UNIT - 5 Ethics, Computer Crime, and Security

Information Systems Ethics

Information accessibility

Deals with what information a person has the right to obtain about others and how the information can be used

Protection of information accessibility

Carnivore : Carnivore was a system implemented by the Federal Bureau of Investigation that was designed to monitor email and electronic communications. Electronic Communications Privacy Act (ECPA)

Information Systems Ethics

E-mail Monitoring :- Email Monitoring Software: PC Tattletale's Email monitor and recording software makes it easy to monitor any and all email that sends or receives automatically.

Computer Crime

Who commits computer crime?

Computer Crime

Hacking and Cracking

Hacker one who gains unauthorized computer access, but without doing damage Cracker one who breaks into computer systems for the purpose of doing damage

Computer Crime

Types of computer crime

Data diddling: modifying data Salami slicing: skimming small amounts of money Carding: stealing credit card numbers online Piggybacking: stealing credit card numbers by spying Social engineering: tricking employees to gain access Dumpster diving: finding private info in garbage cans Spoofing: stealing passwords through a false login

Computer Security

Recommended Safeguards Implement a security plan to prevent break-ins Have a plan if break-ins do occur Make backups! Only allow access to key employees Change passwords frequently Keep stored information secure Use antivirus software Use biometrics for access to computing resources Hire trustworthy employees

Securitys Five Pillars

Authentication: Verifying the authenticity of users ensuring people are who they say they are.

ID/Password, biometric, questions

Identification: Identifying users to grant them appropriate access

Allowing system to know who someone is to give appropriate access rights

E.g., against spyware installed without consent in a computer to collect information

Privacy: Protecting information from being seen

Securitys Five Pillars

Integrity: Keeping information in its original form

Ensuring data is not altered in any way

Non-repudiation: Preventing parties from denying actions they have taken

Ensuring that the parties in a transaction are who they say they are and cannot deny that transaction took place

Technical Countermeasures

Firewalls: hardware/software to control access between networks / blocking unwanted access

> Windows Vista

Encryption/decryption: Using an algorithm (cipher) to make a plain text unreadable to anyone that does not have a key SSL

Technical Countermeasures

Virtual Private Networks (VPNs) Allow strong protection for data communications Cheaper than private networks, but do not provide 100% end-to-end security

FIREWALL SECURITY MEASURE

Internet Security

Firewall hardware and software designed to keep unauthorized users out of network systems

Encryption- Security Measure

Encryption the process of encoding messages before they enter the network or airwaves, then decoding them at the receiving end of the transfer

Computer Security

How encryption works

Symmetric secret key system

Both sender and recipient use the same key Key management can be a problem A private key and a public key

Public key technology

Certificate authority

A trusted middleman verifies that a Web site is a trusted site (provides public keys to trusted partners) Secure socket layers (SSL)

Computer Security

How to maintain your privacy online

Choose Web sites monitored by privacy advocates Avoid cookies Visit sites anonymously Use caution when requesting confirming e-mail

THANK YOU ALL