1. McGraw-Hill/Irwin ©2005 The McGraw-Hill Companies, All rights reserved ©2005 The McGraw-Hill Companies, All rights reserved McGraw-Hill/Irwin

2. McGraw-Hill/Irwin ©2005 The McGraw-Hill Companies, All rights reserved CHAPTER 8 PROTECTING PEOPLE AND INFORMATION Threats and Safeguards PROTECTING PEOPLE AND INFORMATION Threats and Safeguards

3. 8-3 OPENING CASE STUDY They Know about 96 Percent of American Households The Acxiom company, in Little Rock, handles consumer information for marketing purposes Acxiom gets information from the three major credit bureaus

4. 8-4 OPENING CASE STUDY Customers: 9 of the 10 largest credit-card issuers Acxiom has 20 billion records on –110 million people –96% of households Makes and sells lists to customers Merges and protects databases

5. 8-5 STUDENT LEARNING OUTCOMES 1.Define ethics and describe the two factors that affect how you make a decision concerning an ethical issue 2.Define and describe intellectual property, copyright, Fair Use Doctrine, and pirated and counterfeit software 3.Define privacy and describe the ways in which it can be threatened

6. 8-6 STUDENT LEARNING OUTCOMES 4.Describe the two ways that information is valuable to business 5.Describe the ways in which information on your computer or network is vulnerable

7. 8-7 STUDENT LEARNING OUTCOMES 6.Define risk management and risk assessment and describe the seven security measures that companies can take to protect their information

8. 8-8 INTRODUCTION Handling information responsibly means understanding the following issues –Ethics –Personal privacy –Value of information –Threats against information –Protection of information

9. 8-9 INTRODUCTION

10. 8-10 ETHICS Ethics – the principles and standards that guide our behavior toward other people Ethics are rooted in history, culture, and religion

11. 8-11 Factors that Determine How You Decide Ethical Issues Actions in ethical dilemmas determined by 1.Your basic ethical structure 2.The circumstances of the situation Your basic ethical structure determines what you consider to be –Minor ethical violations –Serious ethical violations –Very serious ethical violations

12. 8-12 Factors that Determine How You Decide Ethical Issues The circumstances of the situation –Consequences of the action or inaction –Society’s opinion of the action or inaction –Likelihood of effect of action or inaction –Time to consequences of action or inaction –Relatedness of people who will be affected by action or inaction –Reach of result of action or inaction

13. 8-13 Your Ethical Structure

14. 8-14 Guidelines for Ethical Computer System Use Talk to someone whose judgment you trust Visit company’s ethical ombudsman Ask lots of questions about what you’re being asked to do (couch questions in terms of company’s best interest) You may have to refuse to do something you consider unethical

15. 8-15 Acting Ethically and Acting Legally Are Not Necessarily the Same Thing

16. 8-16 Intellectual Property Intellectual property – intangible creative work that is embodied in physical form Copyright – legal protection afforded an expression of an idea Fair Use Doctrine – may use copyrighted material in certain situations

17. 8-17 Intellectual Property Using copyrighted software without permission violates copyright law Pirated software – the unauthorized use, duplication, distribution, or sale of copyrighted software Counterfeit software – software manufactured to look like the real thing and sold as such

18. 8-18 PRIVACY Privacy – the right to left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent Dimensions of privacy –Psychological: to have a sense of control –Legal: to be able to protect yourself

19. 8-19 Privacy and Other Individuals Key logger (key trapper) software – a program that, when installed on a computer, records every keystroke and mouse click Screen capture programs – capture screen from video card E-mail is stored on many computers as it travels from sender to recipient

20. 8-20 The E-Mail You Send Is Stored on Many Computers

21. 8-21 Identity Theft Number of victims keeps growing –2001: 1 million victims –2002: 3 million victims –2003: 10 million victims Identity theft – the forging of someone’s identity for the purpose of fraud

22. 8-22 Identity Theft by Age of Victims

23. 8-23 Identity Theft Phishing (carding, brand spoofing) – a technique to gain personal information for the purpose of identity theft NEVER –Reply without question to an e-mail asking for personal information –Click directly on a Web site provided in such an e-mail

24. 8-24 Privacy and Employees Companies need information about their employees to run their business effectively In 2001, 63% of companies monitored employee Web activity Facts about employee use of Web –70% of Web traffic occurs during work hours –78% of employers reported abuse –60% employees admitted abuse

25. 8-25 Privacy and Employees Cyberslacking – misuse of company resources –Visiting inappropriate sites –Gaming, chatting, stock trading, etc. Hardware key logger – hardware device that captures keystrokes moving between keyboard and motherboard

26. 8-26 Monitoring Technology Example of cost of misuse –Watching an online fashion show uses as much bandwidth as downloading the entire Encyclopedia Britannica Reasons for monitoring –Hire the best people possible –Ensure appropriate behavior on the job –Avoid litigation for employee misconduct

27. 8-27 Privacy and Consumers Consumers want businesses to –Know who they are, but not to know too much –Provide what they want, but not gather information on them –Let them know about products, but not pester them with advertising

28. 8-28 Cookies Cookie – a small file that contains information about you and your Web activities, which a Web site places on your computer Handle cookies by using –Web browser cookie management option –Buy a program that manages cookies

