Presentation is loading. Please wait.

Presentation is loading. Please wait.

MIS105 Chapter 14 Security and Privacy. Objectives Explain the different types of computer crime and the difficulties of discovery and prosecution Describe.

Published byHollie Jordan Modified over 7 years ago

Similar presentations

Presentation on theme: "MIS105 Chapter 14 Security and Privacy. Objectives Explain the different types of computer crime and the difficulties of discovery and prosecution Describe."— Presentation transcript:

1 MIS105 Chapter 14 Security and Privacy

2 Objectives Explain the different types of computer crime and the difficulties of discovery and prosecution Describe the aspects of securing corporate data, including software and data security, disaster recovery plans, and security legislation Describe in general terms how viruses work, the damage they can cause, and procedures used to prevent this damage Explain the threats to personal privacy posed by computers and the Internet. Describe actions you can take to maximize your privacy MIS105: Security & Privacy

3 Security and Privacy Security – data stored on computer must be kept safe Privacy – private data must be kept away from prying eyes MIS105: Security & Privacy

4 Computer Crime Hacker – someone who attempts to gain access to computer systems illegally Originally referred to as someone with a high degree of computer expertise Originally referred to as someone with a high degree of computer expertise Social engineering – a tongue-in-cheek term for con artist actions Social engineering – a tongue-in-cheek term for con artist actions Persuade people to give away password Persuade people to give away password information information Cracker – someone who uses the computer to engage in illegal activity MIS105: Security & Privacy

5 Computer Crime Most commonly reported categories Credit card fraud Credit card fraud Data communications fraud Data communications fraud Unauthorized access to computer files Unauthorized access to computer files Unlawful copying of copyrighted software Unlawful copying of copyrighted software MIS105: Security & Privacy

6 Methods Computer Criminals Use Bomb Data diddling Data diddling Denial of service attacks Denial of service attacks Piggybacking Salami technique Salami technique Scavenging Trapdoor Trojan horse Trojan horse Zapping MIS105: Security & Privacy

7 Bomb Causes a program to trigger damage under certain conditions Usually set to go off at a later date Usually set to go off at a later date Sometimes planted in commercial software Shareware is more prone to having a bomb planted in it Shareware is more prone to having a bomb planted in it Return MIS105: Security & Privacy

8 Data Diddling Refers to changing data before or as it enters the system Examples include forging or counterfeiting documents used for data entry and exchanging valid disks and tapes with modified replacements. forging or counterfeiting documents used for data entry and exchanging valid disks and tapes with modified replacements. Auditors must verify accuracy of the source data as well as the processing that occurs Return MIS105: Security & Privacy

9 Denial of Service Attack Hackers bombard a site with more requests than it can possibly handle Prevents legitimate users from accessing the site Prevents legitimate users from accessing the site Hackers can cause attacks to come from many different sites simultaneously Hackers can cause attacks to come from many different sites simultaneously Return MIS105: Security & Privacy

10 Piggybacking An illicit user “rides” into the system on the back of an authorized user If the user does not exit the system properly, the intruder can continue where the original user has left off If the user does not exit the system properly, the intruder can continue where the original user has left off Always log out of any system you log into Return MIS105: Security & Privacy

11 Salami Technique An embezzlement technique where small “slices” of money are funneled into accounts Also known as penny shaving It would be done by always rounding down, and putting the fractions of a cent into another account. The idea is to make the change small enough that any single transaction will go undetected. It would be done by always rounding down, and putting the fractions of a cent into another account. The idea is to make the change small enough that any single transaction will go undetected. Return MIS105: Security & Privacy

12 Scavenging Searching company trash cans and dumpsters for lists of information Thieves will search garbage and recycling bins of individuals looking for bank account numbers, credit card numbers, etc. Thieves will search garbage and recycling bins of individuals looking for bank account numbers, credit card numbers, etc. Shared documents that contain personal information Return MIS105: Security & Privacy

13 Trapdoor An illicit program left within a completed legitimate program Allows subsequent unauthorized and unknown entry by the perpetrator to make changes to the program Allows subsequent unauthorized and unknown entry by the perpetrator to make changes to the program Return MIS105: Security & Privacy

14 Trojan Horse Involves illegal instructions placed in the middle of a legitimate program Program does something useful, but the Trojan horse instructions do something destructive in the background Program does something useful, but the Trojan horse instructions do something destructive in the background Return MIS105: Security & Privacy

