Computer Waste and SecurityPrivacy

Computer Health

Policies and Procedures must be established to avoid computer waste and mistakes

Computer Waste Inappropriate use of computer technology

and resources Premature retiring of computer systems Poor management of system causes failure Employees accessing Internet, sending

unimportant e-mail, playing games

Computer-Related Mistakes Computers do not make mistakes Mistakes are created when:

Programs contain errors Users do not know the proper steps necessary

to accomplish a task Incorrect data is entered

Preventing Waste and Mistakes Establish Policies and Procedures

Acquisition of computers Training Programs Manuals/Documentation System approval procedures

Monitor/Review of Procedures

Computer crime is a serious and rapidly growing area of concern requiring management attention

Computer Crime ExamplesFBI est. computer related losses over $10 billion 1999 – Hacker stole 300,000 credit card

numbers from CD Universe. Asked for $100,000 to keep #’s from being published.

1999 - Melissa Virus Disgruntled Employees (60 % of break-ins) 2002 – Hacker gets into US Govt. computer

systems (Pentagon, Army, Navy, Air Force, NASA)

Terrorists

Computer Crime Statistics

Computer Crime Social Engineering: the practice of talking

an individual out of a critical computer password

Dumpster Diving: searching through garbage to get information that.. Can help crack into an organizations

computers Can be used to persuade someone at the

company to provide access to a company's computers

Illegal Access and Use Hacker: a person who enjoys computer

technology and spends time learning and using computer systems

Criminal hacker (cracker): a computer-savvy person who attempts to gain unauthorized or illegal access to computer systems

Data Alteration and DestructionData and Information are valuable corporate assets Virus: program that attaches itself to other programs Worm: an independent program that replicates its own

program files until it interrupts the operations of networks and computer systems.

Logic bomb: application or virus designed to “explode” or execute at a specific date/time

Trojan horse: program that appears to be useful but is actually a destructive program

Information and Equipment Theft Information theft:

Password sniffer: program hidden in a network that records identification numbers and passwords

Computer equipment theft is second only to automobile theft

Software and Internet Piracy Copyright laws Software piracy: illegally duplicating

software Internet piracy: illegally gaining access to

and using the Internet

Computer Scams “Forward this to everyone you know and if

it reaches 13,000 people, 1,300 of the people on the list will receive $5,000, and the rest will receive a free trip for two to Disney World for one week during the summer of 2003 at our expense. Enjoy.”

http://www.scambusters.org

Preventing Computer-Related Crime State and Federal Agencies:

1986 – Computer Fraud and Abuse Act: punishment is based on victim’s $$ loss

Dept. of Defenses Computer Emergency Response Team (CERT)

States are passing new computer crime bills. View recent court cases at: http://www.usdoj.gov/criminal/cybercrime/cccases.html

Gov. web site detailing computer crime cases

Preventing Computer-Related Crime Corporations:

Biometrics: the measurement of a living trait, physical or behavioral.

Add systems controls to ensure better security. Possible $$ loss must outweigh cost of creating controls

Software Publishers Association (SPA): audits companies and checks for software licenses

Methods Companies can use to prevent crime

Antivirus Programs Programs that prevent viruses and recover

from them if they infect a computer. Used by companies and individuals Norton Antivirus, Dr. Solomon’s Anti-

Virus Toolkit, etc.

Privacy On-line Who owns data/information on you? What is

public information and what is private information?

Echelon (run by the National Security Agency) monitors every electronic communication in the world: cell phones, e-mail messages, etc.

70 laws are pending before Congress regarding privacy

Online Privacy Alliance Privacy at work?

Online Privacy Alliance Web Site

Hardware/Software Privacy Intel

Created chips with a unique serial number. Could track web related habits of people.

2000 – announced it would stop stamping #’s on future chips, but not the Pentium III

Microsoft – Windows 98 Word/Excel had hidden 32-digit #’s unique to the

computer and associated with a person when they registered Win98.

Can trace each and every document you create. After bad press, Microsoft created a patch to remove the

#’s

What can you do to protect your privacy? Find out what is stored about you.

Get credit report ($8)

Be careful when you share information about yourself Don’t fill info. out on-line unless it is absolutely necessary Look for the sites privacy policy to educate yourself Ask doctor, bank not to share info. about you w/o consent

Be proactive: Block caller id systems from reading your phone number,

don’t fill out change of address forms Contact Direct Marketing Association to avoid junk mail and

telemarketing

Jobs, equipment, and working conditions must be designed to avoid negative health effects.

Health Issues Cost to U.S Companies for health claims

related to computer use: $27 billion/year Repetitive motion disorder/stress injury:

injury caused by working with computer keyboards and other equipment

Carpal tunnel syndrome: aggravation of pathway for nerves that travel through the wrist

Ergonomics: study of designing and positioning computer equipment for employee health and safety