SlideShare uma empresa Scribd logo

Rainer+3e Student Pp Ts Ch03

Transferir como PPT, PDF
K
kbzdox ivanovich

Privacy. How much privacy do we have?

Tecnologia
1 de 79
CHAPTER 3 Ethics, Privacy and Information Security
CHAPTER OUTLINE 3.1 Ethical Issues 3.2 Threats to Information Security 3.3 Protecting Information Resources
LEARNING OBJECTIVES  Describe the major ethical issues related to information technology and identify situations in which they occur.  Describe the many threats to information security.  Understand the various defense mechanisms used to protect information systems.  Explain IT auditing and planning for disaster recovery.
NASA Loses Secret Information for Years
Ethical Issues  Ethics  Code of Ethics
Fundamental Tenets of Ethics  Responsibility  Accountability  Liability
Unethical vs. Illegal What is unethical is not necessarily illegal. Ethics scenarios
The Four Categories of Ethical Issues  Privacy Issues  Accuracy Issues  Property Issues  Accessibility Issues
Privacy Issues How much privacy do we have left?
You Be the Judge Terry Childs: Guilty or not Guilty?
Privacy Court decisions have followed two rules: (1) The right of privacy is not absolute. Your privacy must be balanced against the needs of society. (2) The public‟s right to know is superior to the individual‟s right of privacy.
Threats to Privacy  Data aggregators, digital dossiers, and profiling  Electronic Surveillance  Personal Information in Databases  Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites
Data Aggregators, Digital Dossiers, and Profiling
Electronic Surveillance
Electronic Surveillance  See "The State of Surveillance" article in BusinessWeek  See the surveillance slideshow  See additional surveillance slides  And you think you have privacy? (video)  Sense-through-the-Wall
Personal Information in Databases  Banks  Utility companies  Government agencies  Credit reporting agencies
Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites
Social Networking Sites Can Cause You Problems Anyone can post derogatory information about you anonymously. (See this Washington Post article.) You can also hurt yourself, as this article shows.
What Can You Do? First, be careful what information you post on social networking sites. Second, a company, ReputationDefender, says it can remove derogatory information from the Web.
Protecting Privacy  Privacy Codes and Policies  Opt-out Model  Opt-in Model
3.2 Threats to Information Security
Factors Increasing the Threats to Information Security  Today‟s interconnected, interdependent, wirelessly-networked business environment  Government legislation  Smaller, faster, cheaper computers and storage devices  Decreasing skills necessary to be a computer hacker
Decreasing Skill Necessary to be a Hacker New & Easier Attack Tools Increasing Sophistication of Attacks Attack Sophistication High WiGLE.net Low 1980 2005 Knowledge Required by Intruder New & Easier Tools make it very easy to attack the Network
Factors Increasing the Threats to Information Security (continued)  International organized crime turning to cybercrime  Downstream liability  Increased employee use of unmanaged devices  Lack of management support
A Look at Unmanaged Devices Wi-Fi at McDonalds Hotel Business Center Wi-Fi at Starbucks
Key Information Security Terms  Threat  Exposure  Vulnerability  Risk  Information system controls
Security Threats (Figure 3.1)
Categories of Threats to Information Systems  Unintentional acts  Natural disasters  Technical failures  Management failures  Deliberate acts (from Whitman and Mattord, 2003) Example of a threat (video)
Unintentional Acts  Human errors  Deviations in quality of service by service providers (e.g., utilities)  Environmental hazards (e.g., dirt, dust, humidity)
Human Errors  Tailgating  Shoulder surfing  Carelessness with laptops and portable computing devices  Opening questionable e-mails  Careless Internet surfing  Poor password selection and use  And more
Anti-Tailgating Door
Shoulder Surfing
Most Dangerous Employees Human resources and MIS Remember, these employees hold ALL the information
Social Engineering  60 Minutes Interview with Kevin Mitnick, the “King of Social Engineering”  Kevin Mitnick served several years in a federal prison. Upon his release, he opened his own consulting firm, advising companies on how to deter people like him,  See his company here
