CHAPTER 3. Information Systems: Ethics, Privacy, and Security

Similar documents
4 Information Security

Securing Information Systems

Introduction to Information Security Dr. Rick Jerz

Discovering Computers Living in a Digital World

Security Awareness. Presented by OSU Institute of Technology

Ethics and Information Security. 10 주차 - 경영정보론 Spring 2014

IS Today: Managing in a Digital World 9/17/12

Security+ SY0-501 Study Guide Table of Contents

Introduction to Information Technology Turban, Rainer and Potter John Wiley & Sons, Inc. Copyright Chapter 12 1

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

CHAPTER 8 SECURING INFORMATION SYSTEMS

Chapter 6 Network and Internet Security and Privacy

A Security Model for Space Based Communication. Thom Stone Computer Sciences Corporation

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

Certified Cyber Security Analyst VS-1160

Frequently Asked Questions (FAQ)

Cyber Security Practice Questions. Varying Difficulty

Chapter 10: Security and Ethical Challenges of E-Business

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE

716 West Ave Austin, TX USA

Security Issues When Preparing for Disasters

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

Technology in Action 12/11/2014. Cybercrime and Identity Theft (cont.) Cybercrime and Identity Theft (cont.) Chapter Topics

Ethical Hacking and Prevention

Securing Information Systems

ECDL / ICDL IT Security. Syllabus Version 2.0

Securing Information Systems

Information Security in Corporation

Management Information Systems. B15. Managing Information Resources and IT Security

SECURE USE OF IT Syllabus Version 2.0

PCI Compliance. What is it? Who uses it? Why is it important?

Securing Information Systems

ELECTRONIC BANKING & ONLINE AUTHENTICATION

Unit 2 Assignment 2. Software Utilities?

CompTIA Security+ (Exam SY0-401)

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

EC-Council C EH. Certified Ethical Hacker. Program Brochure

HOLY ANGEL UNIVERSITY COLLEGE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY CYBER SECURITY COURSE SYLLABUS

Personal Cybersecurity

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?

Ethical Hacking & Information Security. Justin David G. Pineda Asia Pacific College

Electronic Identity Theft and Basic Security

Principles of Information Security, Fourth Edition. Chapter 2 The Need for Security

Security, Privacy and Authentication. Michael Power Gowling Lafleur Henderson LLP

Chapter 16: Advanced Security

INSIDE. Integrated Security: Creating the Secure Enterprise. Symantec Enterprise Security

Unit 2 Essentials of cyber security

Chapter 9 Security and Privacy

Are You Avoiding These Top 10 File Transfer Risks?

God is in the Small Stuff and it all matters. .In the Small Stuff. Security and Ethical Challenges. Introduction to Information Systems Chapter 11

5LINX ID GUARD Product Overview. Credit/Presenter Goes Here

Define information security Define security as process, not point product.

Securing Information Systems Barbarians at the Gateway

Start the Security Walkthrough

EC-Council C EH. Certified Ethical Hacker. Program Brochure

Cybersecurity The Evolving Landscape

e-commerce Study Guide Test 2. Security Chapter 10

Chapter 12. Information Security Management

A practical guide to IT security

Cyber fraud and its impact on the NHS: How organisations can manage the risk

Building a Business Case for Cyber Threat Intelligence. 5Reasons Your. Organization Needs a Risk-Based 5Approach to Cybersecurity

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

ACM Retreat - Today s Topics:

Who We Are! Natalie Timpone

ASSURING BUSINESS CONTINUITY THROUGH CONTROLLED DATA CENTER

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 1 Introduction to Security

Perspectives on Threat

Hacking and Cyber Espionage

TRAINING WEEK COURSE OUTLINE May RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I.

