Download Privacy - Dartmouth College

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
Document related concepts
no text concepts found
Transcript 
What do you mean, Privacy?
Sarah Gordon
In the next 20 minutes …
1.
Explore some important concepts of privacy
2.
Consider some of the ways in which technology has
impacted privacy
3.
Examine the findings of our study on privacy cognitions
(i.e. thinking) and behaviors
4.
How do you stack up?
How do you stack up?
1.
Examines the findings of our study on privacy cognitions
(i.e. thinking) and behaviors
3.
Considers some of the ways in which technology has
impacted privacy
2.
Explores some important concepts of privacy
1.
In the next 20 minutes …
Examine the findings of our study on privacy
cognitions (i.e. thinking) and behaviors amongst
information security professionals.
3.
Consider some of the ways in which technology
has impacted privacy
2.
Explore some important concepts of privacy
1.
4. How do you stack up?
In the next 20 minutes…
Yes or No
1. I have reviewed my browser privacy policy
2. I always delete unwanted cookies
3. I have read my company/school privacy policy
4. I always read privacy policies of WWW sites
5. I always read EULAs of new software before
installing it
6.I always encrypt sensitive e-mails
7. I always encrypt data on my hard disk
8. I like to control disclosure of information about
self and/or transactions
What is privacy, anyway?
Information about you?
Information about what you do?
Things you know?
All data you’re working with?
Access to information about you?
What people do with information about you?
Freedom from being approached by others?
LiteratureReview
Cultural aspects of privacy
Gender issues in privacy
Where you are

Japan
 United Kingdom
 Sweden
 Germany, UK, US
 Saudi Arabia
Who you are
What has changed?
1. Cash transactions
Credit cards, phones
2.
Postal services
E-mail
3.
Filing cabinets
Logging, UDE
4.
Concrete walls
Remote Access
5.
General Store
6.
7.
Trojans, UCE
Weekly Brochure
Spy-ware, ad-ware,
cookies to track
Inference
Data bases/data
mining
Things are getting worse….
– Malicious Disclosure

Remote access Trojans

Viruses, Worms. Blended Threats

Outright Theft
–Inadvertent Disclosure

Many WWW sites collect personal information
–Name, e-mail address, postal address
–Gender, product/service/settings/preferences

Some WWW sites give away, or sell information
Risk Mitigation
 Technical
Solutions
– Browser Privacy

P3P, Enterprise Security Management Tools
– Cookies
 Destroy when no longer used
– EULA
 Read and Understand
– WWW site privacy policies
– Trojans
– Viruses
Antivirus, Firewall, IDS
– Blended Threats
How are we doing?
Study Goals
1.
Determine if privacy was important to
Information Security Professionals
2.
Determine if functional behaviors
related to specific privacy enhancing
actions reflected the importance or
lack thereof.
Operational Definition of
Privacy
“Control over the disclosure of
information about self or transaction”
The survey
– Administered to focus group
– 67 Security/Anti-Virus professionals
– Refined
– (P3P) > Browser Privacy Policy
– Cookies, Site Privacy Policies, Encryption,
EULA
– Administered to randomly selected
individuals* at Security-Focused
Conferences
*Met tests for statistical significance
Question
US True
US False
UK True
UK False
EU True
EU False
yes
noo
yes
no
yes
no
Important
27
36
30
28
17
6
Unimportant
2
6
2
0
0
0
Important
26
37
21
37
8
15
Unimportant
4
4
1
1
0
0
Important
0
63
3
55
0
23
Unimportant
0
8
0
2
0
0
Important
39
24
30
28
13
10
Unimportant
2
6
1
1
0
0
Important
3
60
11
47
4
19
Unimportant
0
8
1
1
0
0
I always read the entire
EULA of new software
before agreeing to install
it on my computer.
Important
10
53
5
53
1
22
Unimportant
2
6
0
2
0
0
I always encrypt data on
my hard disk.
Important
10
53
10
48
1
22
Unimportant
0
8
1
1
0
0
I am familiar with my
browser P3P.
I always encrypt sensitive
email messages.
I encrypt all email
messages.
I always delete cookies I
do not need.
I always read the privacy
policy of Web sites I visit.
Group
Analysis
The thought “I like to control disclosure of
information about myself and/or my
transaction”
is not reflected in the behaviors related to:
– Browser Privacy Policies
– Deletion of unwanted cookies
– Reading privacy policies
– Reading licensing agreements
– Encrypting sensitive e-mails
Cognitive Dissonance?
 Conflicting beliefs & Resolving the
dissonance
Focus on the benefits of the act you have chosen
– time saved, money saved, work accomplished
 Dismiss the benefits of what you didn’t choose
as unimportant
– “no one reads EULAs”, “no one would read
my e-mail”, “I’m not likely to get a virus”, “It’s
not important to delete cookies”.

The solution?
– Educate on the consequence of not following
policy
Time lost
 Money lost
 Work lost
 Credibility Lost
 Security Lost
 ???

The challenge
So you plan to work in the security field?
•Plan and encourage healthy culture
•Discourage inappropriate groupthink
•Encourage taking security seriously
•Are you a Leader?
Conclusion
 Privacy
is important
 Impediments to privacy exist
 Threats to privacy exist
 Solutions exist
Questions?
Related documents
Merenje koncentracije i trzisne moci privrednih
Merenje koncentracije i trzisne moci privrednih
Computer Science 9616a, Fall 2011 Project Description Your project
Computer Science 9616a, Fall 2011 Project Description Your project
Computer Science 9616b, Fall 2016 Project Description Your project
Computer Science 9616b, Fall 2016 Project Description Your project
HIPPA Compliance Form
HIPPA Compliance Form
Donor Privacy Policy
Donor Privacy Policy
Innovative Applications of Artificial Intelligence Techniques in
Innovative Applications of Artificial Intelligence Techniques in
Privacy Policy This privacy policy discloses the privacy practices for
Privacy Policy This privacy policy discloses the privacy practices for
CSE 598D / STAT 598B: Data Privacy Course Announcement
CSE 598D / STAT 598B: Data Privacy Course Announcement
Kirnan Real Estate Privacy Statement Kirnan Real Estate, Inc
Kirnan Real Estate Privacy Statement Kirnan Real Estate, Inc
19-DS-05-2016_OZGUR
19-DS-05-2016_OZGUR
DIRECT MARKETING
DIRECT MARKETING
Presentazione di PowerPoint - Georgia Institute of Technology
Presentazione di PowerPoint - Georgia Institute of Technology
Computers in Society
Computers in Society
Document
Document
Rachel Hogue`s presentation on Big Data in Education
Rachel Hogue`s presentation on Big Data in Education
Slide 1
Slide 1
Privacy Wizards for Social Networking Sites
Privacy Wizards for Social Networking Sites
Gift of Fire
Gift of Fire
Document
Document
Lecture 12 - The University of Texas at Dallas
Lecture 12 - The University of Texas at Dallas