Title: Chapter 9 Security, Privacy, and Ethical Issues in Information Systems and the Internet
1Chapter 9Security, Privacy, and Ethical Issues
in Information Systems and the Internet
Updated 03/22/05
2Objectives
- Computer waste and mistakes
- Computer crime
- Privacy
- The work environment
3What is Computer Waste?
- Discard technology (software and hardware)
- Unused systems (complex systems not/under
utilized) - Personal (games, Internet, emails)
- Spam (junk email/faxes)
- Primary reason - poor management of system
4What are Computer Related Mistakes?
- Computers rarely make mistakes!!!!!
- Hardware inadequate/poorly configured
- Software - inadequate or incorrect, errors in
application - Users - not trained, data entry errors, deleting
files, copying files over existing files - System administrator - formatting a disk by
mistake, poor planning, backup and recovery
plans, security plan
5Preventing Computer Related Waste and Mistakes
Establish
Review
Implement
Monitor
6Useful Policies to Eliminate Waste and Mistakes
- Someone in charge of system
- Policies and procedures in-place and enforced
- System security measures
- System monitoring tools
- Users trained
- Periodic reviews and updates
- Hardware
- Software
- Users
7Computer Crime
8What is Computer Crime?
- Any unauthorized invasion of a computer system
for the intent of causing damage. (Carpenter,
2004) - Purpose steal money, steal data, cause
confusion, just for fun. - Result go to jail!
9Who Monitors Computer Crime?
- Computer Emergency Team Coordination Center
(CERT/CC) http//www.cert.org/ - Located at Software Engineering Institute (SEI)
- Carnegie Mellon Research Center, Pittsburg, PA
- Funded by federal government
- Purpose coordinate communication during
computer security emergencies. - Additionally - study Internet security
vulnerabilities, offer training, and provide
recommendations. - Site to look at
- http//www.cert.org/present/cert-overview-trends/m
odule-4.pdf
10 Number of Incidents Reported to CERT
11Summary of Key Data from 2002 Computer Crime and
Security Survey
Source Data from Richard Power, 2002 CSI/FBI
Computer Crime and Survey, Computer Security
Issues and Trends, vol 8, no. 1, spring 2002, p.
4.
12The Computer as a Tool to Commit Crime
- Social engineering giving up your password
- Dumpster diving going through the garbage in an
attempt to find relevant information - Identity theft individual obtains and uses
personal information - Cyberterrorism intimidation or coercion for
some personal or group gain
13Computers as Objects of Crime
- Illegal access and use
- Hackers
- Crackers
- Information and equipment theft
- Software and Internet piracy
- Computer-related scams
- International computer crime
14How to Respond to a Security Incident
- Follow policies and procedures for computer
security incident - Contact responsible people ASAP
- Inform others following Chain of Command
- Dont talk about incident
- Make backups of damaged/altered files
- Designate one person to secure potential evidence
- Make copies of intruder files (code, log file,
etc) and store off-line - Secure backups and printouts one person has
access - Involve CERT if necessary or desired
- Unsure seek help ask questions
15Data Alteration and Destruction
16The Six Computer Incidents with the Greatest
Worldwide Economic Impact
17Top Viruses July 2002
18Preventing Computer-Related Crime
- Crime prevention by state and federal agencies
- Crime prevention by corporations
- Public Key Infrastructure (PKI)
- Biometrics
- Anti-virus programs
19Preventing Computer-Related Crime
- Intrusion Detection Software monitors and
alerts network security when sensed. - Managed Security Service Providers (MSSPs)
company that manages hardware/software for other
companies. - Internet Laws for Libel and Protection of Decency
-
20Preventing Crime on the Internet
- Develop effective Internet and security policies
- Use a stand-alone firewall with network
monitoring capabilities - Monitor managers and employees
- Use Internet security specialists to perform
audits
21Common Methods Used to Commit Computer Crimes
22How to Protect Data from Hackers
- System protection
- Install antivirus/firewall software on all
computers. - Frequently check and install latest security
patches, which are often available at vendors
Internet site. - Logon capabilities
- Install strong user authentication and encryption
capabilities on your firewall. - Disable guest accounts and null user accounts
that let intruders access the network without a
password - Do not provide overfriendly log-in procedures for
remote users (e.g., an organization that used the
word welcome on their initial log-on screen found
they had difficulty prosecuting a hacker. - System Configuration
- Give an application (email, file transfer
protocol, and domain name server) its own
dedicated server. - Restrict physical access to the server and
configure it so that breaking into one server
wont compromise the whole network. - Turn on audit trails..
- Conduct regular IS security audits
- Verify and exercise frequent data backups for
critical data.
23Privacy
24Privacy Issues
- Privacy and the Federal Government
- Privacy at work
- E-mail privacy
- Privacy and the Internet
25 The Right to Know and the Ability to Decide
26 Federal Privacy Laws and Provisions
27The Work Environment
28Health Concerns
- Potential problems
- Repetitive motion disorder/Repetitive stress
injury (RSI) - Carpal tunnel syndrome (CTS)
- Ergonomics
- What to do
- Maintain good posture and positioning.
- Do not ignore pain or discomfort.
- Use stretching and strengthening exercises.
- Find a good physician who is familiar with RSI
and how to treat it. - After treatment, start back slowly and pace
yourself.
29 Medical Topics on the Internet
30Summary
- Computer waste - the inappropriate use of
computer technology and resources in both the
public and private sectors - Identity theft - a crime in which an imposter
obtains key pieces of personal identification
information in order to impersonate someone else - Software and Internet piracy - represent the most
common computer crime