Certified Ethical Hacker

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

MIS 300 Exam 2 Spring 2011

Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI)

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Internet of Things (IoT) Attacks. The Internet of Things (IoT) is based off a larger concept; the Internet of Things came

INDEX. browser-hijacking adware programs, 29 brute-force spam, business, impact of spam, business issues, C

Systems and Principles Unit Syllabus

Cisco Systems Korea

Management of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model

2. INTRUDER DETECTION SYSTEMS

Entertaining & Effective Security Awareness Training

Chapter 4 Network and Internet Security

Identity & Access Management

Course Outline (version 2)

Certified Cyber Security Specialist

itexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공

SYLLABUS. DIVISION: Business and Engineering Technology REVISED: FALL 2015 CREDIT HOURS: 4 HOURS/WK LEC: 4 HOURS/WK LAB: 0 LEC/LAB COMB: 4

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

CYBERCRIME The Legal Issues

HIPAA 2017 Compliancy Group, LLC

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Securing Industrial Control Systems

Quick Heal Total Security

CCISO Blueprint v1. EC-Council

Transcription:

CHAPTER 3 Information Systems: Ethics, Privacy, and Security

CHAPTER OUTLINE 3.1 Ethical Issues 3.2 Threats to Information Security 3.3 Protecting Information Resources

LEARNING OBJECTIVES n Describe the major ethical issues related to information technology and identify situations in which they occur. n Describe the many threats to information security. n Understand the various defense mechanisms used to protect information systems. n Explain IT auditing and planning for disaster recovery.

TJX: The Worst Data Breach Ever?

Ethical Issues n Ethics n Code of Ethics

Fundamental Tenets of Ethics n Responsibility n Accountability n Liability

Unethical vs. Illegal What is unethical is not necessarily illegal. Ethics scenarios

The Four Categories of Ethical Issues n Privacy Issues n Accuracy Issues n Property Issues n Accessibility Issues

Privacy Issues How much privacy do we have left?

Privacy n Privacy. The right to be left alone and to be free of unreasonable personal intrusions. n Court decisions have followed two rules: (1) The right of privacy is not absolute. Your privacy must be balanced against the needs of society. (2) The public s right to know is superior to the individual s right of privacy.

Threats to Privacy n Data aggregators, digital dossiers, and profiling n Electronic Surveillance n Personal Information in Databases n Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites

Data Aggregators, Digital Dossiers, and Profiling

Electronic Surveillance

Electronic Surveillance n See "The State of Surveillance" article in BusinessWeek n See the surveillance slideshow n See additional surveillance slides n And you think you have privacy? (video) n Sense-through-the-Wall

Personal Information in Databases n Banks n Utility companies n Government agencies n Credit reporting agencies

Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites

Social Networking Sites Can Cause You Problems Anyone can post derogatory information about you anonymously. (See this Washington Post article.) You can also hurt yourself, as this article shows.

What Can You Do? First, be careful what information you post on social networking sites. Second, a company, ReputationDefender, says it can remove derogatory information from the Web.

Protecting Privacy n Privacy Codes and Policies n Opt-out Model n Opt-in Model

3.2 Threats to Information Security

Factors Increasing the Threats to Information Security n Today s interconnected, interdependent, wirelessly-networked business environment n Government legislation n Smaller, faster, cheaper computers and storage devices n Decreasing skills necessary to be a computer hacker

Factors Increasing the Threats to Information Security (continued) n International organized crime turning to cybercrime n Downstream liability n Increased employee use of unmanaged devices n Lack of management support

A Look at Unmanaged Devices Wi-Fi at McDonalds Hotel Business Center Wi-Fi at Starbucks

Key Information Security Terms n Threat n Exposure n Vulnerability n Risk n Information system controls

Security Threats (Figure 3.1)

Categories of Threats to Information Systems n Unintentional acts n Natural disasters n Technical failures n Management failures n Deliberate acts (from Whitman and Mattord, 2003) Example of a threat (video)

Unintentional Acts n Human errors n Deviations in quality of service by service providers (e.g., utilities) n Environmental hazards (e.g., dirt, dust, humidity)

Human Errors n Tailgating n Shoulder surfing n Carelessness with laptops and portable computing devices n Opening questionable e-mails n Careless Internet surfing n Poor password selection and use n And more

Anti-Tailgating Door

Shoulder Surfing

Most Dangerous Employees Human resources and MIS Remember, these employees hold ALL the information

