INFS2412

Friday, May 10, 2013

Fundamental Tenets of Ethics:

· Responsibility means that you accept the consequences of your decisions and actions.

· Accountability means a determination of who is responsible for actions that were taken.

· Liability is a legal concept meaning that individuals have the right to recover the damages done to them by other individuals, organizations, or systems.

Protecting Privacy:

· Privacy Codes and Policies. An organization’s guidelines with respect to protecting the privacy of customers, clients, and employees.

· Opt-out model of informed consent permits the company to collect personal information until the customer specifically requests that the data not be collected.

· Opt-in model of informed consent means that organizations are prohibited from collecting any personal information unless the customer specifically authorizes it. (Preferred by privacy advocates.)

· International Aspects of Privacy. Privacy issues that international organizations and governments face when information spans countries and jurisdictions.

Factors Increasing the Threats to Information Security:

n International organized crime turning to cybercrime

n Downstream liability

n Increased employee use of unmanaged devices

n Lack of management support

Key Information Security Terms:

A threat to an information resource is any danger to which a system may be exposed.

The exposure of an information resources is the harm, loss or damage that can result if a threat compromises that resource.

A system’s vulnerability is the possibility that the system will suffer harm by a threat.

Risk is the likelihood that a threat will occur.

Information system controls are the procedures, devices, or software aimed at preventing a compromise to the system.

Unintentional Acts:

n Human errors

n Deviations in quality of service by service providers (e.g., utilities)

n Environmental hazards (e.g., dirt, dust, humidity)

Human Errors:

n Tailgating

n Shoulder surfing

n Carelessness with laptops and portable computing devices

n Opening questionable e-mails

n Careless Internet surfing

n Poor password selection and use

Deliberate Acts:

· Compromises to intellectual property

· Intellectual property. Property created by individuals or corporations which is protected under trade secret, patent, and copyright laws.

· Trade secret. Intellectual work, such as a business plan, that is a company secret and is not based on public information.

· Patent. Document that grants the holder exclusive rights on an invention or process for 20 years.

· Copyright. Statutory grant that provides creators of intellectual property with ownership of the property for life of the creator plus 70 years.

· Piracy. Copying a software program without making payment to the owner.

· Virus is a segment of computer code that performs malicious actions by attaching to another computer program.

· Worm is a segment of computer code that performs malicious actions and will spread by itself without requiring another computer program.

· Trojan horse is a computer program that hides in another computer program and reveals its designated behavior only when it is activated.

· Logic bomb is a segment of computer code that is embedded inside an organization’s existing computer programs and is designed to activate and perform a destructive action at a certain time or date.

Risk Mitigation Strategies:

· Risk Acceptance. Accept the potential risk, continue operating with no controls, and absorb any damages that occur.

· Risk limitation. Limit the risk by implementing controls that minimize the impact of threat.

· Risk transference. Transfer the risk by using other means to compensate for the loss, such as purchasing insurance.

Controls:

· Physical controls. Physical protection of computer facilities and resources.

· Access controls. Restriction of unauthorized user access to computer resources; use biometrics and passwords controls for user identification.

· Communications (network) controls. To protect the movement of data across networks and include border security controls, authentication and authorization.

· Application controls protect specific applications.

Communication or Network Controls:

· Firewalls. System that enforces access-control policy between two networks.

· Anti-malware systems (also called antivirus software) are software packages that attempt to identify and eliminate viruses, worms, and other malicious software. The logos show three well-known anti-malware companies. Clicking on the link will take you to each company’s homepage, respectively.

· Whitelisting is a process in which a company identifies the software that it will allow to run and does not try to recognize malware.

· Blacklisting is a process in which a company allows all software to run unless it is on the blacklist.

· Intrusion Detection Systems are designed to detect all types of malicious network traffic and computer usage that cannot be detected by a firewall.

· Encryption. Process of converting an original message into a form that cannot be read by anyone except the intended receiver.

Sunday, April 14, 2013

Wireless Technologies

Wireless devices: small enough to easily carry or wear, have sufficient computing power to perform productive tasks and can communicate wirelessly with the Internet and other devices.

The wireless application protocol (WAP) is the standard that enables wireless devices to access Web-based information and services.

WAP-compliant devices contain microbrowsers, which are Internet browsers with a small file size that can work within the confines of small screen sizes on wireless devices and the relatively low bandwidths of wireless networks.

Microwave transmission systems are widely used for high-volume, long-distance, point-to-point communication. Point-to-point has two characteristics: first, the transmitter and receiver must be in view of each other (called line-of-sight); and second, the transmission itself must be tightly directed from transmitter to receiver.

Satellite transmission systems make use of communication satellites; three types of satellites, each in a different orbit:

· Geostationary (GEO): orbits 22,300 miles directly above the equator and maintains a relatively fixed position in relation to a dish on earth; excellent for TV signals.