Natural Disasters
Deliberate Acts  Espionage or trespass  Information extortion  Sabotage or vandalism  Theft of equipment or information  For example, dumpster diving
Deliberate Acts (continued) Identity theft video Compromises to intellectual property
Deliberate Acts (continued)  Software attacks  Virus  Worm  1988: first widespread worm, created by Robert T. Morris, Jr.  (see the rapid spread of the Slammer worm)  Trojan horse  Logic Bomb
Deliberate Acts (continued)  Software attacks (continued)  Phishing attacks  Phishing slideshow  Phishing quiz  Phishing example  Phishing example  Distributed denial-of-service attacks  See botnet demonstration
Deliberate Acts (continued)  Software attacks (continued) Can you be Phished?
How to Detect a Phish E-mail
Is the email really from eBay, or PayPal, or a bank? As Spammers get better, their emails look more genuine. How do you tell if it‟s a scam and phishing for personal information? Here‟s how ...
Is the email really from eBay, or PayPal, or a bank? As an example, here is what the email said:  Return-path: <service@paypal.com>  From: "PayPal"<service@paypal.com>  Subject: You have 1 new Security Message Alert ! Note that they even give advice in the right column about security
Example Continued – bottom of the email
How to see what is happening View Source  In Outlook, right click on email, click „view source‟  In GroupWise, open email and click on the Message Source tab  In Mozilla Thunderbird, click on View, and Source.  Below is the part of the text that makes the email look official – the images came from the PayPal website.
View Source – The Real Link  In the body it said, “If you are traveling, “Travelling Confirmation Here”  Here is where you are really being sent  href=3Dftp://futangiu:futangiu@209.202.224.140/in dex.htm  Notice that the link is not only not PayPal, it is an IP address, 2 giveaways of a fraudulent link.
Another Example – Amazon View Source
Deliberate Acts (continued)  Alien Software  Spyware (see video)  Spamware  Cookies  Cookie demo
Keystroke Logger Plugs in between monitor and computer
Example of CAPTCHA
Deliberate Acts (continued)  Supervisory control and data acquisition (SCADA) attacks Wireless sensor
What if a SCADA attack were successful? Northeastern U.S. power outage in 2003
Results of the power outage in NYC
More results of power outage in NYC
A Successful (Experimental) SCADA Attack Video of an experimental SCADA attack that was successful
Example of Cyber Warfare See video of cyber warfare directed at Estonia
3.3 Protecting Information Resources
Risk! There is always risk!
And then there is real risk!
Risk Management  Risk  Risk management  Risk analysis  Risk mitigation
Risk Mitigation Strategies  Risk Acceptance  Risk limitation  Risk transference
Risk Optimization
Controls  Physical controls  Access controls  Communications (network) controls  Application controls
Where Defense Mechanisms (Controls) Are Located
Access Controls  Authentication  Something the user is (biometrics powerpoints)  Video on biometrics  The latest biometric: gait recognition  The Raytheon Personal Identification Device  Something the user has  Something the user does  Something the user knows  passwords  passphrases
Access Controls (continued)  Authorization  Privilege  Least privilege
Communication or Network Controls  Firewalls  Anti-malware systems  Whitelisting and Blacklisting  Intrusion detection systems  Encryption
Basic Home Firewall (top) and Corporate Firewall (bottom)
How Public Key Encryption Works
How Digital Certificates Work
Communication or Network Controls (continued)  Virtual private networking  Secure Socket Layer (now transport layer security)  Vulnerability management systems  Employee monitoring systems
Virtual Private Network and Tunneling
Popular Vulnerability Management Systems
Popular Employee Monitoring Systems
Employee Monitoring System
Business Continuity Planning, Backup, and Recovery  Hot Site  Warm Site  Cold Site
Information Systems Auditing  Types of Auditors and Audits  Internal  External
IS Auditing Procedure  Auditing around the computer  Auditing through the computer  Auditing with the computer
Chapter Closing Case

