Presentation is loading. Please wait.

Presentation is loading. Please wait.

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

Published byDwain Randall Modified over 8 years ago

Similar presentations

Presentation on theme: "CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information."— Presentation transcript:

1 CHAPTER 3 Information Privacy and Security

2 CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information Resources 2

3 Ethical Issues in Information Systems Issues and standards of conduct pertaining to the use of information systems 1986 – Richard O. Mason article 3

4 Threats to Information Privacy Data aggregators and digital dossiers (linking personal information in multiple databases) Could this happen to you? Electronic Surveillance 4 Information on Internet Bulletin Boards, Blog Sites, and Social Networking Sites

5 Threats to Information Security  Issues:  Confidentiality, Integrity, Availability (CIA)  Natural causes vs. human causes  Outsider threats vs. insider threats  e.g., the Gucci case, the FDA case  Protection vs. convenience 5

6 Major Categories of IS Security Threats  Accidents and natural disasters  Unauthorized Access Thefts, eavesdropping, masquerading, etc.  Computer Malware Viruses, worms, Trojan horses, spyware, adware, etc.  Spamming and phishing  Cyber warfare Denial of service (DoS) attacks, online vandalism, etc. 6

7 Example: Password Security  Calculated guessing  Brute force attacks Exhaustive search until a match is found How long would it take? How long  Shoulder surfing  Social engineering 7

8 Example: Denial of Service (DoS) Attacks Attackers prevent legitimate users from accessing services Targets include servers and communication circuits The Estonian AttackEstonian Attack Distributed DoS attacks Use compromised computers (zombies or botnets) to launch massive attacks 8

9 Protecting Information Resources IS Security Audits (Risk Analysis) Indentify information assets Prioritize assets to be protected 9 There is always risk! And then there is real risk!

10 Risk Mitigation Strategies Risk limitation – Implement countermeasures (controls) Risk acceptance – Prepared to absorb damages Risk transfer – Transfer risks to a third party

11 Sample Risk Limitation Worksheet 1. Disaster recovery plan 2. Halon fire system/sprinklers 3. Not on or below ground level 4. UPS on servers 5. Contract guarantees from IXCs 6. Extra backbone fiber laid between servers 7. Virus checking software present 8. Extensive user training on viruses 9. Strong password software 10. Extensive user training on security 11. Application Layer firewall Threats Assets (w/ priority) Disruption and Disaster Fire Flood Power Circuit Virus Loss Failure Unauthorized Access External Internal Eavesdrop Intruder (92) Mail Server 1,2 1,3 4 5, 6 7, 89, 10, 11 9, 10 (90) Web Server 1,2 1,3 4 5, 6 7, 8 9, 10, 11 9, 10 (90) DNS Server 1,2 1,3 4 5, 6 7, 89, 10, 11 9, 10 (50) Computers on 6 th floor 1,2 1,3 7, 810, 11 10 (50) 6 th floor LAN circuits 1,2 1,3 (80) Building A Backbone 1,2 1,3 6 (100) Database Server 9 9 ……………………………………………… Countermeasures 1,2 1,3 4 5, 6 7, 8 11

12 Access Control Mechanisms  Physical Controls  Chain and locks  Network Controls  Firewalls  Virtual Private Networks (VPNs)  Employee monitoring systems  Authentication and Encryption techniques 12

13 Firewall Architecture for Large Organizations 13

14 Virtual Private Network and Tunneling 14

15 Employee Monitoring System 15

16 Authentication Techniques Something you know Strong password CAPTCHA Something you have Smart cards / keys Hardware authentication Something you are or you do Biometrics 16

17 Encryption Techniques  Mathematical manipulation of digital data to provide Confidentiality – only intended recipient can read a message Authentication – proving one’s identity Information Integrity – assurance of unaltered message Nonrepudiation – using digital signatures to prevent disputes between parties exchanging messages 17

18 Every encryption method has two parts: a mathematical procedure and a key Example procedure — shift in alphabetical order by N letters Example key — N = 4 PlaintextEncryptionCiphertextDecryptionPlaintext “TAKEOVER”“XEOISZIV”“TAKEOVER” Procedure + Key Procedure + Key Transmitted The Encryption Concept 18

19 Encryption: Key Length The key is a value that may be “guessed” by exhaustive search (brute force attacks) A large key makes exhaustive search very difficult or virtually impossible If key length is n bits, 2 n tries may be needed Weak key: up to 56 bits Strong key: 128 bits or longer Key size (bits) Number of Alternative Keys Time Required at 10 6 tries/sec Time Required at 10 12 tries/sec 562 56 = 7.2 x 10 16 1,142 years10 hours 1282 128 = 3.4 x 10 38 5.4 x 10 24 years5.4 x 10 18 years 19

20 Common Encryption Techniques  Symmetric (private) key encryption system Sender and recipient use the same key Key distribution and management problems  Asymmetric (public) key encryption system Each individual has a pair of keys Public key – freely distributed Private key – kept secret 20

21 How Public Key Encryption Works 21 DecryptEncrypt

22 E-Commerce Security  Certificate Authority Third party – trusted middleman Verifies trustworthiness of a Web site Checks for identity of a computer Provides public keys  Secure Sockets Layer (SSL) Developed by Netscape Standard technique for secure e-commerce transactions ( https ) 22

Download ppt "CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information."

Similar presentations

4 Information Security.

4 Information Security.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Computer and Network Security Mini Lecture by Milica Barjaktarovic.

Computer and Network Security Mini Lecture by Milica Barjaktarovic.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Chapter 9 Information Systems Ethics, Computer Crime, and Security.

Chapter 9 Information Systems Ethics, Computer Crime, and Security.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Introduction Security is a major networking concern. 90% of the respondents to the 2004 Computer Security Institute/FBI Computer Crime and Security Survey.

Introduction Security is a major networking concern. 90% of the respondents to the 2004 Computer Security Institute/FBI Computer Crime and Security Survey.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
E-Commerce Security and Fraud Issues and Protections

E-Commerce Security and Fraud Issues and Protections
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Chapter 19 Security.

Chapter 19 Security.
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.

 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.

Similar presentations

Ads by Google