1 Protecting Consumers from Themselves Presented by the State Information Security Office & the California Office of Privacy Protection September 13, 2007.

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

Computing Issues that Affect Us All lesson 30. This lesson includes the following sections: Computer Crime Computer Viruses Theft Computers and the Environment.
Outpost Office Firewall Product presentation. What is Outpost Office Firewall? Software firewall solution designed especially to meet small and medium.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.
15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.
Safe IT – Protect your computer and Family from unwanted programs viruses and websites.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
1 Computer Security: Protect your PC and Protect Yourself.
SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Issues Raised by ICT.
Internet safety By Lydia Snowden.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Chapter 11 Security and Privacy: Computers and the Internet.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Cyber Crimes.
Viruses.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Unit 19 INTERNET SECURITY
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
Cyber crime & Security Prepared by : Rughani Zarana.
Computer Security By: MacKenzie Olson. To be safer and more secure online, make these seven practices part of your online routine.
IT security By Tilly Gerlack.
COMP 2903 A27 – Why Spyware Poses Multiple Threats to Security Danny Silver JSOCS, Acadia University.
Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
State Data Center Oregon Consumer Identity Theft Protection Act Information Forum October 31, 2007.
Types of Electronic Infection
Eng. Hector M Lugo-Cordero, MS CIS4361 Department of Electrical Engineering and Computer Science February, 2012 University of Central Florida.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
The Privacy Symposium – Summer 2008 Identity Theft Resource Center Jay Foley, Executive Director Presents: Privacy: Pre- and Post-Breach © Aug 2007.
Data protection This means ensuring that stored data does not get changed, removed or accessed accidentally or by unauthorised people. Data can be corrupted,
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Crime committed using a computer and the internet to steal a person’s identity or illegal imports or malicious programs cybercrime is nothing but where.
COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.
Data Security.
Topic 5: Basic Security.
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.
IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
W elcome to our Presentation. Presentation Topic Virus.
Virus Assignment JESS D. How viruses affect people and businesses  What is a virus? A computer virus is a code or a program that is loaded onto your.
Spyware, Adware & Malware JEEP HOBSON JEEP HOBSON ITE-130 ITE-130 SPRING 2007 SPRING 2007.
Candidates should be able to:  describe the purpose and use of common utility programs for:  computer security (antivirus, spyware protection and firewalls)
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Cybersecurity Test Review Introduction to Digital Technology.
Computers Are Your Future Eleventh Edition Chapter 9: Privacy, Crime, and Security Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall1.
 Information privacy involves the protection of an individual’s personally identifiable information. Such information can include health records, criminal.
Information Systems Design and Development Security Risks Computing Science.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
Cyber crimes is the most popular news we come across daily In good olden days there were no development in the usage of computers as we have now As.
Technical Implementation: Security Risks
3.6 Fundamentals of cyber security
IT Security  .
Computing Issues that Affect Us All
A Trojan is a computer program that contains the malicious code and it misleads users and user's computer. It aims to designed to perform something is.
HOW DO I KEEP MY COMPUTER SAFE?
Computing Issues that Affect Us All
Computing Issues that Affect Us All
What is keystroke logging?
Identity Theft Samuel H. Slater.
Presentation transcript:

1 Protecting Consumers from Themselves Presented by the State Information Security Office & the California Office of Privacy Protection September 13, 2007

2 Keylogging – What is it? Keystroke logging or keylogging records the real time activity of a computer user, including the keys they press. Software is readily available on the Internet and free It can be used by malicious individuals to obtain passwords, encryption keys, and other personally identifiable information.

3 How does a user get this software on his PC? Keylogging software can be distributed via a trojan horse or a virus. It can be either hardware or software. Most common is software. Typically, a vulnerable user’s PC is not kept up-to-date with fixes, patches, and anti- spyware/anti-virus signatures.

4 How do users avoid getting it on their PCs? Monitor the programs running on PCs. Use anti-spyware/anti-virus programs and keep the signatures updated. Use a firewall to help prevent transmission of logged material over the Internet. Use network monitors to alert them whenever an application attempts to make a network connection.

5 What’s the issue for State government? Users, who unknowingly have keylogging software installed on their PCs, access State online applications. They enter their PII, such as name, SSN, DL#, home address, passoword, on the entry screen. All keystrokes are captured by keylogging software and obtained by hacker. The hacker can now use this PII for identity theft, fraud, and other criminal activities.

6 How did the SISO determine this was occurring? SISO was notified by US-CERT in September 06 – SISO has continued to receive numerous logs from them. – Logs are difficult to decipher, info is layered in a deep multi- folder structure. – Spreadsheets were created to capture the information. CHP investigated it – Determined it to be keylogging events on user PCs (several hundred events). – Some anomalies, but majority involved consumers.

7 Why can’t law enforcement capture the bad guys? It is almost impossible to capture pertinent evidence, since we do not have access to the consumer’s PC. Limited investigative information is provided in the logs given by US-CERT. Some indication that the hackers are out of the country.

8 Should we notify affected individuals? The State has done nothing to cause the problem. Hard to identify individuals found in the logs (very labor intensive). It would be an ongoing, never-ending effort. Therefore, we will not attempt to contact individuals.

9 What can State government do to protect consumers? Establish a “computer security center” Web page for consumers that will provide them important guidance on protecting their home computers. Require all State Web-based applications to place a link to the “computer security center” on every initial entry Web page where consumer PII is collected. May want to consider requiring it for systems that employees access remotely, too.

10

11

12 Next Steps Inform ISOs, Webmasters, & IT Council of computer security center. – – Graphic link button available on State Government page of Require State agencies to place a link to the computer security center on any Web page collecting PII. – Consider also requiring link on any employee online system that is accessed remotely.

13 Resources securityprivacy/g/keylogger.htm securityprivacy/g/keylogger.htm

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.