Recomendados

E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESIJNSA Journal
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereJim Brashear
 
Intrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIntrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIOSR Journals
 
Uit9 ppt ch09_au_rev
Uit9 ppt ch09_au_revUit9 ppt ch09_au_rev
Uit9 ppt ch09_au_revidrissss dddd
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Ijnsa050215
Ijnsa050215Ijnsa050215
Ijnsa050215IJNSA Journal
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemInternational Journal of Engineering Inventions www.ijeijournal.com
 
Cyber crime
Cyber crimeCyber crime
Cyber crime24sneha
 

Recomendados

E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESIJNSA Journal
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereJim Brashear
 
Intrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIntrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIOSR Journals
 
Uit9 ppt ch09_au_rev
Uit9 ppt ch09_au_revUit9 ppt ch09_au_rev
Uit9 ppt ch09_au_revidrissss dddd
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Ijnsa050215
Ijnsa050215Ijnsa050215
Ijnsa050215IJNSA Journal
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemInternational Journal of Engineering Inventions www.ijeijournal.com
 
Cyber crime
Cyber crimeCyber crime
Cyber crime24sneha
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemIJERA Editor
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19Francesco Flammini
 
Chapter11
Chapter11Chapter11
Chapter11Izaham
 
Securing information systems
Securing information systemsSecuring information systems
Securing information systemsProf. Othman Alsalloum
 
Cybercrimes
CybercrimesCybercrimes
CybercrimesElanthendral Mariappan
 
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaZsolt Nemeth
 
Models of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictModels of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictZsolt Nemeth
 
Computer Security and Safety, Ethics & Privacy
Computer Security and Safety, Ethics & PrivacyComputer Security and Safety, Ethics & Privacy
Computer Security and Safety, Ethics & PrivacySamudin Kassan
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And SecurityConstantine Karbaliotis
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerceSensePost
 
Information security
Information securityInformation security
Information securityYogeshwari M Yogi
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowShawn Tuma
 
GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersJoel Cardella
 
Forensics
ForensicsForensics
ForensicsLaura Aviles
 
Jennings it security overview 1 2
Jennings it security overview 1 2Jennings it security overview 1 2
Jennings it security overview 1 2Donald Jennings
 
Presentation1
Presentation1Presentation1
Presentation1Rachel Lasotas
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Incident Response &amp; Contingency PlanningCase Journal
Incident Response &amp; Contingency PlanningCase JournalIncident Response &amp; Contingency PlanningCase Journal
Incident Response &amp; Contingency PlanningCase Journalbrittanyjespersen
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...David Menken
 
Computer Ethics
Computer EthicsComputer Ethics
Computer EthicsKodok Ngorex
 
ABC's of Privacy and Security
ABC's of Privacy and SecurityABC's of Privacy and Security
ABC's of Privacy and SecurityChristina Gagnier
 
MS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics AssignmentMS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics AssignmentDarren McManus
 

Mais conteúdo relacionado

Mais procurados

E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemIJERA Editor
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19Francesco Flammini
 
Chapter11
Chapter11Chapter11
Chapter11Izaham
 
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaZsolt Nemeth
 
Models of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictModels of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictZsolt Nemeth
 
Computer Security and Safety, Ethics & Privacy
Computer Security and Safety, Ethics & PrivacyComputer Security and Safety, Ethics & Privacy
Computer Security and Safety, Ethics & PrivacySamudin Kassan
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerceSensePost
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowShawn Tuma
 
GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersJoel Cardella
 
Jennings it security overview 1 2
Jennings it security overview 1 2Jennings it security overview 1 2
Jennings it security overview 1 2Donald Jennings
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Incident Response &amp; Contingency PlanningCase Journal
Incident Response &amp; Contingency PlanningCase JournalIncident Response &amp; Contingency PlanningCase Journal
Incident Response &amp; Contingency PlanningCase Journalbrittanyjespersen
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...David Menken
 

Mais procurados (20)

E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security System
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19
 
Chapter11
Chapter11Chapter11
Chapter11
 
Securing information systems
Securing information systemsSecuring information systems
Securing information systems
 
Cybercrimes
CybercrimesCybercrimes
Cybercrimes
 
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
 
Models of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictModels of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber Conflict
 
Computer Security and Safety, Ethics & Privacy
Computer Security and Safety, Ethics & PrivacyComputer Security and Safety, Ethics & Privacy
Computer Security and Safety, Ethics & Privacy
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerce
 
Information security
Information securityInformation security
Information security
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to Know
 
GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of users
 
Forensics
ForensicsForensics
Forensics
 
Jennings it security overview 1 2
Jennings it security overview 1 2Jennings it security overview 1 2
Jennings it security overview 1 2
 
Presentation1
Presentation1Presentation1
Presentation1
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Incident Response &amp; Contingency PlanningCase Journal
Incident Response &amp; Contingency PlanningCase JournalIncident Response &amp; Contingency PlanningCase Journal
Incident Response &amp; Contingency PlanningCase Journal
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
 