15 Zapping Refers to a variety of software designed to bypass all security systems Return MIS105: Security & Privacy

16 White-Hat Hackers Hackers that are paid by a company to break into that company’s computer systems Expose security holes and flaws before criminals find them Expose security holes and flaws before criminals find them Once exposed, flaws can be fixed Once exposed, flaws can be fixed MIS105: Security & Privacy

17 Discovery and Prosecution Crimes are often undetected When they are detected, they are often not reported When they are detected, they are often not reported Prosecution is difficult Law enforcement agencies and prosecutors are ill- equipped to handle computer crime Law enforcement agencies and prosecutors are ill- equipped to handle computer crime Judges and juries often don’t understand computer crime Judges and juries often don’t understand computer crime Congress passed the Computer Fraud and Abuse Act to increase awareness of computer crime MIS105: Security & Privacy

18 Computer Forensics Uncovering computer-stored information suitable for use as evidence in courts of law Restores files and/or e-mail messages that someone has deleted Restores files and/or e-mail messages that someone has deleted Some experts are available for hire, but most are on the staffs of police departments and law firms MIS105: Security & Privacy

19 Security: Playing It Safe Security – a system of safeguards Protects system and data from deliberate or accidental damage Protects system and data from deliberate or accidental damage Protects system and data from unauthorized access Protects system and data from unauthorized access MIS105: Security & Privacy

20 Controlling Access Four means of controlling who has access to the computer What you have What you have What you have What you have What you know What you know What you know What you know What you do What you do What you do What you do What you are What you are What you are What you are MIS105: Security & Privacy

21 What You Have Requires you to have some device to gain access to the computer Badge, key, or card to give you physical access to the computer room or a locked terminal Badge, key, or card to give you physical access to the computer room or a locked terminal Debit card with a magnetic strip gives you access to your bank account at an ATM Debit card with a magnetic strip gives you access to your bank account at an ATM Active badge broadcasts your location by sending out radio signals Active badge broadcasts your location by sending out radio signals Return MIS105: Security & Privacy

22 What You Know Requires you to know something to gain access Password and login name give you access to computer system Password and login name give you access to computer system Cipher locks on doors require you to know the combination to get in Cipher locks on doors require you to know the combination to get in Return MIS105: Security & Privacy

23 What You Do Software can verify scanned and online signatures Return MIS105: Security & Privacy

24 What You Are Uses biometrics – the science of measuring body characteristics Uses fingerprinting, voice pattern, retinal scan, etc. to identify a person Uses fingerprinting, voice pattern, retinal scan, etc. to identify a person Can combine fingerprinting and reading a smart card to authenticate Return MIS105: Security & Privacy

25 A Disaster Recovery Plan A method of restoring computer processing operations and data files in the event of major destruction Several approaches Manual services Manual services Buying time at a service bureau Buying time at a service bureau Consortium Consortium Consortium Plan should include priorities for restoring programs, plans for notifying employees, and procedures for handling data in a different environment MIS105: Security & Privacy

26 A Consortium A joint venture among firms to support a complete computer facility Used only in the event of a disaster Used only in the event of a disaster Hot site – a fully equipped computer center Hot site – a fully equipped computer center Cold site – an empty shell in which a company can install its own computer system Cold site – an empty shell in which a company can install its own computer system Return MIS105: Security & Privacy

27 Software Security Who owns custom-made software? What prevents a programmer from taking a copy of the program? Answer is well established If the programmer is employed by the company, the software belongs to the company If the programmer is employed by the company, the software belongs to the company If the programmer is a consultant, ownership of the software should be specified in the contract If the programmer is a consultant, ownership of the software should be specified in the contract MIS105: Security & Privacy

28 Data Security Several techniques can be taken to prevent theft or alteration of data Secured waste Secured waste Internal controls Internal controls Auditor checks Auditor checks Applicant screening Applicant screening Passwords Passwords Built-in software protection Built-in software protection MIS105: Security & Privacy

29 Personal Computer Security Physical security of hardware Secure hardware in place with locks and cables Secure hardware in place with locks and cables Avoid eating, drinking, and smoking around computers Avoid eating, drinking, and smoking around computers MIS105: Security & Privacy

30 Protecting Disk Data Use a surge protector to prevent electrical problems from affecting data files Uninterruptible Power Supply includes battery backup Provides battery power in the event power is lost Provides battery power in the event power is lost Allows users to save work and close files properly Allows users to save work and close files properly Back up files regularly MIS105: Security & Privacy