Social Engineering n 60 Minutes Interview with Kevin Mitnick, the King of Social Engineering n Kevin Mitnick served several years in a federal prison. Upon his release, he opened his own consulting firm, advising companies on how to deter people like him, n See his company here

Natural Disasters

Deliberate Acts n Espionage or trespass n Information extortion n Sabotage or vandalism n Theft of equipment or information n For example, dumpster diving

Deliberate Acts (continued) n Identity theft video n Compromises to intellectual property

Deliberate Acts (continued) n Software attacks n Virus n Worm n 1988: first widespread worm, created by Robert T. Morris, Jr. n (see the rapid spread of the Slammer worm) n Trojan horse n Logic Bomb

Deliberate Acts (continued) n Software attacks (continued) n Phishing attacks n Phishing slideshow n Phishing quiz n Phishing example n Phishing example n Distributed denial-of-service attacks n See botnet demonstration

Deliberate Acts (continued) n Software attacks (continued) Can you be Phished?

How to Detect a Phish E-mail

Is the email really from ebay, or PayPal, or a bank? As Spammers get better, their emails look more genuine. How do you tell if it s a scam and phishing for personal information? Here s how...

Is the email really from ebay, or PayPal, or a bank? As an example, here is what the email said: n n Return-path: <service@paypal.com> From: "PayPal"<service@paypal.com> n Subject: You have 1 new Security Message Alert! Note that they even give advice in the right column about security

Example Continued bottom of the email

How to see what is happening View Source n In Outlook, right click on email, click view source n In GroupWise, open email and click on the Message Source tab n In Mozilla Thunderbird, click on View, and Source. n Below is the part of the text that makes the email look official the images came from the PayPal website.

View Source The Real Link n In the body it said, If you are traveling, Travelling Confirmation Here n Here is where you are really being sent n href=3d ftp://futangiu:futangiu@209.202.224.140/index.htm n Notice that the link is not only not PayPal, it is an IP address, 2 giveaways of a fraudulent link.

Another Example Amazon View Source

Deliberate Acts (continued) n Alien Software n Spyware (see video) n Spamware n Cookies n Cookie demo

Deliberate Acts (continued) n Supervisory control and data acquisition (SCADA) attacks Wireless sensor

What if a SCADA attack were successful? Northeastern U.S. power outage in 2003

Results of the power outage in NYC

More results of power outage in NYC

A Successful (Experimental) SCADA Attack Video of an experimental SCADA attack that was successful

3.3 Protecting Information Resources

Risk! There is always risk!

And then there is real risk!

Risk Management n Risk n Risk management n Risk analysis n Risk mitigation

Risk Mitigation Strategies n Risk Acceptance n Risk limitation n Risk transference

Risk Optimization

Controls n Physical controls n Access controls n Communications (network) controls n Application controls

Where Defense Mechanisms (Controls) Are Located

Access Controls n Authentication n Something the user is (biometrics) n Video on biometrics n The latest biometric: gait recognition n The Raytheon Personal Identification Device n Something the user has n Something the user does n Something the user knows n passwords n passphrases

Access Controls (continued) n Authorization n Privilege n Least privilege

Communication or Network Controls n Firewalls n Anti-malware systems n Whitelisting and Blacklisting n Intrusion detection systems n Encryption

Basic Home Firewall (top) and Corporate Firewall (bottom)

How Public Key Encryption Works

How Digital Certificates Work

Communication or Network Controls (continued) n Virtual private networking n Secure Socket Layer (now transport layer security) n Vulnerability management systems n Employee monitoring systems

Virtual Private Network and Tunneling

Popular Vulnerability Management Systems

Popular Employee Monitoring Systems

Employee Monitoring System

Business Continuity Planning, Backup, and Recovery n Hot Site n Warm Site n Cold Site

Information Systems Auditing n Types of Auditors and Audits n Internal n External

IS Auditing Procedure n Auditing around the computer n Auditing through the computer n Auditing with the computer

Chapter Closing Case

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback