UNIT - 5 Ethics, Computer Crime, and Security
Information Systems Ethics
Information accessibility
Deals with what information a person has the right to obtain about others and how the information can be used
Protection of information accessibility
Carnivore : Carnivore was a system implemented by the Federal Bureau of Investigation that was designed to monitor email and electronic communications. Electronic Communications Privacy Act (ECPA)
�Information Systems Ethics
E-mail Monitoring :- Email Monitoring Software: PC Tattletale's Email monitor and recording software makes it easy to monitor any and all email that sends or receives automatically.
�Computer Crime
Who commits computer crime?
�Computer Crime
Hacking and Cracking
Hacker one who gains unauthorized computer access, but without doing damage Cracker one who breaks into computer systems for the purpose of doing damage
�Computer Crime
Types of computer crime
Data diddling: modifying data Salami slicing: skimming small amounts of money Carding: stealing credit card numbers online Piggybacking: stealing credit card numbers by spying Social engineering: tricking employees to gain access Dumpster diving: finding private info in garbage cans Spoofing: stealing passwords through a false login
�Computer Security
Recommended Safeguards Implement a security plan to prevent break-ins Have a plan if break-ins do occur Make backups! Only allow access to key employees Change passwords frequently Keep stored information secure Use antivirus software Use biometrics for access to computing resources Hire trustworthy employees
�Securitys Five Pillars
Authentication: Verifying the authenticity of users ensuring people are who they say they are.
ID/Password, biometric, questions
Identification: Identifying users to grant them appropriate access
Allowing system to know who someone is to give appropriate access rights
E.g., against spyware installed without consent in a computer to collect information
Privacy: Protecting information from being seen
�Securitys Five Pillars
Integrity: Keeping information in its original form
Ensuring data is not altered in any way
Non-repudiation: Preventing parties from denying actions they have taken
Ensuring that the parties in a transaction are who they say they are and cannot deny that transaction took place
�Technical Countermeasures
Firewalls: hardware/software to control access between networks / blocking unwanted access
> Windows Vista
Encryption/decryption: Using an algorithm (cipher) to make a plain text unreadable to anyone that does not have a key SSL
�Technical Countermeasures
Virtual Private Networks (VPNs) Allow strong protection for data communications Cheaper than private networks, but do not provide 100% end-to-end security
�FIREWALL SECURITY MEASURE
Internet Security
Firewall hardware and software designed to keep unauthorized users out of network systems
�Encryption- Security Measure
Encryption the process of encoding messages before they enter the network or airwaves, then decoding them at the receiving end of the transfer
�Computer Security
How encryption works
Symmetric secret key system
Both sender and recipient use the same key Key management can be a problem A private key and a public key
Public key technology
Certificate authority
A trusted middleman verifies that a Web site is a trusted site (provides public keys to trusted partners) Secure socket layers (SSL)
�Computer Security
How to maintain your privacy online
Choose Web sites monitored by privacy advocates Avoid cookies Visit sites anonymously Use caution when requesting confirming e-mail
THANK YOU ALL
