Friday, May 10, 2013

Fundamental Tenets of Ethics:
·         Responsibility means that you accept the consequences of your decisions and actions.
·         Accountability means a determination of who is responsible for actions that were taken.
·         Liability is a legal concept meaning that individuals have the right to recover the damages done to them by other individuals, organizations, or systems.

Protecting Privacy:
·         Privacy Codes and Policies. An organization’s guidelines with respect to protecting the privacy of customers, clients, and employees.
·         Opt-out model of informed consent permits the company to collect personal information until the customer specifically requests that the data not be collected.
·         Opt-in model of informed consent means that organizations are prohibited from collecting any personal information unless the customer specifically authorizes it.  (Preferred by privacy advocates.)
·         International Aspects of Privacy. Privacy issues that international organizations and governments face when information spans countries and jurisdictions.

Factors Increasing the Threats to Information Security:
n  International organized crime turning to cybercrime
n  Downstream liability
n  Increased employee use of unmanaged devices
n  Lack of management support
 

Key Information Security Terms:
A threat to an information resource is any danger to which a system may be exposed.
The exposure of an information resources is the harm, loss or damage that can result if a threat compromises that resource.
A system’s vulnerability is the possibility that the system will suffer harm by a threat.
Risk is the likelihood that a threat will occur.
Information system controls are the procedures, devices, or software aimed at preventing a compromise to the system.
Unintentional Acts:
n  Human errors
n  Deviations in quality of service by service providers (e.g., utilities)
n  Environmental hazards (e.g., dirt, dust, humidity)

Human Errors:
n  Tailgating
n  Shoulder surfing
n  Carelessness with laptops and portable computing devices
n  Opening questionable e-mails
n  Careless Internet surfing
n  Poor password selection and use

Deliberate Acts:
·        Compromises to intellectual property
·         Intellectual property. Property created by individuals or corporations which is protected under trade secret, patent, and copyright laws.
·         Trade secret. Intellectual work, such as a business plan, that is a company secret and is not based on public information.
·         Patent. Document that grants the holder exclusive rights on an invention or process for 20 years.
·         Copyright. Statutory grant that provides creators of intellectual property with ownership of the property for life of the creator plus 70 years.
·         Piracy. Copying a software program without making payment to the owner.
·         Virus is a segment of computer code that performs malicious actions by attaching to another computer program.
·         Worm is a segment of computer code that performs malicious actions and will spread by itself without requiring another computer program.
·         Trojan horse is a computer program that hides in another computer program and reveals its designated behavior only when it is activated.
·         Logic bomb is a segment of computer code that is embedded inside an organization’s existing computer programs and is designed to activate and perform a destructive action at a certain time or date.

Risk Mitigation Strategies:
·         Risk Acceptance. Accept the potential risk, continue operating with no controls, and absorb any damages that occur.
·         Risk limitation. Limit the risk by implementing controls that minimize the impact of threat.
·         Risk transference. Transfer the risk by using other means to compensate for the loss, such as purchasing insurance.
 

Controls:
·         Physical controls. Physical protection of computer facilities and resources.
·         Access controls. Restriction of unauthorized user access to computer resources; use biometrics and passwords controls for user identification.
·         Communications (network) controls. To protect the movement of data across networks and include  border security controls, authentication and authorization.
·         Application controls protect specific applications.

Communication or Network Controls:
·         Firewalls. System that enforces access-control policy between two networks.
·         Anti-malware systems (also called antivirus software) are software packages that attempt to identify and eliminate viruses, worms, and other malicious software.  The logos show three well-known anti-malware companies.  Clicking on the link will take you to each company’s homepage, respectively.
·         Whitelisting is a process in which a company identifies the software that it will allow to run and does not try to recognize malware.
·         Blacklisting is a process in which a company allows all software to run unless it is on the blacklist.
·         Intrusion Detection Systems are designed to detect all types of malicious network traffic and computer usage that cannot be detected by a firewall.
·         Encryption. Process of converting an original message into a form that cannot be read by anyone except the intended receiver.

Posted by at 1 comment:
Subscribe to: Posts (Atom)