31 Backing Up Files Back up to tape drive, CD-RW, or DVD- RAM You can use software that automatically backs up at a certain type of day You can use software that automatically backs up at a certain type of day Disk mirroring Makes second copy of everything you put on disk to another hard disk Makes second copy of everything you put on disk to another hard disk MIS105: Security & Privacy

32 Types of Backup Three types of backup Full backup – copies everything from the hard drive Full backup – copies everything from the hard drive Differential backup – copies all files that have been changed since the last full backup Differential backup – copies all files that have been changed since the last full backup Incremental backup – copies only those files or parts of files that have been changed since either the last full backup, differential backup or last incremental backup Incremental backup – copies only those files or parts of files that have been changed since either the last full backup, differential backup or last incremental backup Comprehensive backup plan involves periodic full backups, complemented by more frequent incremental or differential backups MIS105: Security & Privacy

33 Computer Pests Worm Virus MIS105: Security & Privacy

34 Worm A program that transfers itself from computer to computer Plants itself as a separate file on the target computer’s disks Plants itself as a separate file on the target computer’s disks Fairly rare Fairly rare SQL Slammer worm disabled many Web servers in January 2003 Return MIS105: Security & Privacy

35 Virus A set of illicit instructions that passes itself on to other files Transmitting a virus can cause tremendous damage to computer and data files Transmitting a virus can cause tremendous damage to computer and data files Can be prevented Can be prevented Return MIS105: Security & Privacy

36 Transmitting a Virus Viral instructions inserted into a game or file Typically distributed via the Web or e-mail Typically distributed via the Web or e-mail Users download the file onto their computers Every time the user opens that file, virus is loaded into memory As other files are loaded into memory, they become infected As other files are loaded into memory, they become infected Return MIS105: Security & Privacy

37 Damage from Viruses Some are benign, but many cause serious damage Some attach themselves to operating systems, where they can affect how the computer works Some attach themselves to operating systems, where they can affect how the computer works Some delete data files or attempt to reformat your hard disk Some delete data files or attempt to reformat your hard disk Macro virus uses a program’s own programming language to distribute itself Macro virus uses a program’s own programming language to distribute itself Organizations and individuals spend billions of dollars defending computers against viruses Return MIS105: Security & Privacy

38 Virus Prevention Antivirus software Detects virus signature Detects virus signature Scans hard disk every time you boot the computer Scans hard disk every time you boot the computer Viruses tend to show up on free software or software downloaded from the Internet Use antivirus software to scan files before you load them on your computer Use antivirus software to scan files before you load them on your computer Often distributed as e-mail attachments Do not open e-mail attachments without scanning them or if you do not know the person sending the e- mail Do not open e-mail attachments without scanning them or if you do not know the person sending the e- mail Return MIS105: Security & Privacy

39 Virus Myths You cannot get infected by simply being online If you download and execute an infected file, you can get infected If you download and execute an infected file, you can get infected Although most e-mail viruses are in attachments that must be opened, it is possible to get infected by viewing an e-mail You cannot get infected from data If graphics files include a viewer, that program could contain a virus If graphics files include a viewer, that program could contain a virus Return MIS105: Security & Privacy

40 Protecting Your Privacy Data you give to organizations is often sold or rented to other organizations Massive databases make it easy and inexpensive to learn almost anything about anybody Massive databases make it easy and inexpensive to learn almost anything about anybody Legislation exists to protect your privacy MIS105: Security & Privacy

41 Privacy Legislation Fair Credit Reporting Act Fair Credit Reporting Act Freedom of Information Act Freedom of Information Act Federal Privacy Act Federal Privacy Act Video Privacy Protection Act Video Privacy Protection Act Computer Matching and Privacy Protection Act Computer Matching and Privacy Protection Act Health Insurance Portability and Accountability Act Health Insurance Portability and Accountability Act MIS105: Security & Privacy

42 Fair Credit Reporting Act Gives you access to your credit information Must be provided free if you have been denied credit Must be provided free if you have been denied credit Gives you the right to challenge your credit records Return MIS105: Security & Privacy

43 Freedom of Information Act Allows ordinary citizens to have access to data gathered about them by federal agencies Return MIS105: Security & Privacy

44 Federal Privacy Act Stipulates there can be no secret personal files Individuals must know what is stored in files about them and how the data will be used Organizations must be able to justify the need to obtain information Return MIS105: Security & Privacy

45 Video Privacy Protection Act Prevents retailers from disclosing a person’s video rental records without a court order Return MIS105: Security & Privacy

46 Computer Matching and Privacy Protection Act Prevents the government from comparing certain records in an attempt to find a match Return MIS105: Security & Privacy

