM Code of Professional Conduct Strive to achieve the highest quality,
effectiveness, and dignity in both the process and products of professional work
Acquire and maintain professional competence Know and respect existing laws pertaining to
professional work Accept and provide appropriate professional
review Give comprehensive and thorough evaluations
of computer systems and their impact, including analysis of possible risks
32
The ACM Code of Professional Conduct Honor contracts, agreements, and assigned
responsibilities Improve public understanding of computing and
its consequences Access computing and communication
resources only when authorized to do so