Add to collection(s) Add to saved
  1. Social Science
  2. Psychology
  3. Forensic Psychology

 10

advertisement 
Security and Privacy
Chapter 10
Computers and the Internet
Copyright © Prentice Hall 2000
1
Data Security
Decentralized
networks lend
data vulnerable
to intentional
destruction,
alteration, theft,
and espionage.
Copyright © Prentice Hall 2000
2
The Network Criminal
The people who attack
the vulnerability of
data systems possess
significant computer
expertise and/or
have access to
sensitive data.
Copyright © Prentice Hall 2000
3
Hackers
Most computer system
intruders are not
teenagers.
Instead, most hackers
are competitors who
steal proprietary or
sensitive government
information.
Copyright © Prentice Hall 2000
4
Hackers’ Prey
Hackers begin by
persuading unsuspecting
people to give away their
passwords over the phone.
Employees should be
alerted to such scams.
Copyright © Prentice Hall 2000
5
Employee Passwords
Employees use
passwords to work on
computer systems.
Employers expect these
passwords to be kept
secret from others.
Copyright © Prentice Hall 2000
6
Employee Secrets
The next five slides
offer helpful
suggestions and
guidelines to keep
employee secrets,
secret.
Copyright © Prentice Hall 2000
7
1. Avoid Common Names
Common names
associated with you
are naturally easy for
you to remember, but
they are easily
cracked.
Pet names are an
example.
Copyright © Prentice Hall 2000
8
2. Mix-n-Match Characters
Make your password a
mix of:
• letters and numbers
• upper and lower case
• alphabetic and nonalphabetic characters
Copyright © Prentice Hall 2000
not2hard
JUST4u
Han$on
9
3. Store Passwords Wisely
Keep your
password
in your
head or in
a safe, not
in an
obvious
location.
Copyright © Prentice Hall 2000
10
4. Change Password Often
Changing your
password should
become a habit so
that you lessen
the chance of it
becoming known
to intruders.
Copyright © Prentice Hall 2000
11
5. Avoid Hacker Scams
In these scams, the hacker
poses as a person to
whom you can confide
your password.
Regardless of the ruse, the
wise user will not give
their password to anyone.
Copyright © Prentice Hall 2000
12
Computer Crime
Computer crime
includes:
• Credit card fraud
• Data communications
fraud
• Unauthorized access
• Unlawful copying
Copyright © Prentice Hall 2000
13
Credit Card Fraud
Credit card customer numbers pass
between public and private
networks.
Sometimes these numbers are
captured by computer criminals
and used to commit fraud.
Copyright © Prentice Hall 2000
14
Data Communications
Fraud
This form of fraud involves the
interception of network passwords
or packets of data passing through
networks.
Copyright © Prentice Hall 2000
15
Unauthorized Access
Hackers try to gain
access to confidential
employee records,
company trade
secrets and product
pricing structures,
and much more.
Copyright © Prentice Hall 2000
16
Unlawful Copying
This category of
computer crime
results in major
losses for
computer
vendors.
Copyright © Prentice Hall 2000
17
Compromising Security
Without realizing it, employers and
employees can compromise the
security of their computer system.
The following slides present some
examples of how a system could be
compromised.
Copyright © Prentice Hall 2000
18
Some Bad Guy Tricks
•
•
•
•
•
•
•
•
Bomb
Data diddling
Piggybacking
Salami Technique
Scavenging
Trapdoor
Trojan Horse
Zapping
Copyright © Prentice Hall 2000
19
Bomb
• A “bomb” causes a program to
trigger damage under certain
conditions in the future
Copyright © Prentice Hall 2000
20
Data Diddling
• Data diddling
refers to changing
data before or as it
enters the system
X
Copyright © Prentice Hall 2000
X
21
Piggybacking
• An illicit user
“rides” into the
system on the
back of another
user
Copyright © Prentice Hall 2000
22
Salami Technique
• Small “slices” of
money are
squirreled away to
a secret account
Copyright © Prentice Hall 2000
23
Scavenging
• Passwords and
other account
information may
be found in trash
cans or recycling
bins
Copyright © Prentice Hall 2000
24
Trapdoor
• The original
programmer may
leave an
unauthorized
point of entry to a
program
Copyright © Prentice Hall 2000
25
Trojan Horse
• Illegal instructions are
hidden in the middle of
the program
• These Trojan Horse
instructions cause
something destructive
in addition to the
intended function of the
program
Copyright © Prentice Hall 2000
26
Zapping
• Zapping
encompasses a
variety of software
which bypass all
security systems
Copyright © Prentice Hall 2000
27
White Hat Hackers
• Many companies
hire professionals
to uncover
security problems
by trying to break
into the system
Copyright © Prentice Hall 2000
28
Detecting Computer Crime
Most cases are discovered by
accident—by actions having nothing
to do with computers.