47 Health Insurance Portability and Accountability Act Governs the security of health information records Requires employers, health care providers, and insurance companies to take steps to protect employees’ medical records Return MIS105: Security & Privacy

48 Security and Privacy Problems on the Internet With so many people on the Internet, how do you keep data secure? Several approaches Using a firewall Using a firewall Using a firewall Using a firewall Encryption Encryption Encryption Privacy issues Being monitored Being monitored Being monitored Being monitored Junk e-mail Junk e-mail Junk e-mail Junk e-mail MIS105: Security & Privacy

49 A Firewall A combination of hardware and software that sits between an organization’s network and the Internet All traffic between the two goes through the firewall All traffic between the two goes through the firewall Protects the organization from unauthorized access Protects the organization from unauthorized access Can prevent internal users from accessing inappropriate Internet sites Can prevent internal users from accessing inappropriate Internet sites Return MIS105: Security & Privacy

50 Encryption Scrambling data so that it can only be read by a computer with the appropriate key. Used in online payment systems. Encryption key converts the message into an unreadable form/codes Encryption key converts the message into an unreadable form/codes Message can be decrypted/decoded only by a computer with the proper key Message can be decrypted/decoded only by a computer with the proper key Private key encryption – sending and receiving computers share the same key. Less secured- If either computer is hacked the single key may be stolen Public key encryption – encryption software generates 2 different keys for the sender and receiver. More secured as decoding message requires both keys to be stolen Return MIS105: Security & Privacy

51 Being Monitored Employers can monitor employees’ e-mail, use of the Internet, and count the number of keystrokes per minute Employees are often unaware they are being monitored Employees are often unaware they are being monitored Web sites can easily collect information when a user just visits the site Web sites use cookies to store your preferences Web sites use cookies to store your preferencescookies Return MIS105: Security & Privacy

52 Cookies A small text file stored on your hard drive File is sent back to the server each time you visit that site Stores preferences, allowing Web site to be customized Stores preferences, allowing Web site to be customized Stores passwords, allowing you to visit multiple pages within the site without logging in to each one Stores passwords, allowing you to visit multiple pages within the site without logging in to each one Tracks surfing habits, targeting you for specific types of advertisements Tracks surfing habits, targeting you for specific types of advertisements Return MIS105: Security & Privacy

53 Spamming Mass advertising via e-mail Can overflow your e-mail inbox Can overflow your e-mail inbox Bogs down your e-mail server, increasing the cost of e-mail service Bogs down your e-mail server, increasing the cost of e-mail service Preventing spam Preventing spam Return MIS105: Security & Privacy

54 Preventing Spam Many ways you can minimize junk e-mail Be careful how you give out your e-mail address Be careful how you give out your e-mail address Filtering software allows you to block messages or send them to designated folders Filtering software allows you to block messages or send them to designated folders Don’t register at Web sites without a promise the Web site will not sell your information Don’t register at Web sites without a promise the Web site will not sell your information NEVER respond to spam NEVER respond to spam Antispamming legislation is being proposed in many states Return MIS105: Security & Privacy

Download ppt "MIS105 Chapter 14 Security and Privacy. Objectives Explain the different types of computer crime and the difficulties of discovery and prosecution Describe."

Similar presentations

Computers: Tools for an Information Age Chapter 10 Security and Privacy: Computers and the Internet.

Computers: Tools for an Information Age Chapter 10 Security and Privacy: Computers and the Internet.
The Internet Crime Kathi Subramaniyam CS-403. Overview Internet crime Types of Crime Security features Future.

The Internet Crime Kathi Subramaniyam CS-403. Overview Internet crime Types of Crime Security features Future.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Welcome to CMPE003 Personal Computers: Hardware and Software Dr. Chane Fullmer Fall 2002 UC Santa Cruz.

Welcome to CMPE003 Personal Computers: Hardware and Software Dr. Chane Fullmer Fall 2002 UC Santa Cruz.
Chapter 9 Information Systems Ethics, Computer Crime, and Security.

Chapter 9 Information Systems Ethics, Computer Crime, and Security.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.

Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.
Unit 18 Data Security 1.

Unit 18 Data Security 1.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.

Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
SECURITY AND PRIVACY: COMPUTERS AND THE INTERNET Chapter 10.

SECURITY AND PRIVACY: COMPUTERS AND THE INTERNET Chapter 10.
Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.

Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.
Chapter 11 Security and Privacy: Computers and the Internet.

Chapter 11 Security and Privacy: Computers and the Internet.
Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,

Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,

Similar presentations

Ads by Google