Computer Ethics
Computer EthicsComputer Ethics
Computer Ethics
 

Destaque

ABC's of Privacy and Security
ABC's of Privacy and SecurityABC's of Privacy and Security
ABC's of Privacy and SecurityChristina Gagnier
 
MS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics AssignmentMS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics AssignmentDarren McManus
 
Reinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security NowadaysReinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security NowadaysGoutama Bachtiar
 
Information ethics
Information ethicsInformation ethics
Information ethicsSTCC Library
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 15 - Comput...
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 15 - Comput...Understanding Computers: Today and Tomorrow, 13th Edition Chapter 15 - Comput...
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 15 - Comput...yaminohime
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 

Destaque (9)

ABC's of Privacy and Security
ABC's of Privacy and SecurityABC's of Privacy and Security
ABC's of Privacy and Security
 
MS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics AssignmentMS810 Information Security and Ethics Assignment
MS810 Information Security and Ethics Assignment
 
Ethics in-information-security
Ethics in-information-securityEthics in-information-security
Ethics in-information-security
 
Reinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security NowadaysReinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security Nowadays
 
Ethics and information security 2
Ethics and information security 2Ethics and information security 2
Ethics and information security 2
 
Information ethics
Information ethicsInformation ethics
Information ethics
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About Compliance
 
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 15 - Comput...
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 15 - Comput...Understanding Computers: Today and Tomorrow, 13th Edition Chapter 15 - Comput...
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 15 - Comput...
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 

Semelhante a Rainer+3e Student Pp Ts Ch03

IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
security and ethical challenges
security and ethical challengessecurity and ethical challenges
security and ethical challengesVineet Dubey
 
Module0&1 intro-foundations-b
Module0&1 intro-foundations-bModule0&1 intro-foundations-b
Module0&1 intro-foundations-bBbAOC
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxThe uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxarnoldmeredith47041
 
It security &_ethical_hacking
It security &_ethical_hackingIt security &_ethical_hacking
It security &_ethical_hackingsatish kumar
 
MISO L007 managing system security
MISO L007 managing system securityMISO L007 managing system security
MISO L007 managing system securityJan Wong
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1Abdelfatah hegazy
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docxalinainglis
 
cyber secuirty.pptx
cyber secuirty.pptxcyber secuirty.pptx
cyber secuirty.pptxGodwin585235
 
Assignment 2 LASA 2 Submissions AssignmentThis assignment .docx
Assignment 2 LASA 2 Submissions AssignmentThis assignment .docxAssignment 2 LASA 2 Submissions AssignmentThis assignment .docx
Assignment 2 LASA 2 Submissions AssignmentThis assignment .docxannrodgerson
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce securitypolitegcuf
 
Bowhuis Group Ppt Draft5
Bowhuis Group Ppt Draft5Bowhuis Group Ppt Draft5
Bowhuis Group Ppt Draft5lisamulka
 

Semelhante a Rainer+3e Student Pp Ts Ch03 (20)

IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professional
 
security and ethical challenges
security and ethical challengessecurity and ethical challenges
security and ethical challenges
 
Module0&1 intro-foundations-b
Module0&1 intro-foundations-bModule0&1 intro-foundations-b
Module0&1 intro-foundations-b
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxThe uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
 
Ch12
Ch12Ch12
Ch12
 
TAMUC LO 7
TAMUC LO 7TAMUC LO 7
TAMUC LO 7
 
Beekman5 std ppt_12
Beekman5 std ppt_12Beekman5 std ppt_12
Beekman5 std ppt_12
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
It security &_ethical_hacking
It security &_ethical_hackingIt security &_ethical_hacking
It security &_ethical_hacking
 
Cyber security & Data Protection
Cyber security & Data ProtectionCyber security & Data Protection
Cyber security & Data Protection
 
MISO L007 managing system security
MISO L007 managing system securityMISO L007 managing system security
MISO L007 managing system security
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1
 
Mim Attack Essay
Mim Attack EssayMim Attack Essay
Mim Attack Essay
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
 
cyber secuirty.pptx
cyber secuirty.pptxcyber secuirty.pptx
cyber secuirty.pptx
 
Assignment 2 LASA 2 Submissions AssignmentThis assignment .docx
Assignment 2 LASA 2 Submissions AssignmentThis assignment .docxAssignment 2 LASA 2 Submissions AssignmentThis assignment .docx
Assignment 2 LASA 2 Submissions AssignmentThis assignment .docx
 
