1. THREATS TO INFORMATION SYSTEMS
HARDWARE FAILURE, FIRE
SOFTWARE FAILURE, ELECTRICAL PROBLEMS
PERSONNEL ACTIONS, USER ERRORS
ACCESS PENETRATION, PROGRAM CHANGES
THEFT OF DATA, SERVICES, EQUIPMENT TELECOMMUNICATIONS PROBLEMS *

2. SECURITY
POLICIES, PROCEDURES, TECHNICAL MEASURES TO PREVENT UNAUTHORIZED ACCESS, ALTERATION, THEFT, PHYSICAL DAMAGE TO INFORMATION SYSTEMS *

3. HACKERS & COMPUTER VIRUSES
HACKER: Person gains access to computer for profit, criminal mischief, personal pleasure
COMPUTER VIRUS: Rouge program; difficult to detect; spreads rapidly; destroys data; disrupts processing & memory *

4. ANTIVIRUS SOFTWARE SOFTWARE TO DETECT ELIMINATE VIRUSES
ADVANCED VERSIONS RUN IN MEMORY TO PROTECT PROCESSING, GUARD AGAINST VIRUSES ON DISKS, AND ON INCOMING NETWORK FILES *
Notron and McAfee

5. SECURITY AND THE INTERNET
Encryption: The coding and scrambling of messages to prevent their being read or accessed without authorization.
Authentication: The ability of each party in a transaction to ascertain the identity of the other party.
Digital Signature: A digital code attached to an electronically transmitted message that uniquely identifies its contents and the sender.
Digital Certificate: An attachment to an electronic message that verifies the identity of the sender and provides the receiver with the means to encode a reply. (digital signature & public key)

6. Digital Certificates Also known as a digital ID
Guarantees:
Content Source
Content Integrity
Also known as a digital ID
An attachment to an message
Embedded in a Web page
Serves as proof that the holder is the person or company identified by the certificate
Encoded so that others cannot read or duplicate it
Digital Certificates are obtained from a “Certification Authority”
Verisign

7. Encrypt with public key Decrypt with private key
SECURITY AND THE INTERNET
PUBLIC KEY ENCRYPTION
Person1
Person2
SENDER
SCRAMBLED MESSAGE
RECIPIENT
Encrypt with public key
Decrypt with private key
If you want to receive encrypted messages:
Obtain a digital certificate from a certification authority (Verisign)
Owning a digital certificate allows you to RECEIVE encrypted
You (Person2) will be given a public key, private key, and digital signature
a message with your public key to Person1
Person1 will send Person2 an encoded with Person2’s public key
Person2 decrypts using private key
Anyone can have access to the public key, but the private key is not shared

8. Secure Sockets Layer (SSL) Protocol
Secures connections between two computers
Allows client and server computers to manage encryption and decryption activities as they communicate with each other during a secure web session
Certification authorities issue Server Digital Certificates
Authenticates your web site and encrypts data

9.
https: signifies SSL encryption is being used. DO NOT enter private data (credit card number) unless the site is secure (contains https: in the address)

10. - Microsoft’s .net Passport
Electronic Payment Systems for e-Commerce
DIGITAL WALLET: Software stores credit card, electronic cash, owner ID, address for e-commerce transactions
- Microsoft’s .net Passport
ELECTRONIC CASH: Digital currency
- BillPoint (eBay), Paypal
SMART CARD: Chip stores e-cash

11. Intellectual Property Rights
“The ownership of ideas and control over the tangible or virtual representation of those ideas”
Trademarks: protects novel marks & designs used in marketing & advertising for an indefinite period as long as in use.
Copyrights: protects the original expression of an idea; acquired when expression is created
Patents: protect novel inventions; Granted by Gov’t. to exclude others from making, using & selling invention; for a Limited period.

12. Benefits of a Trademark:
Indicates source of goods;
Gives notice to others by distinguishing one company’s goods & services from the goods & services of others;
Enhances ability to protect against trademark infringement;
Stands for value and uniform quality;
Trademarks are an advertising and marketing tool.

13. Trademark Basics What is a Mark? “Word” - Windows; “Name” - Microsoft;
“Symbol” - Flying grid;
“Color” - IBM BLUE on computers;
“Shape” - Coca-Cola Bottle;
“Slogan” - “Intel Inside”
        
                   
                     

14. What Does a Copyright Protect?
1. Writing/Literacy Works
2. Works of Art
3. Software
4. Video Tapes
5. Music
6. Web Content
“Harvard Law IP”
“The Copyright Web Site”

15. E-Commerce Copyrights
Software, documentation, databases, web site information and other information are valuable works of authorship that may need protection.
INFRINGEMENT
The law prevents others from treating these materials as being their own by copying them, posting them on the internet and distributing to others, as in the Napster litigation.

16. Copyright Notices: © 2001 General Electric Company All Rights Reservedor
Copyright, 2001 General Electric Company,
All Rights Reserved or
Copyright © 1999, 2001 GE Financial Assurance Holdings, Inc. All rights reserved.

