Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 12 Information Security and Confidentiality (Chapter 12)

Published byPatience Reynolds Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 12 Information Security and Confidentiality (Chapter 12)"— Presentation transcript:

1 http://www.csun.edu/~dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)

2 1.Privacy, confidentiality, information privacy, and information security and the relationships among them. 2.How information system security affects privacy, confidentiality, and security. 3.The significance of security for information integrity 4.Potential threats to system security and information. 5.Security measures to protect information IS 531 : Lecture 122 Learning Objectives

3 Security Concern Information security and confidentiality of personal information represent major concerns in today’s society amidst growing reports of stolen and compromised information. Globalization and increased use of internet Evolving technology and intrusion techniques Information must be protected through a combination of electronic and manual methods IS 531 : Lecture 123

4 Information Security The protection of information against threats to its integrity, inadvertent disclosure, or availability determines the survivability of a system IS 531 : Lecture 124

5 Privacy Freedom from intrusion, or control over the exposure of self or of personal information The right to determine what information is collected, how it is used, and the ability to review collected information for accuracy and security IS 531 : Lecture 125

6 Confidentiality The protection of healthcare information is mandated by the Health Insurance Portability and Accountability Act (HIPAA) and the Joint Commission requirements. Must not disclose patient-related information without consent Share info only with the parties requiring it for client treatment Mostly due to careless communication in a public area or with appropriate person IS 531 : Lecture 126

7 Information/Data Privacy The storage and disclosure/dissemination of personally identifiable information The right to choose the conditions and extent to which information and beliefs are shared The right to ensure accuracy of information collected IS 531 : Lecture 127

8 Consent The process by which an individual authorizes healthcare personnel to process his or her information based on an informed understanding of how this information will be used Entails making the individual aware of risks to privacy and measures to protect it IS 531 : Lecture 128

9 Information System Security Ongoing protection of both information stored in the system and the system itself from threats or disruption Primary goals : – Protection of client confidentiality – Protection of information integrity – Timely availability of information when needed IS 531 : Lecture 129

10 Security Planning Safeguard against: – Downtime – Breeches in confidentiality – Loss of consumer confidence – Cybercrime – Liability – Lost productivity Ensure compliance with HIPAA IS 531 : Lecture 1210

11 Steps to Security Assessment of risks and assets An organizational plan A “culture” of security The establishment and enforcement of policies IS 531 : Lecture 1211

12 Threats to System Security and Information Human threats – Thieves – Hackers and crackers – Denial of service attacks – Terrorists – Viruses, worms – Revenge attacks – Pirated Web sites IS 531 : Lecture 1212

13 Threats to System Security and Information … On-site threats – Poor password management – Compromised device – Human error – Unauthorized insider access – Flooding site – Power fluctuations Fires and natural disasters IS 531 : Lecture 1213

14 Security Measures Firewalls—barrier created from software and hardware Antivirus and spyware detection User sign-on and passwords or other means of identity management Access on a need-to-know basis Automatic sign-off Physical restrictions to system access IS 531 : Lecture 1214

15 Authentication Process of determining whether someone is who he or she claims to be Methods: – access codes, – logon passwords, – digital certificates, – public or private keys used for encryption – biometric measures IS 531 : Lecture 1215

16 Password String of alphanumeric characters to type in for system access Inexpensive but not the most effective means of authentication Do: – Choose 8-12 character passwords – Avoid obvious passwords – Using the first characters of your favorites verses / sayings. – Including special characters, lower and upper cases, numbers. IS 531 : Lecture 1216

17 Password … Don’t: – Post or write down passwords. – Leave computers or applications running when not in use. – Re-use the same password for different systems. – Use the browser “save password” feature. Never share passwords. Change password frequently IS 531 : Lecture 1217

18 Biometrics Identification based on a unique biological trait – fingerprint – voice – iris pattern / retinal scan – hand geometry / palmprint – face recognition – etc… IS 531 : Lecture 1218

19 Antivirus Software Computer programs that can locate and eradicate viruses and other malicious programs from memory sticks, storage devices, individual computers, and networks Detect and eliminate malwares / spywares that install themselves without the user’s permission to collect passwords, PIN numbers, account numbers then send them to another party IS 531 : Lecture 1219

20 Antivirus Software IS 531 : Lecture 1220 Source : http://anti-virus-software-review.toptenreviews.com/

21 Proper Handling and Disposal Acceptable uses Audit trails to monitor access Encourage review for accuracy Establish controls for information use after-hours and off-site Shred or use locked receptacles for the disposal of items containing personal health information IS 531 : Lecture 1221

22 Implications for Mobile Computing Shared responsibility for information and information system security Devices are easily stolen. Devices should require authentication and encryption to safeguard information security. Devices should never be left where information may be seen by unauthorized viewers. Verify wireless networks before use. IS 531 : Lecture 1222

23 Firewall IS 531 : Lecture 1223

24 Physical vs. Logical Access / Controls IS 531 : Lecture 1224

25 Encryption IS 531 : Lecture 1225 I S 5 3 1 01001001 01010011 00110101 00110011 00110001 10010101 00110011 01010011 00110011 00010100 01101010 11001100 10101100 11001100 11101011 Binary Codes ASCII (American Standard Code for Information Interchange) : 8 bits EBCDIC (Extended Binary-Coded Decimal Interchange Code ) : 16 bits Unicode : 32 bits and more

26 Encoding IS 531 : Lecture 1226 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z DROPBOX TONIGHT F G H I J K L M N O P Q R S T U V W X Y Z A B C D E IWTUGTC YTSNLMY Normal sequence : Encoded sequence : Message : Encoded message :

27 Public Keys IS 531 : Lecture 1227

28 References CMU - Security 101 (2011) http://www.cmu.edu/iso/aware/presentation/sec urity101-v2.pdf CMU - Governing for Enterprise Security (2005) https://resources.sei.cmu.edu/asset_files/Technic alNote/2005_004_001_14513.pdf IS 531 : Lecture 1228

Download ppt "Lecture 12 Information Security and Confidentiality (Chapter 12)"

Similar presentations

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.

1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Information Security Policies and Standards

Information Security Policies and Standards
Privacy, Confidentiality, and Security M8120 Fall 2001.

Privacy, Confidentiality, and Security M8120 Fall 2001.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
CSUN Information Systems IS312 Information Systems for Business Lecture 9 Ethic & Information Security.

CSUN Information Systems IS312 Information Systems for Business Lecture 9 Ethic & Information Security.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Objectives Overview Define the term, digital security risks, and briefly describe the types of cybercriminals Describe various types of Internet and network.

Objectives Overview Define the term, digital security risks, and briefly describe the types of cybercriminals Describe various types of Internet and network.

Similar presentations

Ads by Google