integrity and security control. security breaches toronto, nov. 9 /cnw/ -telus and the rotman school...
TRANSCRIPT
![Page 1: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/1.jpg)
Integrity and Security Control
![Page 2: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/2.jpg)
Security BreachesTORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on Canadian IT security, revealing that Canadian companies experienced a 29 per cent increase in security breaches from 2009 to 2010. The study also found that the annual cost of these security breaches dropped considerably from $834,000 to $179,508 during the same one-year period.
![Page 3: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/3.jpg)
3
Recent FBI Computer Security Institute survey 85% of large companies and
government agencies have detected computer breaches in past 12 months
64% acknowledged financial losses 35% quantified the losses totaled
to $375 million
![Page 4: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/4.jpg)
4
Cost of Security Breach The average large company loses
$20,000 per hour during the first 72 hours of its response to a security breach
Leaky security costs companies 6%-7% of annual revenue Loss of business, decreased customer
confidence, increased insurance, expenditures of public relations
![Page 5: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/5.jpg)
Objectives of Integrity Controls Ensure that only appropriate and
correct business transactions occur Ensure that transactions are
recorded and processed correctly Protect and safeguard assets of the
organization Software Hardware Information
![Page 6: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/6.jpg)
Information security Protecting information and
information systems from unauthorized access, use, disclosure, disruption, modification or destruction.
6
![Page 7: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/7.jpg)
7
The Importance of Security in e-Commerce The Internet presents enormous
business opportunities The Internet is open to public,
vulnerable to various of attacks One of the major hurdles that we face
in achieving the full potential of Internet-based electronic commerce is security
New threats from terrorism and cyber warfare
![Page 8: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/8.jpg)
Points of Security and Integrity Controls
![Page 9: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/9.jpg)
Input Integrity Controls Used with all input mechanisms Additional level of verification to
help reduce input errors Common control techniques
Field combination controls Value limit controls Completeness controls Data validation controls
![Page 10: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/10.jpg)
Output Integrity Controls Ensure output arrives at proper
destination and is correct, accurate, complete, and current
Destination controls - output is channeled to correct people
Completeness, accuracy, and correctness controls
Appropriate information present in output
![Page 11: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/11.jpg)
Data Integrity Controls Access controls Data encryption Transaction controls Update controls Backup and recovery protection
![Page 12: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/12.jpg)
Integrity Controls to Detect and Prevent Fraud
Control of fraud requires both manual procedures and computer integrity controls
![Page 13: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/13.jpg)
Designing Security Controls
Security controls protect assets of organization from all threats External threats such as hackers, viruses, worms,
and message overload attacks Security control objectives
Maintain stable, functioning operating environment for users and application systems (24 x 7)
Protect information and transactions during transmission outside organization (public carriers)
![Page 14: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/14.jpg)
Access control
![Page 15: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/15.jpg)
Security for Access to Systems
Used to control access to any resource managed by operating system or network
User categories Unauthorized user – no authorization to access Registered user – authorized to access system Privileged user – authorized to administrate system
Organized so that all resources can be accessed with same unique ID/password combination
![Page 16: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/16.jpg)
Users and Access Roles to Computer Systems
![Page 17: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/17.jpg)
Managing User Access
Most common technique is user ID / password
Authorization – Is user permitted to access?
Access control list – users with rights to access
Authentication – Is user who they claim to be?
![Page 18: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/18.jpg)
Computerized User Authentication Techniques Password-based systems:
something that you know Physical tokens: something that you
have Biometrics: something that you are Location: someplace you are Reference: third party
authentication
![Page 19: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/19.jpg)
![Page 20: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/20.jpg)
Password problem Has to be stored in file May be intercepted May forget May easy to guess May tell other people
![Page 21: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/21.jpg)
Physical Tokens Access card, storage token,
synchronous one-time password generator, challenge-response, digital signature token
Human-interface token, smart card, PCMCIA card
The token does not prove who you are Token may be copied or forged Token may be used with password
![Page 22: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/22.jpg)
![Page 23: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/23.jpg)
Biometrics
An image of person’s face Fingerprints Footprints and walking style Hand shape and size Pattern of blood vessels in the retina DNA patterns Voice prints Handwriting techniques Typing characteristics
![Page 24: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/24.jpg)
24
Fingerprints
SOURCE: C3i
MAIN SHAPES:
LOOPWHORLARCH
MINUTIAE:
END BIFURCATION ISLAND LAKE DOT
EACH PERSON HAS A UNIQUEARRANGEMENT OF MINUTIAE:
![Page 25: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/25.jpg)
25
Fingerprint CaptureThompson-CSF FingerChip
