Presentation is loading. Please wait.

Presentation is loading. Please wait.

BUS 311: Fall 2003 1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter 9.

Published byWendy Bond Modified over 8 years ago

Similar presentations

Presentation on theme: "BUS 311: Fall 2003 1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter 9."— Presentation transcript:

1 BUS 311: Fall 2003 1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter 9

2 BUS 311: Fall 20032 Social Issues in Information Systems Computer Waste & Mistakes Computer Waste & Mistakes Computer Crime Computer Crime Privacy Privacy Health Concerns Health Concerns Ethical Issues Ethical Issues Patent and copyright violations Patent and copyright violations

3 BUS 311: Fall 20033 Computer Waste Discarding technology that still has value Discarding technology that still has value Unused systems Unused systems Personal use of corporate time and technology Personal use of corporate time and technology Spam Spam Time spent configuring / “optimizing” computers Time spent configuring / “optimizing” computers

4 BUS 311: Fall 20034 Preventing Computer Waste and Mistakes Policies and Procedures should be Policies and Procedures should be Established Established Implemented Implemented Monitored Monitored Reviewed Reviewed

5 BUS 311: Fall 20035 Types of Computer-Related Mistakes Types of Computer-Related Mistakes Data entry or capture errors Data entry or capture errors Errors in computer programs Errors in computer programs Errors in file handling – copying old file over new one, deleting a file by mistake Errors in file handling – copying old file over new one, deleting a file by mistake Mishandling of computer output Mishandling of computer output Inadequate planning for and control of equipment malfunction Inadequate planning for and control of equipment malfunction Inadequate planning for and control of environmental difficulties (electrical, humidity, etc.) Inadequate planning for and control of environmental difficulties (electrical, humidity, etc.) Installing inadequate computer capacity Installing inadequate computer capacity

6 BUS 311: Fall 20036 Useful Policies to Eliminate Waste and Mistakes Useful Policies to Eliminate Waste and Mistakes Tightly control changes to corporate web site – ensure information is timely Tightly control changes to corporate web site – ensure information is timely Have user manuals available Have user manuals available Every report should clearly specify its general content and time period covered Every report should clearly specify its general content and time period covered Implement proper procedures to ensure correct input data (to avoid “garbage in, garbage out”) Implement proper procedures to ensure correct input data (to avoid “garbage in, garbage out”)

7 BUS 311: Fall 2003 7 Computer Crime

8 BUS 311: Fall 20038 Number of Incidents Reported to CERT Number of Incidents Reported to CERT

9 BUS 311: Fall 20039 Computer Crime and Security Survey Source: http://www.gocsi.com/press/20020407.jhtml?_requestid=449980http://www.gocsi.com/press/20020407.jhtml?_requestid=449980 (1996: 16%)

10 BUS 311: Fall 200310 Fastest Growing Crime in the US? Identity theft Identity theft Use someone else’s identity to obtain credit, conduct crimes etc Use someone else’s identity to obtain credit, conduct crimes etc Necessary info: SSN, Name, (Date of Birth) Necessary info: SSN, Name, (Date of Birth) How often do you get a credit card application with your name on it? How often do you get a credit card application with your name on it? Largest Identity theft case in US history Largest Identity theft case in US history http://www.computerworld.com/securitytopics/security/cyber crime/story/0,10801,76252,00.html http://www.computerworld.com/securitytopics/security/cyber crime/story/0,10801,76252,00.html http://www.computerworld.com/securitytopics/security/cyber crime/story/0,10801,76252,00.html http://www.computerworld.com/securitytopics/security/cyber crime/story/0,10801,76252,00.html Identity theft survival guide Identity theft survival guide http://money.cnn.com/2002/11/26/pf/saving/q_identity/ http://money.cnn.com/2002/11/26/pf/saving/q_identity/ http://money.cnn.com/2002/11/26/pf/saving/q_identity/

