Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Lecture Note 12

advertisement 
Lecture 12
Information Security and
Confidentiality
(Chapter 12)
http://www.csun.edu/~dn58412/IS531/IS531_SP16.html
Learning Objectives
1. Privacy, confidentiality, information
privacy, and information security and the
relationships among them.
2. How information system security affects
privacy, confidentiality, and security.
3. The significance of security for
information integrity
4. Potential threats to system security and
information.
5. Security measures to protect information
IS 531 : Lecture 12
2
Security Concern
• Information security and confidentiality of
personal information represent major
concerns in today’s society amidst growing
reports of stolen and compromised
information.
• Globalization and increased use of internet
• Evolving technology and intrusion
techniques
• Information must be protected through a
combination of electronic and manual
methods
IS 531 : Lecture 12
3
Information Security
• The protection of information against
threats to its integrity, inadvertent
disclosure, or availability determines the
survivability of a system
IS 531 : Lecture 12
4
Privacy
• Freedom from intrusion, or control over
the exposure of self or of personal
information
• The right to determine what information
is collected, how it is used, and the ability
to review collected information for
accuracy and security
IS 531 : Lecture 12
5
Confidentiality
• The protection of healthcare information is
mandated by the Health Insurance
Portability and Accountability Act (HIPAA)
and the Joint Commission requirements.
• Must not disclose patient-related
information without consent
• Share info only with the parties requiring
it for client treatment
• Mostly due to careless communication in
a public area or with appropriate person
IS 531 : Lecture 12
6
Information/Data Privacy
• The storage and disclosure/dissemination
of personally identifiable information
• The right to choose the conditions and
extent to which information and beliefs
are shared
• The right to ensure accuracy of
information collected
IS 531 : Lecture 12
7
Consent
• The process by which an individual
authorizes healthcare personnel to process
his or her information based on an
informed understanding of how this
information will be used
• Entails making the individual aware of
risks to privacy and measures to protect it
IS 531 : Lecture 12
8
Information System
Security
• Ongoing protection of both information
stored in the system and the system itself
from threats or disruption
• Primary goals :
– Protection of client confidentiality
– Protection of information integrity
– Timely availability of information when
needed
IS 531 : Lecture 12
9
Security Planning
• Safeguard against:
– Downtime
– Breeches in confidentiality
– Loss of consumer confidence
– Cybercrime
– Liability
– Lost productivity
• Ensure compliance with HIPAA
IS 531 : Lecture 12
10
Steps to Security
•
•
•
•
Assessment of risks and assets
An organizational plan
A “culture” of security
The establishment and enforcement of
policies
IS 531 : Lecture 12
11
Threats to System Security
and Information
• Human threats
– Thieves
– Hackers and crackers
– Denial of service attacks
– Terrorists
– Viruses, worms
– Revenge attacks
– Pirated Web sites
IS 531 : Lecture 12
12
Threats to System Security
and Information …
• On-site threats
– Poor password management
– Compromised device
– Human error
– Unauthorized insider access
– Flooding site
– Power fluctuations
• Fires and natural disasters
IS 531 : Lecture 12
13
Security Measures
• Firewalls—barrier created from software
and hardware
• Antivirus and spyware detection
• User sign-on and passwords or other
means of identity management
• Access on a need-to-know basis
• Automatic sign-off
• Physical restrictions to system access
IS 531 : Lecture 12
14
Authentication
• Process of determining whether someone
is who he or she claims to be
• Methods:
– access codes,
– logon passwords,
– digital certificates,
– public or private keys used for
encryption
– biometric measures
IS 531 : Lecture 12
15
Password
• String of alphanumeric characters to type
in for system access
• Inexpensive but not the most effective
means of authentication
• Do:
– Choose 8-12 character passwords
– Avoid obvious passwords
– Using the first characters of your favorites
verses / sayings.
– Including special characters, lower and upper
cases, numbers .
IS 531 : Lecture 12
16
Password …
• Don’t:
– Post or write down passwords.
– Leave computers or applications running
when not in use.
– Re-use the same password for different
systems.
– Use the browser “save password” feature.
• Never share passwords.
• Change password frequently
IS 531 : Lecture 12
17
Biometrics
• Identification based on a unique biological
trait
– fingerprint
– voice
– iris pattern / retinal scan
– hand geometry / palmprint
– face recognition
– etc…
IS 531 : Lecture 12
18
Antivirus Software
• Computer programs that can locate and
eradicate viruses and other malicious
programs from memory sticks, storage
devices, individual computers, and
networks
• Detect and eliminate malwares / spywares
that install themselves without the user’s
permission to collect passwords, PIN
numbers, account numbers then send
them to another party
IS 531 : Lecture 12
19
Antivirus Software
Source : http://anti-virus-software-review.toptenreviews.com/
IS 531 : Lecture 12
20
Proper Handling and Disposal
Acceptable uses
Audit trails to monitor access
Encourage review for accuracy
Establish controls for information use
after-hours and off-site
• Shred or use locked receptacles for the
disposal of items containing personal
health information
•
•
•
•
IS 531 : Lecture 12
21
Implications for Mobile
Computing
• Shared responsibility for information and
information system security
• Devices are easily stolen.
• Devices should require authentication and
encryption to safeguard information
security.
• Devices should never be left where
information may be seen by unauthorized
viewers.
• Verify wireless networks before use.
IS 531 : Lecture 12
22
Firewall
IS 531 : Lecture 12
23
Physical vs. Logical
Access / Controls
IS 531 : Lecture 12
24
Encryption
Binary Codes
ASCII (American Standard Code for Information Interchange) : 8 bits
EBCDIC (Extended Binary-Coded Decimal Interchange Code ) : 16 bits
Unicode : 32 bits and more
I
S
5
3
1
01001001 01010011 00110101 00110011 00110001
10010101 00110011 01010011 00110011 00010100
01101010 11001100 10101100 11001100 11101011
IS 531 : Lecture 12
25
Encoding
Normal sequence :
A B C D E F G H
I J
K L M N O P Q R
S T U V W X Y Z
Encoded sequence :
F G H I J
K L M
N O P Q R S T U V W X Y Z
A B C D E
Message :
DROPBOX TONIGHT
Encoded message :
IWTUGTC YTSNLMY
IS 531 : Lecture 12
26
Public Keys
IS 531 : Lecture 12
27
References
• CMU - Security 101 (2011)
http://www.cmu.edu/iso/aware/presentation/sec
urity101-v2.pdf
• CMU - Governing for Enterprise Security (2005)
https://resources.sei.cmu.edu/asset_files/Technic
alNote/2005_004_001_14513.pdf
IS 531 : Lecture 12
28
Related documents
Document12875366 12875366
Document12875366 12875366
QUICK SIGN ON CHECKLIST
QUICK SIGN ON CHECKLIST
Download
advertisement