(Thermal-sensed swipe)DEMO1, DEMO2
ST-Micro TOUCHCHIP(Capacitative)
American Biometric CompanyBioMouse (Optical) Biometric Partners
Touchless Sensor
![Page 26: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/26.jpg)
26
Iris Scan
SOURCE: IRISCAN
• Human iris patterns encode ~3.4 bits per sq. mm
• Can be stored in 512 bytes
• Patterns do not change after 1 year of life
• Patterns of identical twins are uncorrelated
• Chance of duplication < 1 in 1078
• Identification speed: 2 sec. per 100,000 people
PERSONAL IRIS IMAGER
Companies: British Telecom, Iriscan, Sensar
![Page 27: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/27.jpg)
27
Signature Dynamics• Examines formation of signature, not final
appearance
• DSV (Dynamic signature verification)
• Parameters
• Total time
• Sign changes in x-y velocities
and accelerations
• Pen-up time
• Total path length
• Sampling 100 times/second
Companies: CyberSIgn, Quintet,PenOp, SoftPro SignPlus,
![Page 28: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/28.jpg)
28
Error in Biometric Systems
SOURCE: IDEX
VERY BAD BAD
![Page 29: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/29.jpg)
![Page 30: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/30.jpg)
Problems with biometrics A person’s biometric “print” must be
on file before that person can be identified
Require expensive, special purpose equipment
Unprotected biometrics equipment is vulnerable to sabotage and fraud
Possibility of false match
![Page 31: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/31.jpg)
31
Transaction Security
![Page 32: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/32.jpg)
32
Transaction Security Authentication: A user must be able to prove his
identity to the other party. (“I am Joan Thomas and I live at...”)
Integrity: Each party must be comfortable that exchanged information wasn’t altered during transmission by a third party or corrupted by misfortune. (“I ordered three items not four...”)
Nonrepudiation: Each party must be assured that the counterparty won’t be able to deny being the originator or receiver of information. (“I didn’t order that item...”)
Confidentiality: Parties must be able to exchange information securely without it falling into the hands of a third party. (“My credit card number is...”)
![Page 33: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/33.jpg)
33
Protective measures Sending and receiving encrypted
messages or data, Using digital certificates to
authenticate the parties involved in the transaction, and
Virtual Private Networks
![Page 34: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/34.jpg)
Cryptography
Cryptography is the practice and study of hiding information.
Encryptionconverting ordinary information (plain text) into unintelligible gibberish (cipher text) so unauthorized users cannot read it
Decryption Converting encrypted data back to its original
state
![Page 35: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/35.jpg)
35
Cryptography techniques Symmetric cryptosystems Public-key cryptosystems Integrity check-values (message
digest) Digital Certificate Digital Signature
![Page 36: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/36.jpg)
Data Security Symmetric key – same key
encrypts and decrypts Asymmetric key – a pair of
different keys for encryption and decryption. Public key Private key
![Page 37: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/37.jpg)
37
Symmetric Cryptography
![Page 38: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/38.jpg)
Symmetric Cryptography The same key is used for
encryption and decryption Operates as block cipher (fixed
size) or stream cipher (arbitrary size, byte by byte)
Fast encryption and decryption Require secure key distribution
![Page 39: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/39.jpg)
Role of the Key in Cryptography
The key is a parameter to an encryption procedure Procedure stays the same, but produces different
results based on a given key
NOTE: THIS METHOD IS NOT USED IN ANY REAL CRYPTOGRAPHY SYSTEM.IT IS AN EXAMPLE INTENDED ONLY TO ILLUSTRATE THE USE OF KEYS.
S P E C I A L T Y B D F G H J K M N O Q R U V W X ZA B C D E F G H I J K L M N O P Q R S T U V W X Y Z
C O N S U L T I N G
D S R A V G H E R M
EXAMPLE:Plain text
Cipher text
![Page 40: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/40.jpg)
Public Key Cryptosystems A pair of related keys:
Private key (kept secret) Public key (publicly known)They are related but it is not feasible to determine the private key by knowing the public key
Two ways of use:Encryption mode: make sure a right person receives messageAuthentication mode: make sure message is from a right person
Solving key distribution problem
![Page 41: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/41.jpg)
Public-Key (Asymmetric) Encryption
1. USERS WANT TO SEND PLAINTEXT TO RECIPIENT WEBSITE
2. SENDERS USE SITE’S PUBLIC KEY FOR ENCRYPTION
3. SITE USES ITS PRIVATE KEY FOR DECRYPTION
4. ONLY WEBSITE CAN DECRYPT THE CIPHERTEXT. NO ONE ELSE KNOWS HOW
SOURCE: STEIN, WEB SECURITY
![Page 42: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/42.jpg)
![Page 43: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/43.jpg)
![Page 44: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/44.jpg)
Digital Signatures and Certificates
Encryption of messages enables secure exchange of information between two entities with appropriate keys
Digital signature encrypts document with private key to verify document author
Digital certificate is institution’s name and public key that is encrypted and certified by third party
Certifying authority: VeriSign or Equifax
![Page 45: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/45.jpg)
Digital Certificate Certificate
A document containing a certified statement, especially as to the truth of something
Digital certificateInformation digitally signed by trusted certificate authority such as VeriSign
![Page 46: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/46.jpg)
Certification Authorizer GlobalSign NV-SA. GlobalSign is the
Leading European Trusted Network of Certification Authorities (CA) that, signs and manages digital certificates
Thawte Certification offers free personal certificates for signing and encrypting e-mail. Thawte is a global CA that has already certified 30% of the world’s Internet e-commerce servers.