11 BUS 311: Fall 200311 Recent Cybercrime Headlines 11/6/03: FTC Blocks Pop-Up Spammers 11/6/03: FTC Blocks Pop-Up SpammersFTC Blocks Pop-Up SpammersFTC Blocks Pop-Up Spammers 11/5/03: Microsoft Puts a Price on Hackers' Heads 11/5/03: Microsoft Puts a Price on Hackers' HeadsMicrosoft Puts a Price on Hackers' HeadsMicrosoft Puts a Price on Hackers' Heads 11/3/03: E-Mail Under Attack Again as Mimail Virus Spreads 11/3/03: E-Mail Under Attack Again as Mimail Virus SpreadsE-Mail Under Attack Again as Mimail Virus SpreadsE-Mail Under Attack Again as Mimail Virus Spreads 10/24/03: Microsoft Patches Its Patches 10/24/03: Microsoft Patches Its PatchesMicrosoft Patches Its PatchesMicrosoft Patches Its Patches Source: Daily cybercrime report Source: Daily cybercrime report (http://www.newsfactor.com/perl/section/cybercrime/) (http://www.newsfactor.com/perl/section/cybercrime/)http://www.newsfactor.com/perl/section/cybercrime/

12 BUS 311: Fall 200312 The Computer as a Tool to Commit Crime Social engineering Social engineering Posing as someone else to gain trust of user to give out password Posing as someone else to gain trust of user to give out password Dumpster diving Dumpster diving Search garbage for clues on how to gain access to a system Search garbage for clues on how to gain access to a system Shoulder Surfing Shoulder Surfing Stand next to someone in a public place to get vital information Stand next to someone in a public place to get vital information Install keyboard logger Install keyboard logger Record every keystroke and send back to criminal Record every keystroke and send back to criminal Cyberterrorism Cyberterrorism E.g. Distributed Denial-of-service (DDOS) attack E.g. Distributed Denial-of-service (DDOS) attack

13 BUS 311: Fall 200313 Computers as Objects of Crime Illegal access and use Illegal access and use Hackers Hackers ‘Hacking’ away at programming and using a computer to its fullest capabilities ‘Hacking’ away at programming and using a computer to its fullest capabilities Crackers (criminal hacker) Crackers (criminal hacker) Information and equipment theft Information and equipment theft Software and Internet piracy Software and Internet piracy Computer-related scams Computer-related scams Nigerian 419 Nigerian 419 International computer crime International computer crime

14 BUS 311: Fall 200314 Data Alteration and Destruction Virus Virus Worm Worm Logic bomb Logic bomb Trojan horse Trojan horse © Hal Mayforth 2003

15 BUS 311: Fall 200315 Virus elements Distribution Vector Distribution Vector How does it move from one computer to the next? How does it move from one computer to the next? Virus: Attaches to other program, user must take action to spread Virus: Attaches to other program, user must take action to spread Worm: Self-propagates Worm: Self-propagates Payload Payload What does it do when it gets there? What does it do when it gets there? Ability to mutate Ability to mutate Makes it harder to detect, like the AIDS virus Makes it harder to detect, like the AIDS virus

16 BUS 311: Fall 200316 Virus Characteristics Similar to biological viruses Similar to biological viruses Replicates on its own Replicates on its own May mutate May mutate Can be benign or malicious Can be benign or malicious Attaches to a ’host’ program Attaches to a ’host’ program Constructed by a programmer Constructed by a programmer Types of damage (payload) Types of damage (payload) Destruction of data, programs or hardware Destruction of data, programs or hardware Loss of productivity Loss of productivity Annoyance Annoyance Top 10 last month: http://www.sophos. com/virusinfo/topten / http://www.sophos. com/virusinfo/topten /

17 BUS 311: Fall 200317 Virus Distribution Email Email Executable attachment that masquerades as image file (”Click to see picture of Anna Kournikova!”) Executable attachment that masquerades as image file (”Click to see picture of Anna Kournikova!”) HTML code that executes automatically in email program (esp. Outlook and Outlook Express) HTML code that executes automatically in email program (esp. Outlook and Outlook Express) Worm Worm Spreads directly from computer to computer Spreads directly from computer to computer Often exploiting ’open ports’ or other vulnerabilities Often exploiting ’open ports’ or other vulnerabilities Trojan Horse / Logic Bomb Trojan Horse / Logic Bomb Virus disguised inside other program Virus disguised inside other program Greeting Cards (or other web sites) Greeting Cards (or other web sites) Clicking link may cause nasty things to happen Clicking link may cause nasty things to happen Hoax Hoax Email about a ‘false’ threat. May ask user to delete important system file and forward email to other users Email about a ‘false’ threat. May ask user to delete important system file and forward email to other users

18 BUS 311: Fall 200318 Virus Example: SoBig Email virus Distribution vector: Email Distribution vector: Email Arrives in email message, installs own SMTP engine (allows for sending email without using installed email program) Arrives in email message, installs own SMTP engine (allows for sending email without using installed email program) Sends itself to all email addresses in address books Sends itself to all email addresses in address books Forges Sender address, so the person that the email appears to come from may not be infected (“email spoofing”) Forges Sender address, so the person that the email appears to come from may not be infected (“email spoofing”) User must execute attachment to be infected User must execute attachment to be infected Tried to copy itself to Windows shares (unsuccessful, due to bugs) Tried to copy itself to Windows shares (unsuccessful, due to bugs) Payload: None (except for extra traffic) Payload: None (except for extra traffic) Might download malicious software from web site Might download malicious software from web site Expired September 10, 2003 Expired September 10, 2003 Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.h tml Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.h tml http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.h tml http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.h tml

19 BUS 311: Fall 200319 Symantec’s Virus guidelines Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates. Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates. If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied. If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.blended threatblended threat Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services. Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services. Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised. Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised. Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as.vbs,.bat,.exe,.pif and.scr files. Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as.vbs,.bat,.exe,.pif and.scr files. Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media. Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media. Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched. Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

20 BUS 311: Fall 200320 The Six Computer Incidents with the Greatest Worldwide Economic Impact The Six Computer Incidents with the Greatest Worldwide Economic Impact ILOVEYOU was started by student in Philippines who had a project rejected by a teacher!

21 BUS 311: Fall 200321 Measures of Protection General controls General controls Physical Physical A guard in front of a locked door can prevent many problems... A guard in front of a locked door can prevent many problems... Biometric controls Biometric controls fingerprint, hand print, retina scan, voice,... fingerprint, hand print, retina scan, voice,... Data security control Data security control confidentiality, access control, data integrity confidentiality, access control, data integrity

22 BUS 311: Fall 200322 Measures of Protection Network Protection and Firewalls Network Protection and Firewalls Access control Access control Encryption Encryption Firewalls: Most cost-effective defense, but not 100% effective Firewalls: Most cost-effective defense, but not 100% effective ZoneAlarm (personal software firewall) ZoneAlarm (personal software firewall) Hardware firewall protects all computers on LAN Hardware firewall protects all computers on LAN Intrusion Detection Software Intrusion Detection Software How can you protect yourself if you don’t know you were attacked? How can you protect yourself if you don’t know you were attacked? Protection can be assured by conducting an audit Protection can be assured by conducting an audit Perhaps even hiring a hacker… Perhaps even hiring a hacker… Managed Security Service Providers (MSSPs) Managed Security Service Providers (MSSPs) Outsource the whole thing! Outsource the whole thing!

23 BUS 311: Fall 200323 Common Computer Crime Methods Common Computer Crime Methods

24 BUS 311: Fall 200324 What can You Do Personally? Install security patches Install security patches For windows: www.windowsupdate.com For windows: www.windowsupdate.comwww.windowsupdate.com Use a virus scanner Use a virus scanner Take backup Take backup Protect your password (beware of social engineering) Protect your password (beware of social engineering) Install a Firewall Install a Firewall Encrypt sensitive data Encrypt sensitive data Don’t use IM chat software for sensitive communication (see http://news.com.com/2100-1023-976068.html) Don’t use IM chat software for sensitive communication (see http://news.com.com/2100-1023-976068.html)http://news.com.com/2100-1023-976068.html Changing: Vendors coming out with ‘corporate’ versions Changing: Vendors coming out with ‘corporate’ versions Visit www.grc.com to make sure your Shields are Up Visit www.grc.com to make sure your Shields are Upwww.grc.com

25 BUS 311: Fall 2003 25 Privacy

26 26 Privacy Issues Privacy and the Government Privacy and the Government Privacy at work Privacy at work E-mail privacy E-mail privacy Privacy and the Internet Privacy and the Internet

27 BUS 311: Fall 200327 Privacy Dilemma People’s right to privacy – not be monitored People’s right to privacy – not be monitored Employers need to monitor activity on their premises Employers need to monitor activity on their premises Discourage time-wasting behavior Discourage time-wasting behavior Prevent criminal activity on network Prevent criminal activity on network Law enforcement needs to solve crimes Law enforcement needs to solve crimes Anonymity makes some people more criminal/amoral Anonymity makes some people more criminal/amoral

28 BUS 311: Fall 200328 The Right to Know and the Ability to Decide The Right to Know and the Ability to Decide

29 BUS 311: Fall 200329 Email Privacy Work email is not private Work email is not private Employers have right to read employee email Employers have right to read employee email Can be used as evidence in court Can be used as evidence in court Companies need to have a policy for storing email Companies need to have a policy for storing email Can also cause problems for elected officials Can also cause problems for elected officials Recently Oshkosh School Board was ‘discovered’ to delete messages Recently Oshkosh School Board was ‘discovered’ to delete messages Violates open meeting laws Violates open meeting laws

30 BUS 311: Fall 2003 30 The Work Environment

31 BUS 311: Fall 200331 Health Concerns Repetitive Motion Disorder (Repetitive Stress Injury; RSI) Repetitive Motion Disorder (Repetitive Stress Injury; RSI) An injury that can be caused by working with computer keyboards and other equipment An injury that can be caused by working with computer keyboards and other equipment Carpal Tunnel Syndrome (CTS) Carpal Tunnel Syndrome (CTS) The aggravation of the pathway for nerves that travel through the wrist (the carpal tunnel) The aggravation of the pathway for nerves that travel through the wrist (the carpal tunnel) Current research says computers do not cause permanent damage Current research says computers do not cause permanent damage a few months without computer will help a few months without computer will help Research is still being conducted Research is still being conducted Technology can also remove dangerous work situations Technology can also remove dangerous work situations

32 BUS 311: Fall 200332 Ergonomics The study of designing and positioning computer equipment for employee health and safety The study of designing and positioning computer equipment for employee health and safety How high should your monitor be? How high should your monitor be? Where should keyboard, mouse be? Where should keyboard, mouse be? Good ways of working to minimize risks Good ways of working to minimize risks Web sites on ergonomics: Web sites on ergonomics: http://www.ics.uci.edu/~abaker/ergo/ http://www.ics.uci.edu/~abaker/ergo/ http://www.ics.uci.edu/~abaker/ergo/ http://ergo.human.cornell.edu/ergoguide.html http://ergo.human.cornell.edu/ergoguide.html http://ergo.human.cornell.edu/ergoguide.html http://www.pao.gov.ab.ca/health/ergonomics/comput er/ http://www.pao.gov.ab.ca/health/ergonomics/comput er/ http://www.pao.gov.ab.ca/health/ergonomics/comput er/ http://www.pao.gov.ab.ca/health/ergonomics/comput er/

33 BUS 311: Fall 200333 That’s it Thursday Thursday Rest of lecture Rest of lecture Time to work on DB Project implementation. Suggested design solution will be available Time to work on DB Project implementation. Suggested design solution will be available Tuesday Tuesday Web design/development lecture/demonstration Web design/development lecture/demonstration Learn to create your own web page Learn to create your own web page Thursday Thursday Lab to work on web page (IT Problem 4) Lab to work on web page (IT Problem 4)

Download ppt "BUS 311: Fall 2003 1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter 9."

Similar presentations

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Fundamentals of Information Systems, Second Edition 1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter 9.

Fundamentals of Information Systems, Second Edition 1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter 9.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Chapter 10 Privacy and Security.

Chapter 10 Privacy and Security.
Systems Design, Implementation, Maintenance, and Review Security, Privacy, and Ethics Chapters 13 & 14.

Systems Design, Implementation, Maintenance, and Review Security, Privacy, and Ethics Chapters 13 & 14.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
Fundamentals of Information Systems, Second Edition 1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter 9.

Fundamentals of Information Systems, Second Edition 1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter 9.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
1010 CHAPTER PRIVACY AND SECURITY. © 2005 The McGraw-Hill Companies, Inc. All Rights Reserved. 10-2 Competencies Describe concerns associated with computer.

1010 CHAPTER PRIVACY AND SECURITY. © 2005 The McGraw-Hill Companies, Inc. All Rights Reserved Competencies Describe concerns associated with computer.

Similar presentations

Ads by Google