Ethical Hacking Essay
Ethical Hacking EssayEthical Hacking Essay
Ethical Hacking Essay
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce security
 
Cyber crime & security
Cyber crime & security Cyber crime & security
Cyber crime & security
 
Bowhuis Group Ppt Draft5
Bowhuis Group Ppt Draft5Bowhuis Group Ppt Draft5
Bowhuis Group Ppt Draft5
 

Último

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Último (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Rainer+3e Student Pp Ts Ch03

  • 1. CHAPTER 3 Ethics, Privacy and Information Security
  • 2. CHAPTER OUTLINE 3.1 Ethical Issues 3.2 Threats to Information Security 3.3 Protecting Information Resources
  • 3. LEARNING OBJECTIVES  Describe the major ethical issues related to information technology and identify situations in which they occur.  Describe the many threats to information security.  Understand the various defense mechanisms used to protect information systems.  Explain IT auditing and planning for disaster recovery.
  • 5. Ethical Issues  Ethics  Code of Ethics
  • 6. Fundamental Tenets of Ethics  Responsibility  Accountability  Liability
  • 7. Unethical vs. Illegal What is unethical is not necessarily illegal. Ethics scenarios
  • 8. The Four Categories of Ethical Issues  Privacy Issues  Accuracy Issues  Property Issues  Accessibility Issues
  • 9. Privacy Issues How much privacy do we have left?
  • 10. You Be the Judge Terry Childs: Guilty or not Guilty?
  • 11. Privacy Court decisions have followed two rules: (1) The right of privacy is not absolute. Your privacy must be balanced against the needs of society. (2) The public‟s right to know is superior to the individual‟s right of privacy.
  • 12. Threats to Privacy  Data aggregators, digital dossiers, and profiling  Electronic Surveillance  Personal Information in Databases  Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites
  • 13. Data Aggregators, Digital Dossiers, and Profiling
  • 15. Electronic Surveillance  See "The State of Surveillance" article in BusinessWeek  See the surveillance slideshow  See additional surveillance slides  And you think you have privacy? (video)  Sense-through-the-Wall
  • 16. Personal Information in Databases  Banks  Utility companies  Government agencies  Credit reporting agencies
  • 17. Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites
  • 18. Social Networking Sites Can Cause You Problems Anyone can post derogatory information about you anonymously. (See this Washington Post article.) You can also hurt yourself, as this article shows.
  • 19. What Can You Do? First, be careful what information you post on social networking sites. Second, a company, ReputationDefender, says it can remove derogatory information from the Web.
  • 20. Protecting Privacy  Privacy Codes and Policies  Opt-out Model  Opt-in Model
  • 21. 3.2 Threats to Information Security
  • 22. Factors Increasing the Threats to Information Security  Today‟s interconnected, interdependent, wirelessly-networked business environment  Government legislation  Smaller, faster, cheaper computers and storage devices  Decreasing skills necessary to be a computer hacker
  • 23. Decreasing Skill Necessary to be a Hacker New & Easier Attack Tools Increasing Sophistication of Attacks Attack Sophistication High WiGLE.net Low 1980 2005 Knowledge Required by Intruder New & Easier Tools make it very easy to attack the Network
  • 24. Factors Increasing the Threats to Information Security (continued)  International organized crime turning to cybercrime  Downstream liability  Increased employee use of unmanaged devices  Lack of management support
  • 25. A Look at Unmanaged Devices Wi-Fi at McDonalds Hotel Business Center Wi-Fi at Starbucks
  • 26. Key Information Security Terms  Threat  Exposure  Vulnerability  Risk  Information system controls
  • 28. Categories of Threats to Information Systems  Unintentional acts  Natural disasters  Technical failures  Management failures  Deliberate acts (from Whitman and Mattord, 2003) Example of a threat (video)
  • 29. Unintentional Acts  Human errors  Deviations in quality of service by service providers (e.g., utilities)  Environmental hazards (e.g., dirt, dust, humidity)
  • 30. Human Errors  Tailgating  Shoulder surfing  Carelessness with laptops and portable computing devices  Opening questionable e-mails  Careless Internet surfing  Poor password selection and use  And more
  • 33. Most Dangerous Employees Human resources and MIS Remember, these employees hold ALL the information
