Download Week Three - Temple Fox MIS

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
Document related concepts

Computer security wikipedia , lookup

Transcript 
Week 12:
Information Systems Ethics
and Crime
MIS 2101: Management Information Systems
No Place to Hide Video
 What are benefits to companies or govt of information
use?
 What are some factors for increase in privacy
concerns?
 What are the harms of information misuse to
consumers?
 What technologies did you notice in the video?
2
Learning Objectives
 Discuss the ethical concerns associated with
information privacy, accuracy, property, and
accessibility.
 Define computer crime and list several types
of computer crime.
3
Computer Ethics
 Issues and standards of conduct pertaining to
the use of information systems
 Examples

Legal but not ethical
 Need for computer ethics
4
Ethical Challenges – Possible
Scenarios
 Employers ‘Googling’ their employees
 Spreading rumors about your friends on Facebook
 Employers ‘read’ employee emails
 Click fraud
 Fair use of corporate IT resources
 Information collection and use in marketing
 Who is responsible for errors in credit reports?
5
Ethical Challenges – Possible
Scenarios
 Second Life
 Property
 Relationships
 Internet Plagiarism
 Wi Fi ‘Leaching’
 Advertising Networks
 Blogging about work
 Anonymity
 Snooping on Confidential Data
 Obama’s cell phone and Sarah Palin’s Yahoo account
6
Computer Ethics
7
Information Privacy
 Increase in Privacy Concerns
 Increased Digitization
 Increased Surveillance
 Information you might want to
keep private:
 Social security number
 Medical history
 Family history
 Identity theft


Fastest growing “information”
crime
Biometrics for better
protection
8
Information Privacy
 Companies seem to know about our every move – how
much information do we need to reveal?
 Amazon.com is
famous for
personalization
 What are the costs?
9
How to Maintain Your Privacy
Online
 Review the privacy policy of the company with which you are
transacting
 The policy should indicate:



What information is being gathered about you
How the seller will use this information
Whether and how you can “opt out” of these practices
 Choose Web sites monitored by independent organizations
10
Information Accuracy
 Ensuring of the authenticity
and fidelity of information


Over-reliance on computers
Who is responsible?
 High costs of incorrect
information


Banks
Hospitals
 Difficult to track down the
person who made the mistake
11
Information Property
 Who owns information
about individuals?
 Easily replicated and
shared
 “Tragedy of the
commons”
 How can this information
be sold and exchanged?
12
Information Ownership
 Company maintaining the database with
customer information legally owns it

Is free to sell it
o Cannot sell
information it
agreed not to share
o Must ensure proper
data handling
practices
13
Spam, Cookies and Spyware
 Spam



Unsolicited e-mail promoting products or services
CAN-SPAM Act of 2003
Little protection available
 Cookies



Text file storing Web browsing activity
Can opt for cookies not to be stored
Web sites might not function properly without cookies
 Spyware


Software used for data collection without the users’ knowledge
Unlikely this activity will become illegal anytime soon
14
Cybersquatting
 The practice of registering a domain name and later
reselling it
 Some of the victims include
 Panasonic, Hertz, Avon
 Anti-Cybersquatting Consumer Protection Act in 1999
 Fines as high as $100,000
 Some companies pay the cybersquatters to speed up
the process of getting the domain
15
Information Accessibility
 Rightful Access
 Digital Divide
 “Questionable” Access
 e-Survellience,
wiretapping
 Who has the right to
monitor the information?

E.g., email capture by
Carnivore
16
Carnivore
 Developed to
monitor all
communication by
the government
 In 2005 FBI
abandoned
Carnivore for
commercially
available software
17
Learning Objectives
 Discuss the ethical concerns associated with
information privacy, accuracy, property, and
accessibility.
 Define computer crime and list several types
of computer crime.
18
Seems Familiar??
19
Fraud Statistics
 Total Fraud in 2006 - ~ $14 bn
 Over 100% growth compared to 2005
 Sources
 Auctions
 General Merchandise
 Nigerian Money Offers
 Fake Checks
 Lotteries
 Phishing
 Advance Fee Loans
 Work at Home
---------
42%
30%
8%
6%
4%
2%
1%
1%
20
Fraud Statistics
 Ages of Consumers
 Below 29
 29-49
 Over 50
----
28%
48%
24%
 37% of crooks are based overseas
 Other frauds
 Health care products / services
 Free Check
 Credit Card Fraud
21
Computer Crime

