Lecture 12 Information Security and Confidentiality (Chapter 12)

Slides:



Advertisements
Similar presentations
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Advertisements

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
Ethics, Privacy and Information Security
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 9: Privacy, Crime, and Security
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Information Security Policies and Standards
Privacy, Confidentiality, and Security M8120 Fall 2001.
Lecture 10 Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Security Awareness: Applying Practical Security in Your World
CSUN Information Systems IS312 Information Systems for Business Lecture 9 Ethic & Information Security.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Objectives Overview Define the term, digital security risks, and briefly describe the types of cybercriminals Describe various types of Internet and network.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
Securing Information Systems
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
BUSINESS B1 Information Security.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
C8- Securing Information Systems
8.1 © 2007 by Prentice Hall Minggu ke 6 Chapter 8 Securing Information Systems Chapter 8 Securing Information Systems.
Today’s Lecture Covers < Chapter 6 - IS Security
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Privacy, Confidentiality, Security, and Integrity of Electronic Data
McGraw-Hill Technology Education © 2006 by the McGraw-Hill Companies, Inc. All rights reserved CHAPTER PRIVACY AND SECURITY.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
CHAPTER 7: PRIVACY, CRIME, AND SECURITY. Privacy in Cyberspace  Privacy: an individual’s ability to restrict or eliminate the collection, use and sale.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Information Systems Security
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
CPS ® and CAP ® Examination Review OFFICE SYTEMS AND TECHNOLOGY, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Chap1: Is there a Security Problem in Computing?.
Chapter 7 1Artificial Intelligent. OBJECTIVES Explain why information systems need special protection from destruction, error, and abuse Assess the business.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Security and Ethics Safeguards and Codes of Conduct.
CPT 123 Internet Skills Class Notes Internet Security Session B.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.
ESTABLISHING AND MANAGING IT SECURITY Prepared by : Siti Mahani Mahmud Yong Azua Mat Zaliza Azan.
Computer Security Keeping you and your computer safe in the digital world.
Securing Information Systems
Security Issues in Information Technology
Securing Information Systems
Privacy, Confidentiality, and Security
Understanding HIPAA Dr. Jennifer Lu.
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Securing Information Systems
INFORMATION SYSTEMS SECURITY and CONTROL
Introduction to the PACS Security
Presentation transcript:

Lecture 12 Information Security and Confidentiality (Chapter 12)

1.Privacy, confidentiality, information privacy, and information security and the relationships among them. 2.How information system security affects privacy, confidentiality, and security. 3.The significance of security for information integrity 4.Potential threats to system security and information. 5.Security measures to protect information IS 531 : Lecture 122 Learning Objectives

Security Concern Information security and confidentiality of personal information represent major concerns in today’s society amidst growing reports of stolen and compromised information. Globalization and increased use of internet Evolving technology and intrusion techniques Information must be protected through a combination of electronic and manual methods IS 531 : Lecture 123

Information Security The protection of information against threats to its integrity, inadvertent disclosure, or availability determines the survivability of a system IS 531 : Lecture 124

Privacy Freedom from intrusion, or control over the exposure of self or of personal information The right to determine what information is collected, how it is used, and the ability to review collected information for accuracy and security IS 531 : Lecture 125

Confidentiality The protection of healthcare information is mandated by the Health Insurance Portability and Accountability Act (HIPAA) and the Joint Commission requirements. Must not disclose patient-related information without consent Share info only with the parties requiring it for client treatment Mostly due to careless communication in a public area or with appropriate person IS 531 : Lecture 126

Information/Data Privacy The storage and disclosure/dissemination of personally identifiable information The right to choose the conditions and extent to which information and beliefs are shared The right to ensure accuracy of information collected IS 531 : Lecture 127

Consent The process by which an individual authorizes healthcare personnel to process his or her information based on an informed understanding of how this information will be used Entails making the individual aware of risks to privacy and measures to protect it IS 531 : Lecture 128

Information System Security Ongoing protection of both information stored in the system and the system itself from threats or disruption Primary goals : – Protection of client confidentiality – Protection of information integrity – Timely availability of information when needed IS 531 : Lecture 129

Security Planning Safeguard against: – Downtime – Breeches in confidentiality – Loss of consumer confidence – Cybercrime – Liability – Lost productivity Ensure compliance with HIPAA IS 531 : Lecture 1210

Steps to Security Assessment of risks and assets An organizational plan A “culture” of security The establishment and enforcement of policies IS 531 : Lecture 1211

Threats to System Security and Information Human threats – Thieves – Hackers and crackers – Denial of service attacks – Terrorists – Viruses, worms – Revenge attacks – Pirated Web sites IS 531 : Lecture 1212

Threats to System Security and Information … On-site threats – Poor password management – Compromised device – Human error – Unauthorized insider access – Flooding site – Power fluctuations Fires and natural disasters IS 531 : Lecture 1213

Security Measures Firewalls—barrier created from software and hardware Antivirus and spyware detection User sign-on and passwords or other means of identity management Access on a need-to-know basis Automatic sign-off Physical restrictions to system access IS 531 : Lecture 1214

Authentication Process of determining whether someone is who he or she claims to be Methods: – access codes, – logon passwords, – digital certificates, – public or private keys used for encryption – biometric measures IS 531 : Lecture 1215

Password String of alphanumeric characters to type in for system access Inexpensive but not the most effective means of authentication Do: – Choose 8-12 character passwords – Avoid obvious passwords – Using the first characters of your favorites verses / sayings. – Including special characters, lower and upper cases, numbers. IS 531 : Lecture 1216

Password … Don’t: – Post or write down passwords. – Leave computers or applications running when not in use. – Re-use the same password for different systems. – Use the browser “save password” feature. Never share passwords. Change password frequently IS 531 : Lecture 1217

Biometrics Identification based on a unique biological trait – fingerprint – voice – iris pattern / retinal scan – hand geometry / palmprint – face recognition – etc… IS 531 : Lecture 1218

Antivirus Software Computer programs that can locate and eradicate viruses and other malicious programs from memory sticks, storage devices, individual computers, and networks Detect and eliminate malwares / spywares that install themselves without the user’s permission to collect passwords, PIN numbers, account numbers then send them to another party IS 531 : Lecture 1219

Antivirus Software IS 531 : Lecture 1220 Source :

Proper Handling and Disposal Acceptable uses Audit trails to monitor access Encourage review for accuracy Establish controls for information use after-hours and off-site Shred or use locked receptacles for the disposal of items containing personal health information IS 531 : Lecture 1221

Implications for Mobile Computing Shared responsibility for information and information system security Devices are easily stolen. Devices should require authentication and encryption to safeguard information security. Devices should never be left where information may be seen by unauthorized viewers. Verify wireless networks before use. IS 531 : Lecture 1222

Firewall IS 531 : Lecture 1223

Physical vs. Logical Access / Controls IS 531 : Lecture 1224

Encryption IS 531 : Lecture 1225 I S Binary Codes ASCII (American Standard Code for Information Interchange) : 8 bits EBCDIC (Extended Binary-Coded Decimal Interchange Code ) : 16 bits Unicode : 32 bits and more

Encoding IS 531 : Lecture 1226 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z DROPBOX TONIGHT F G H I J K L M N O P Q R S T U V W X Y Z A B C D E IWTUGTC YTSNLMY Normal sequence : Encoded sequence : Message : Encoded message :

Public Keys IS 531 : Lecture 1227

References CMU - Security 101 (2011) urity101-v2.pdf CMU - Governing for Enterprise Security (2005) alNote/2005_004_001_14513.pdf IS 531 : Lecture 1228

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.