  • 34. Social Engineering  60 Minutes Interview with Kevin Mitnick, the “King of Social Engineering”  Kevin Mitnick served several years in a federal prison. Upon his release, he opened his own consulting firm, advising companies on how to deter people like him,  See his company here
  • 36. Deliberate Acts  Espionage or trespass  Information extortion  Sabotage or vandalism  Theft of equipment or information  For example, dumpster diving
  • 37. Deliberate Acts (continued) Identity theft video Compromises to intellectual property
  • 38. Deliberate Acts (continued)  Software attacks  Virus  Worm  1988: first widespread worm, created by Robert T. Morris, Jr.  (see the rapid spread of the Slammer worm)  Trojan horse  Logic Bomb
  • 39. Deliberate Acts (continued)  Software attacks (continued)  Phishing attacks  Phishing slideshow  Phishing quiz  Phishing example  Phishing example  Distributed denial-of-service attacks  See botnet demonstration
  • 40. Deliberate Acts (continued)  Software attacks (continued) Can you be Phished?
  • 41. How to Detect a Phish E-mail
  • 42. Is the email really from eBay, or PayPal, or a bank? As Spammers get better, their emails look more genuine. How do you tell if it‟s a scam and phishing for personal information? Here‟s how ...
  • 43. Is the email really from eBay, or PayPal, or a bank? As an example, here is what the email said:  Return-path: <service@paypal.com>  From: "PayPal"<service@paypal.com>  Subject: You have 1 new Security Message Alert ! Note that they even give advice in the right column about security
  • 44. Example Continued – bottom of the email
  • 45. How to see what is happening View Source  In Outlook, right click on email, click „view source‟  In GroupWise, open email and click on the Message Source tab  In Mozilla Thunderbird, click on View, and Source.  Below is the part of the text that makes the email look official – the images came from the PayPal website.
  • 46. View Source – The Real Link  In the body it said, “If you are traveling, “Travelling Confirmation Here”  Here is where you are really being sent  href=3Dftp://futangiu:futangiu@209.202.224.140/in dex.htm  Notice that the link is not only not PayPal, it is an IP address, 2 giveaways of a fraudulent link.
  • 47. Another Example – Amazon View Source
  • 48. Deliberate Acts (continued)  Alien Software  Spyware (see video)  Spamware  Cookies  Cookie demo
  • 49. Keystroke Logger Plugs in between monitor and computer
  • 51. Deliberate Acts (continued)  Supervisory control and data acquisition (SCADA) attacks Wireless sensor
  • 52. What if a SCADA attack were successful? Northeastern U.S. power outage in 2003
  • 53. Results of the power outage in NYC
  • 54. More results of power outage in NYC
  • 55. A Successful (Experimental) SCADA Attack Video of an experimental SCADA attack that was successful
  • 56. Example of Cyber Warfare See video of cyber warfare directed at Estonia
  • 58. Risk! There is always risk!
  • 59. And then there is real risk!
  • 60. Risk Management  Risk  Risk management  Risk analysis  Risk mitigation
  • 61. Risk Mitigation Strategies  Risk Acceptance  Risk limitation  Risk transference
  • 63. Controls  Physical controls  Access controls  Communications (network) controls  Application controls
  • 65. Access Controls  Authentication  Something the user is (biometrics powerpoints)  Video on biometrics  The latest biometric: gait recognition  The Raytheon Personal Identification Device  Something the user has  Something the user does  Something the user knows  passwords  passphrases
  • 66. Access Controls (continued)  Authorization  Privilege  Least privilege
  • 67. Communication or Network Controls  Firewalls  Anti-malware systems  Whitelisting and Blacklisting  Intrusion detection systems  Encryption
  • 68. Basic Home Firewall (top) and Corporate Firewall (bottom)
  • 69. How Public Key Encryption Works
  • 71. Communication or Network Controls (continued)  Virtual private networking  Secure Socket Layer (now transport layer security)  Vulnerability management systems  Employee monitoring systems
  • 72. Virtual Private Network and Tunneling
  • 76. Business Continuity Planning, Backup, and Recovery  Hot Site  Warm Site  Cold Site
  • 77. Information Systems Auditing  Types of Auditors and Audits  Internal  External
  • 78. IS Auditing Procedure  Auditing around the computer  Auditing through the computer  Auditing with the computer