The Computer Fraud and Abuse Act
of 1986 has improved awareness of
computer-related crimes.
Copyright © Prentice Hall 2000
29
Prosecuting Computer
Crime
Eighty-five percent of
detected computer crime
is not reported.
Prosecution is further hampered by law
enforcement officers, attorneys, and
judges who do not fully understand the
nature of the violation.
Copyright © Prentice Hall 2000
30
Security
A system of safeguards is needed to
protect a computer system and data
from deliberant or accidental damage
or access by unauthorized persons.
Copyright © Prentice Hall 2000
31
Authorized Access
To assure that only the right person
is accessing the right computer
system, various means have been
developed based on:
• What you have
• What you know
Copyright © Prentice Hall 2000
• What you do
• What you are
32
What You Have
This means of
authentication is based
on your having a
physical thing.
It might be a key, badge,
token, or plastic card.
Copyright © Prentice Hall 2000
33
What You Know
Many systems verify
authorized access based
on what you know.
This might be a password,
identification number, or
the correct combination
of numbers on locks.
Copyright © Prentice Hall 2000
34
What You Do
This mode of
authorized
access is based
on something
you do that is
unique such as
your signature.
Copyright © Prentice Hall 2000
35
What You Are
This security system uses
biometrics—the science of
measuring individual body
characteristics.
Fingerprints, retinal scans,
and hand characteristics are
examples of what you are.
Copyright © Prentice Hall 2000
36
Compromised Systems
When a computer system has been
compromised by a natural or manmade disaster, the resulting
problems might include:
• Loss of hardware
• Loss of software
• Loss of data
Copyright © Prentice Hall 2000
37
Disaster Recovery Plan
• Spells out a method for
restoring computer processing
operations and data files
• Companies should perform
emergency recovery drills
Copyright © Prentice Hall 2000
38
Recovery From Loss of
Hardware
There are various approaches to
restoring computer processing
operations:
• revert to manual services.
• temporarily use a service bureau.
• mutual aid from another company.
• pre-planned consortium facilities.
Copyright © Prentice Hall 2000
39
Software Security
Software security has
been an industry
concern for years.
At risk here is who
owns custom-made
software.
Copyright © Prentice Hall 2000
40
Company Ownership of
Software
If the programmer was
employed by the
company for whom
the software was
written, then the
company owns the
software.
Copyright © Prentice Hall 2000
41
Programmer Ownership of
Custom Software
If the programmer was
hired as a consultant,
then ownership should
have been addressed in
the contract between
the company and the
programmer.
Copyright © Prentice Hall 2000
42
Data Security
To prevent theft or alteration of data,
security techniques can include:
• Secured waste
• Internal controls
• Auditor checks
• Applicant
screening
Copyright © Prentice Hall 2000
• Passwords
• Built-in software
protection
• Backup systems
43
Secured Waste
Discarded printouts, printer
ribbons, and the like can be
sources of data leaks to
unauthorized persons.
Paper shredders and locked
trash barrels can secure
these waste products.
Copyright © Prentice Hall 2000
44
Internal Controls
These are controls that are
planned as part of the
computer system. The
transaction log is an
example.
This log records all successful
or failed attempts to access
certain data.
Copyright © Prentice Hall 2000
45
Auditor Checks
Auditors not only go
over the financial
books of a company,
but also review
computer programs
and data.
Discrepancies are noted and investigated.
Copyright © Prentice Hall 2000
46
Applicant Screening
The people who will be working with
the computer system should be
honest employees.
Verifying an applicant’s
résumé can weed out
dishonest employees
before they are hired.
Copyright © Prentice Hall 2000
47
Passwords
A password is a secret
word, number, or
combination of the
two. It should not be
divulged nor should it
be so simple as to be
easily cracked.
Copyright © Prentice Hall 2000
48
Built-in Software
Protection
Software can be built into
operating systems in ways
to restrict access to
computer systems.
This kind of protection
matches an authorized
user with only the data
that user should access.
Copyright © Prentice Hall 2000
49
Personal Computer
Security
• Secure PC hardware with locks
and cables
• Use surge protectors
Copyright © Prentice Hall 2000
50
Backup Systems
Backing up files on a
regular basis is a
wise precaution—not
only for big
business, but for the
consumer as well.