· Medium-earth-orbit (MEO): are located 6,000 miles above the earth’s surface and move; used for the GPS system.

· Low-earth-orbit (LEO): are 400 to 700 miles above the surface, so they move much faster with respect to a point on the earth’s surface; require many to cover the earth.

Global Positioning System: a wireless system that uses MEO satellites to enable users to determine their position anywhere on the earth.

Internet over satellite: allows users to access the Internet via GEO satellites from a dish mounted on the side of their homes.

Wireless Computer Networks and Internet Access

Short-range wireless networks generally have a range of 100 feet or less.

Medium-range wireless networks are the familiar wireless local area networks (WLANs). The most common type of medium-range wireless network is Wireless Fidelity (Wi-Fi).

Wide-area wireless networks connect users to each other and to the Internet over geographically dispersed distances.

Mobile Computing and Mobile Commerce

The characteristics, mobility and broad reach, create five value-added attributes that break the barriers of geography and time:

n Ubiquity: mobile device can provide information and communications regardless of user’s location.

n Convenience, Instant connectivity: Internet-enabled mobile device makes it easy and fast to access the Web, intranets, and other mobile devices without booting up a PC or placing a call.

n Personalization: information can be customized and sent to individual consumers (e.g., as a short message service).

n Localization of products and services: knowing a user’s location helps companies advertise their products and services.

Pervasive Computing

Pervasive Computing (Ubiquitous computing) is invisible “everywhere computing” that is embedded in the objects around us – the floors, the lights, our cars, washing machine, microwave oven, cell phones, clothes, and so on. (e.g., smart home, smart appliances)

Radio frequency identification (RFID) technology allows manufacturers to attach tags with antennas and computer chips on goods and then track their movement through radio signals.

Wireless sensor networks (WSNs) are networks of interconnected, battery-powered, wireless sensors that are placed into the physical environment.

Wireless Security

Four major threats:

· Rogue access point: is an unauthorized access point to a wireless network.

· War driving: is the act of locating WLANs while driving around a city or elsewhere.

· Eavesdropping: refers to efforts by unauthorized users to try to access data traveling over wireless networks.

· RF (Radio frequency) jamming: is when a person or a device intentionally or unintentionally interferes with your wireless network transmissions.

Overview of E-Business & E-Commerce

Pure vs. Partial EC

o The product can be physical or digital.

o The process can be physical or digital.

o The delivery agent can be physical or digital.

Brick-and-mortar organizations are purely physical organizations.

Virtual organizations are companies that are engaged only in EC. (Also called pure play)

Click-and-mortar organizations are those that conduct some e-commerce activities, yet their business is primarily done in the physical world. i.e. partial EC.

Types of E-Commerce:

· Business-to-consumer (B2C): the sellers are organizations and the buyers are individuals.

· Business-to-business (B2B): both the sellers and buyers are business organizations. B2B represents the vast majority of e-commerce.

· Consumer-to-consumer (C2C): an individual sells products or services to other individuals.

· Business-to-employee (B2E): An organization uses e-commerce internally to provide information and services to its employees. Companies allow employees to manage their benefits, take training classes electronically as well as buy discounted insurance, travel packages, and event tickets.

· E-Government: the use of Internet Technology in general and e-commerce in particular to deliver information about public services to citizens (called Government-to-citizen [G2C EC]), business partners and suppliers (called government-to-business [G2B EC]),

· Mobile Commerce (m-commerce) refers to e-commerce that is conducted in a wireless environment. For example, using a cell phone to shop over the Internet.

Electronic Payments

Electronic payment systems enable you to pay for goods and services electronically.

· Electronic checks (e-checks) are similar to paper checks and are used mostly in B2B.

· Electronic credit cards allow customers to charge online payments to their credit card account.

· Purchasing cards are the B2B equivalent of electronic credit cards and are typically used for unplanned B2B purchases.

· Electronic cash

o Stored-value money cards allow you to store a fixed amount of prepaid money and then spend it as necessary.

o Smart cards contain a chip called a microprocessor that can store a considerable amount of information and are multipurpose – can be used as a debit card, credit card or a stored-value money card.

o Person-to-person payments are a form of e-cash that enables two individuals or an individual and a business to transfer funds without using a credit card.

Ethical and Legal Issues in E-Business

· Fraud on the Internet i.e. stocks, investments, business opportunities, auctions.

· Domain Names problems with competition.

· Domain Tasting is a practice of registrants using the five-day "grace period" at the beginning of a domain registration to profit from pay-per-click advertising.

· Cybersquatting refers to the practice of registering domain names solely for the purpose of selling them later at a higher price.

· Taxes and other Fees when and where (and in some cases whether) electronic sellers should pay business license taxes, franchise fees, gross-receipts taxes, excise taxes, …etc.

· Copyright protecting intellectual property in e-commerce and enforcing copyright laws is extremely difficult.