17. Patent Basics “Patents web site”
Patents: Exclusive Right to Exclude Others from Making, Using or Selling Products and/or Services covered by Patent Claims.
“A patent is a government issued grant which confers on the inventor the right to exclude others from making, using, offering for sale, or selling the invention for what is now a period of 20 years.”
Issued by U.S. Patent and Trademark office

18. What is a Business Method or System?
A series of steps for accomplishing a task; an algorithm.
A process for delivering a service.
A system or method for managing data, or measuring and improving quality.
Analytical tools.
Financial instruments.
Methods of teaching.
Computer software embodying any of the preceding.

19. Business Method Patents
Example patents:
Priceline.com – “Name your price”
Sightsound.com – “Selling music through digital
downloads” - Demanding 1% royalty from
anyone selling music in digital form (CDNow)
Amazon.com – “one click ordering”
Open Market – “Electronic shopping carts and secure
internet payments”

20. Intellectual Property Threats
The Internet presents a tempting target for intellectual property threats
Very easy to reproduce an exact copy of anything found on the Internet
People are unaware of copyright restrictions, and unwittingly infringe on them
Fair use allows limited use of copyright material when certain conditions are met

21. Intellectual Property Threats
Cybersquatting
The practice of registering a domain name that is the trademark of another person or company
Cybersquatters hope that the owner of the trademark will pay huge dollar amounts to acquire the URL
U.S. Anticybersquatting Consumer Protection Act – 11/29/1999
Protects trademarked names from being registered as domain names.
Can be found liable for damages up to $300K.

22. If you are really into this stuff… check out the following pages.
No material after this page will be included on the test.

23. How to utilize a digital certificate (obtained from Verisign)
The process is outlined below
Publisher obtains a Software Developer Digital ID from VeriSign.
Publisher creates code.
Using the SIGNCODE.EXE utility, the publisher:
Creates a hash of the code, using an algorithm such as MD5 or SHA,
Encrypts the hash using his/her private key,
Creates a package containing the code, the encrypted hash, and the publisher's certificate.
The end user encounters the package.
The end user's Microsoft browser examines the publisher's Digital ID. Using the VeriSign root Public Key, which is already embedded in Authenticode-enabled applications, the end user browser verifies the authenticity of the Software Developer Digital ID (which is itself signed by the VeriSign root Private Key).
Using the publisher's public key contained within the publisher's Digital ID, the end user browser decrypts the signed hash.
The end user browser runs the code through the same hashing algorithm as the publisher, creating a new hash.
The end user browser compares the two hashes. If they are identical, the browser messages that the content has been verified by VeriSign, and the end user has confidence that the code was signed by the publisher identified in the Digital ID, and that the code hasn't been altered since it was signed.

24. Sending secure messages
As more people send confidential information by , it is increasingly important to be sure that documents sent in are not forged, and to be certain that messages you send cannot be intercepted and read by anyone other than your intended recipient.
By using "digital IDs" with Outlook Express, you can prove your identity in electronic transactions in a way similar to showing your driver's license when you cash a check. You can also a digital ID to encrypt messages, keeping them private. Digital IDs incorporate the S/MIME specification for secure electronic mail.
How do digital IDs work?
A digital ID is composed of a "public key," a "private key," and a "digital signature." When you digitally sign your messages, you are adding your digital signature and public key to the message. The combination of a digital signature and public key is called a "certificate." With Outlook Express, you can specify a certificate to be used by others to send encrypted messages to you. This certificate can be different from your signing certificate.
Recipients can use your digital signature to verify your identity; they can use your public key to send you encrypted mail that only you can read by using your private key. To send encrypted messages, your address book must contain digital IDs for the recipients. That way, you can use their public keys to encrypt the messages. When a recipient gets an encrypted message, their private key is used to decrypt the message for reading.
Before you can start sending digitally signed messages, you must obtain a digital ID. If you are sending encrypted messages, your address book must contain a digital ID for each recipient.
Where do you get digital IDs?
Digital IDs are issued by independent certification authorities. When you apply for a digital ID at a certification authority's Web site, they verify your identity before issuing an ID. There are different classes of digital IDs, each certifying to a different level of trustworthiness. For more information, use the Help at the certification authority's Web site.
How do you verify a digital signature?
With "revocation checking," you can verify the validity of a digitally signed message. When you make such a check, Outlook Express requests information on the digital ID from the appropriate certification authority. The certification authority sends back information on the status of the digital ID, including whether the ID has been revoked. Certification authorities keep track of certificates that have been revoked due to loss or termination.

25. Establishing an SSL Session
Client browser contacts server secure web site
Server sends hello request to browser (client)
Browser responds with a client hello
Two computers determine compression and
encryption standards they both support
Browser asks server for a digital certificate
“Prove to me you are
Server sends browser a certificate signed by
a certificate authority (CA)
Browser checks digital signature on the server
certificate against the public key of the CA
stored within the browser
This action authenticates the commerce server
SSL uses public-key and private-key encryption
For speed – SSL uses private key encryption for
nearly all its secure communications
Browser generates private key for both to share
Browser encrypts private key it has generated
using the servers public key
The servers public key is stored in the digital
certificate the server sent to the browser
during the authentication step
Browser sends encrypted private key to server
Private key encryption used from this point on
Shared private key also known as session key