Targeting a computer – unauthorized access

Using a computer to commit an offense

Using a computer to support a criminal activity
22
Financial Impact of Virus Attacks
 Losses from computer crime can be tremendous
 $14.2 billion in estimated losses due to viruses alone
in 2005
23
Some Common Terms








Bug
Phishing
Email Hoaxes
Trojan Horse
Social Engineering
White Hat vs. Black Hat
Spam
Denial of Service (DoS)
24
Security
 Two levels of Defense

People

Technology
25
The First Line of Defense - People
 The biggest issue surrounding information security
is not a technical issue, but a people issue
 38% of security incidents originate within the
organization


Insiders
Social engineering
26
The First Line of Defense - People
 The first line of defense an organization should
follow to help combat insider issues is to develop
information security policies and an information
security plan

Information security policies – identify the rules
required to maintain information security

Information security plan – details how an
organization will implement the information security
policies
27
The Second Line of Defense Technology

Three primary information security areas
1.
2.
3.
Authentication and authorization
Prevention and resistance
Detection and response
28
AUTHENTICATION AND
AUTHORIZATION

Authentication – a method for confirming users’
identities

Authorization – the process of giving someone
permission to do or have something

The most secure type of authentication involves a
combination of the following:
1.
2.
3.
Something the user knows such as a user ID and
password
Something the user has such as a smart card or token
Something that is part of the user such as a fingerprint or
voice signature
29
PREVENTION AND
RESISTANCE

Technologies available to help prevent and
build resistance to attacks include:
1.
2.
3.
Content filtering
Encryption
Firewalls
30
Content Filtering

Organizations can use content filtering
technologies to filter e-mail and prevent e-mails
containing sensitive information from
transmitting and stop spam and viruses from
spreading

Content filtering – occurs when organizations
use software that filters content to prevent the
transmission of unauthorized information

Spam – a form of unsolicited e-mail
31
Encryption

If there is an information security breach and
the information was encrypted, the person
stealing the information would be unable to
read it


Encryption – scrambles information into an
alternative form that requires a key or
password to decrypt the information
Digital Signature – using encryption
techniques to verify authenticity of sender
32
Firewalls

One of the most common defenses for
preventing a security breach is a firewall


Firewall – hardware and/or software that
guards a private network by analyzing the
information leaving and entering the network
Firewall acts like a gatekeeper
33
FIREWALLS

Sample firewall architecture connecting
systems located in Chicago, New York, and
Boston
34
Detection and Response
 Intrusion Detection Systems
 Response?
35
Federal and State Laws
 Electronic Communications Privacy Act of 1986
 Breaking into any electronic communication service is a
crime
 USA PATRIOT Act of 2002
 Controversial law
 Investigators may monitor voice communication
 Other laws
 Patent laws protect some software and hardware
 Right to Financial Privacy Act
 All 50 states passed laws prohibiting computer crime
36
Types of Computer Crimes
37
Types of Computer Crimes
38
Key Learnings
 No Place to Hide Video



Role of Information in our Society
Harms due to Misuse of Information
New Technologies on the Horizon
 Fraud Statistics
 Ethics of Information Use

Privacy, Accuracy, Ownership, Accessibility
39
Key Learnings …contd
 Computer Security
 Key Terms and Definitions
 Role of People in IT Security
 Role of Technology in IT Security
 Federal and State Laws
 Types of Computer Crime
40
 Questions!
41
Related documents
King Saud University College of Computer and Information Sciences
King Saud University College of Computer and Information Sciences
CALAseminar.041210
CALAseminar.041210
Slide 1
Slide 1
Information Privacy Policy - McGraw Hill Higher Education
Information Privacy Policy - McGraw Hill Higher Education
Basic Marketing, 16e
Basic Marketing, 16e
Slide 1
Slide 1
Chapter 17.2 - Peshtigo School District
Chapter 17.2 - Peshtigo School District
Innovative Applications of Artificial Intelligence Techniques in
Innovative Applications of Artificial Intelligence Techniques in
Social engineering - Information Systems
Social engineering - Information Systems
Merenje koncentracije i trzisne moci privrednih
Merenje koncentracije i trzisne moci privrednih
Chapter 1 THE INFORMATION AGE IN WHICH YOU LIVE Changing
Chapter 1 THE INFORMATION AGE IN WHICH YOU LIVE Changing
civil laws - Ashworth College
civil laws - Ashworth College