29. 8-29 Spam Spam – unsolicited e-mail from businesses advertising goods and services Gets past spam filters by –Inserting characters –Inserting HTML tags that do nothing Replying usually increases, rather than decreases, amount of spam

30. 8-30 Adware and Spyware Adware – software to generate ads that installs itself when you download another program Spyware (sneakware, stealthware) – software that comes hidden in downloaded software and helps itself to your computer resources

31. 8-31 Adware in Free Version of Eudora

32. 8-32 Trojan Horse Software Trojan horse software – software you don’t want inside software you do want Some ways to detect Trojan horse software –AdAware at www.lavasoftUSA.comwww.lavasoftUSA.com –The Cleaner at www.moosoft.comwww.moosoft.com –Trojan First Aid Kit (TFAK) at www.wilders.orgwww.wilders.org –Check it out before you download at www.spychecker.com www.spychecker.com

33. 8-33 Web Logs Web log – one line of information for every visitor to a Web site Anonymous Web browsing (AWB) – hides your identity from the Web sites you visit –The Anonymizer at www.anonymizer.comwww.anonymizer.com –SuftSecret at www.surfsecret.comwww.surfsecret.com

34. 8-34 Privacy and Government Agencies About 2,000 government agencies have databases with information on people Government agencies need information to operate effectively Whenever you are in contact with government agency, you leave behind information about yourself

35. 8-35 Government Agencies Storing Personal Information Law enforcement –NCIC (National Crime Information Center) –FBI Carnivore or DCS-1000 Magic Lantern (software key logger) –NSA (National Security Agency) Echelon collect electronic information by satellite

36. 8-36 Government Agencies Storing Personal Information IRS Census Bureau Student loan services FICA Social Security Administration Social service agencies Department of Motor Vehicles

37. 8-37 Privacy and International Trade EU has issued a directive that each member country must enact laws to protect the personal information of its citizens Safe-Harbor Principles – set of rules to which U.S. businesses that want to trade with the EU must adhere

38. 8-38 EU Directive on Privacy Gives citizens the rights to –Know the marketer’s source of information –Check personal information for accuracy –Correct any incorrect entries –Specify that information can’t be transferred to third party without express permission –Know the purpose for which the information is being collected

39. 8-39 Laws on Privacy Health Insurance Portability and Accountability Act (HIPAA) protects personal health information Financial Services Modernization Act requires that financial institutions protect personal customer information Other laws in Figure 8.7 on page 367

40. 8-40 INFORMATION Dual roles of information in business –As raw material: the building blocks of a product or service Screws, wood, paper, plastic, metal, etc. –As capital: the assets or support structure that enables the production of product or service Buildings, trucks, machinery, financing, etc.

41. 8-41 Information as Raw Material and Capital

42. 8-42 SECURITY Attacks on information and computer resources come from inside and outside the company Computer sabotage costs about $10 billion per year In general, employee misconduct is more costly than assaults from outside

43. 8-43 Security and Employees

44. 8-44 Security and Collaboration Partners In collaboration situations, you must share access with partners Grid computing – harnesses far-flung computers together by means of the Internet to boost resource base Grid computing also requires special attention to security

45. 8-45 Hacker Types

46. 8-46 Types of Cyber Crime Computer virus (virus) – software that is written with malicious intent to cause annoyance or damage Worm – type of virus that spreads itself from computer to computer usually via e-mail Denial-of-service (DoS) attack – floods a Web site with so many requests for service that it slows down or crashes

47. 8-47 Genealogy of Viruses

48. 8-48 Computer Viruses Can’t… Hurt your hardware –Ex: Monitors, printers, processors, etc. Hurt any files they weren’t designed to attack –Ex: A worm designed to attack Outlook won’t attack other e-mail programs Infect files on write-protected media

49. 8-49 Risk Management and Assessment Risk management – –The identification of risks or threats –The implementation of security measures –Monitoring of measures for effectiveness Risk assessment – asks –What can go wrong? –How likely is it to go wrong? –What will the consequences be?

50. 8-50 Security Precautions 1.Backup – process of making a copy of information 2.Anti-virus software – detects and removes or quarantines computer viruses 3.Firewall – hardware and/or software that protects a computer or network from intruders

51. 8-51 Security Precautions 4.Access Authentication –Biometrics – the use of physiological characteristics for identification purposes 5.Encryption – scrambles the contents of a file so that you can’t read it without the decryption key –Public Key Encryption (PKE) – an encryption system with two keys: a public for everyone and a private one for the recipient

52. 8-52 Security Precautions 6.Intrusion detection software – looks for people on the network who shouldn’t be there or who are acting suspiciously 7.Security-auditing software – checks out your computer or network for potential weaknesses

53. 8-53 CAN YOU… 1.Define ethics and describe the two factors that affect how you make a decision concerning an ethical issue 2.Define and describe intellectual property, copyright, Fair Use Doctrine, and pirated and counterfeit software 3.Define privacy and describe the ways in which it can be threatened

54. 8-54 CAN YOU… 4.Describe the two ways that information is valuable to business 5.Describe the ways in which information on your computer or network is vulnerable

55. 8-55 CAN YOU… 6.Define risk management and risk assessment and describe the seven security measures that companies can take to protect their information

56. McGraw-Hill/Irwin ©2005 The McGraw-Hill Companies, All rights reserved CHAPTER 8 End of Chapter 8