![Page 47: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/47.jpg)
![Page 48: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/48.jpg)
Public-key Certificate Identify the holder of the private-
key A Certificate consists of
Subject Identification information Subject public key value Certification authority name Certification authority’s digital
signature
![Page 49: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/49.jpg)
![Page 50: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/50.jpg)
![Page 51: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/51.jpg)
Digital Signatures A digital signature indicates the
signer and the integrity of the document
A digital signature must support non-repudiation
![Page 52: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/52.jpg)
![Page 53: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/53.jpg)
Hash Functions One way hash function f hash x to y = f(x) Infeasible to calculate x = f-1(y) Infeasible to construct x’ so that
f(x’) = y = f(x) U.S. Government’s Secure Hash
Algorithm (SHA-1) the best so far RSA MD5 has some known weakness
![Page 54: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/54.jpg)
Using a Digital Certificate
![Page 55: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/55.jpg)
Security Protocols - SSL Secure Sockets Layer (SSL) uses public
key encryption and digital certificates for information exchange between Web browsers and certified Web servers
The URL for the SSL-secured Web pages begins with “https://” instead of http://
A randomly generated symmetric Session key (40 bit or 128 bit) for message encryption
![Page 56: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/56.jpg)
56
Secure Sockets Layer (SSL)
if it has one
SOURCE: WEB SECURITY
![Page 57: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/57.jpg)
Summary Integrity controls and security
designed into system Ensure only appropriate and correct
business transactions occur Ensure transactions are recorded and
processed correctly Protect and safeguard assets of the
organization Control access to resources
![Page 58: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/58.jpg)
58
Privacy Protection
![Page 59: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/59.jpg)
59
Privacy concerns 90% of people surveyed said privacy
was the most important issue for e-commerce to address
79% don’t use web sites which require personal information; 42% fabricate information
Consumers generally wary of releasing phone number, address, and credit card number over the Internet.
![Page 60: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/60.jpg)
60
Information Privacy Information privacy is the “claim of
individuals, groups, or institutions to determine for themselves when, and to what extent, information about them is communicated to others”
![Page 61: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/61.jpg)
61
The right of privacy Privacy protection should
prevent non-permitted, illegal, and/or unethical use of private information.
It is important to note that the right of privacy is not absolute. Privacy must be balanced against the needs of society.
![Page 62: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/62.jpg)
62
Privacy and Security Security and privacy are often related to
each other but they are not the same. Information is secure if the owner of
information can control that information. Information is private if the subject of
information can control that information. Anonymous information has no subject,
and thus ensures that information is private.
![Page 63: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/63.jpg)
63
The difficulty of privacy protection in Web environment The complexity of manually collecting,
sorting, filing, and accessing information from several different agencies was a built-in privacy protection
In Internet and Web environment, information about users can be easily collected, integrated and analyzed from different sources through the use of network, database, data warehouse and data mining technologies. The potential of privacy violation therefore becomes much higher.
![Page 64: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/64.jpg)
64
Privacy Protection Policy Companies now publicize their
privacy policy when collecting personal information
Customer consent request Customer choice
![Page 65: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/65.jpg)
65
![Page 66: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/66.jpg)
66
![Page 67: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/67.jpg)
67
Principles for collection and Use Private Information Don’t collect information unless its need
and relevance have been clearly established
Don’t collect information fraudulently or unfairly
Use information only if it is accurate and current
Individuals have the right to know of information stored about them
![Page 68: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/68.jpg)
68
Principles for collection and Use Private Information (continue)
Provide a clear procedure on how the individuals can correct, delete, or amend inaccurate, obsolete, or irrelevant information
Ensure the reliability, integrity, and availability of collected, maintained, used, or disseminated personal information and take precautions to prevent its misuse
![Page 69: Integrity and Security Control. Security Breaches TORONTO, Nov. 9 /CNW/ -TELUS and the Rotman School of Management released their third annual study on](https://reader036.vdocuments.site/reader036/viewer/2022062801/56649e615503460f94b5c33f/html5/thumbnails/69.jpg)
69
Principles for collection and Use Private Information (continue)
Prevent personal information collected for one purpose from being used for another purpose or disclosed to a third party without an individual’s consent.
Federal, state, and local government should collect only legally authorized personal information