Copyright © Prentice Hall 2000
51
Pest Programs
Not all programmers write useful or
beneficial programs.
Some programmers write pest
programs that can destroy data, or
in the least, disrupt computer
systems.
Copyright © Prentice Hall 2000
52
Why Write Pest Programs?
Pest programs are written to show off
programming prowess, revenge,
sabotage, intellectual curiosity, or a
desire for notoriety.
Pest programs include worms and
viruses.
Copyright © Prentice Hall 2000
53
Computer Worms
A worm is a program
that transfers itself
from computer to
computer over a
network.
At target computers, the worm
creates a separate file for itself.
Copyright © Prentice Hall 2000
54
Computer Virus
A computer virus is a set of illicit
instructions that gets passed on to
other programs or documents with
which it comes in contact.
Viruses can change or delete files,
display words, or produce bizarre
screen effects.
Copyright © Prentice Hall 2000
55
Transmission of Viruses
Viruses can be passed
on via:
• diskettes
• a LAN
• e-mail attachments
• a WAN, including the
Internet
Copyright © Prentice Hall 2000
56
Virus Myths
• You cannot get a virus just by being
on-line
• You cannot get a virus from reading
email
• You cannot get a virus from data or
graphics files
Copyright © Prentice Hall 2000
57
Virus Vaccines
Since viruses are programs
written by programmers,
it takes another
programmer to detect
and remove the virus.
These anti-virus programs are
called vaccines.
Copyright © Prentice Hall 2000
58
Your Personal Data
FACT: Computer data about you is
bought, sold, and traded every day.
FACT: More often than not, the
exchange of data about you occurs
without your knowledge.
Copyright © Prentice Hall 2000
59
Your Personal Privacy
The front line of
defense in protecting
your personal privacy
begins with you.
All those forms, surveys, credit card
transactions, etc. generate a vast
amount of data about you.
Copyright © Prentice Hall 2000
60
Privacy Legislation
•
•
•
•
•
Fair Credit Reporting Act
Freedom of Information Act
Federal Privacy Act
Video Privacy Protection Act
Computer Matching/Privacy
Protection Act
Copyright © Prentice Hall 2000
61
Network Security
One or more of the following may be
needed to keep data within a
network secure:
• Firewalls
• Encryption
• Surveillance software
• Anonymity
Copyright © Prentice Hall 2000
62
Firewalls
This is a simple method to prevent
unauthorized access of a network
from the outside.
Copyright © Prentice Hall 2000
63
Encryption
Encryption is scrambling data into
secret codes by using elaborate
mathematical functions.
Intercepting scrambled data is of no
use to computer criminals.
hiding data
Copyright © Prentice Hall 2000
4T*v@5 [8fW
64
Surveillance Software
In addition to firewalls and
encryption methods, employers
might use software that monitors
the activity of their workers.
Copyright © Prentice Hall 2000
65
Anonymity
Network security can also
include keeping the email address identity of
employees anonymous.
This measure reduces junk e-mailings
and protects the employee’s identity.
Copyright © Prentice Hall 2000
66
Junk Email (SPAM)
• Newsgroup messages are a prime
source of email addresses
• Use of filter software reduces the
amount of SPAM received
Copyright © Prentice Hall 2000
67
Protecting Children
• Blocking software is used to
prevent access to known
objectionable web sites
• The Children’s Online Privacy
Act requires web sites to obtain
parental consent before
obtaining information from
children under 13
Copyright © Prentice Hall 2000
68
Ethics and Privacy
• Suppose you are a programmer for
a medical organization, and while
working, you see records about a
celebrity. Is it ethical to describe
the medical treatment to your
friends?
Copyright © Prentice Hall 2000
69
Conclusion
Security and privacy are important
issues in the Information Age.
The computer industry as well as
private citizens share responsibility
in addressing these issues.
Copyright © Prentice Hall 2000
70
Related documents
EMBM03 (v1) Managing Operations
EMBM03 (v1) Managing Operations
Mmhurem Syllabus
Mmhurem Syllabus
Business Administration – First Year
Business Administration – First Year
(2012). Managing Human Resources (7th Edition). Upper Saddle
(2012). Managing Human Resources (7th Edition). Upper Saddle
Chapter 20: Marketing and Society: Social Responsibility and
Chapter 20: Marketing and Society: Social Responsibility and
How Difficult Can This Be?
How Difficult Can This Be?
Download
advertisement