Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 9: Security, Privacy and Ethics - Coggle Diagram
Chapter 9: Security, Privacy and Ethics
INTRODUCTION
- The ubiquitous use of computers and technology prompts some very important questions about the use of personal data and our right to privacy.
- This chapter covers issues related to the impact of technology on people and how to protect ourselves on the Web.
1) PRIVACY
- Concerns the collection and use of data about individuals or companies to deny or restrict the collection, use, and dissemination of information about them.
- Huge databases store data online
- Three primary privacy issues:
a) Accuracy – responsibility of those who collect data & Must be secure and correct
b) Property – who owns data and who has rights to software
c) Access – responsibility of those who control data and use of data
Treats – i) Large Databases
Large organizations compile information about us daily
- Big Data is exploding and ever-growing
a) 90% of the data collected has been collected over the last 2 years
- Data collectors include
a) Government agencies
b) Telephone companies
c) Credit card companies
d) Supermarket scanners
e) Financial institutions
f) Search engines
g) Social networking sites
- Information Resellers/Brokers
a) Collect and sell personal data
b) Create electronic profiles
Treats – i) Large Databases (Cont.)
- Personal information is a marketable commodity, which raises many issues:
a) Collecting public, but personally identifying information (e.g., Google’s Street View)
b) Spreading information without personal consent, leading to identity theft
c) Spreading inaccurate information
- According to Freedom of Information Act
a) You are entitlement to look at your records held by government agencies
Treats - ii) Private Networks
- Employee monitoring software
- Employers can monitor e-mail legally
A proposed law could prohibit this type of electronic monitoring or at least require the employer to notify the employee first
Treats – iii) Online Identity
- The information that people voluntarily post about themselves online
- Archiving and search features of the Web make it available indefinitely
- Major Laws on Privacy
a) Gramm-Leach-Bliley Act protects personal financial information
b) Health Insurance Portability and Accountability Act (HIPAA) protects medical records
c) Family Educational Rights and Privacy Act (FERPA) resists disclosure of educational records
Treats – iv) The Internet and the Web
- Illusion of anonymity
a) People are not concerned about privacy when surfing the Internet or when sending e-mail
- When browsing the web, critical information is stored on the hard drive in these locations:
a) History Files
b) Temporary Internet Files
c) Cookies
d) Privacy Mode
e) Privacy Threats
A. History Files
- Include locations or addresses of sites you have recently visited
B. Temporary Internet Files
- Saved files from visited websites
- Offers quick re-display when you return to the site
C. Cookies
- Cookies are small data files that are deposited on your hard disk from web sites you have visited
a) First-party cookies are generated only by websites you are visiting
b) Third-party cookies are generated by an advertising company that is affiliated with the website – referred as tracking cookies
- Also known as tracking cookies that keep track of your Internet activities through 3rd party cookies
- Refer to the accompanying graphic displaying how to block 3rd party cookies
Web sites use cookies for a variety of reasons
- Allow for personalization
- Store users’ passwords
- Assist with online shopping
- Track how often users visit a site
- Target advertisements
D. Privacy Modes
- Ensures your browsing activity is not recorded on your hard drive
- Eliminates history files as well as blocks most cookies.
a) Incognito Mode ( Google Chrome)
b) Private Browsing (Safari)
E. Privacy Threats
- Web bugs
a) Invisible images or HTML code hidden within an e-mail message or web page
b) When a user opens the message information is sent back to the source of the bug
- Spyware
a) Wide range of programs that are designed to secretly record and report Internet activities, add Internet ad cookies
- Computer monitoring software
a) Invasive and dangerous
b) Keystroke Loggers (Record activities and keystrokes)
- Anti-Spyware programs
a) Detect and remove privacy threats
Security
- Involves protecting individuals or organizations from theft and danger
- A digital security risk is any event or action that could cause a loss of or damage to a computer or mobile device hardware, software, data, information, or processing capability
- Hackers
a) Gain unauthorized access with malicious intent
b) Not all hackers are illegal
- Any illegal act involving the use of a computer or related devices generally is referred to as a computer crime
- A cybercrime is an online or Internet-based illegal act
Cybercrime / Computer Crime
- Criminal offense that involves a computer and a network
a) Effects over 400 million people annually
b) Costs over $400 billion each year
Cyber Crime
- Denial of Service
a) (DoS) attack attempts to slow down or stop a computer system or network by flooding it with requests for information or data
- Rogue Wi-Fi hotspots
a) Imitate free Wi-Fi networks and capture any and all information sent by the users to legitimate sites including usernames and passwords
- Data manipulation
a) Finding entry into someone’s computer network and leaving a prankster’s message
Internet Scams
- A fraudulent or deceptive act or operation to trick someone into providing personal information or spending money for little or no return
- Identity Theft
a) Illegal assumption of someone’s identity for purpose of economic gain
- Cyber-bullying
a) Use of the Internet, cell phones, or other devices to send or post content intended to harm
- Phishing
a) Attempts to trick Internet users into thinking a fake but official-looking website is legitimate
Malicious Programs - Malware
- Malicious Programs or Malware
a) Designed by crackers, computer criminals, to damage or disrupt a computer system
b) Consists of programs that act without a user’s knowledge and deliberately alter the operations of computers and mobile devices
c) Computer Fraud and Abuse Act makes spreading a virus a federal offense
d) 3 most common programs
-Viruses – migrate through networks and operating systems and most attach themselves to different programs and databases; can alter and/or delete files; can damage system components
-Worms – Doesn’t attach to a program , fills the computer with self-replicating information
-Trojan horse – programs disguised as something else, most common type of Trojan horses appear as free computer games
Cybersecurity
- Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
- It's also known as information technology security or electronic information security.
- Can be divided into a few common categories.
a) Network security is the practice of securing a computer network from intruders
b) Application security focuses on keeping software and devices free of threats.
c) Information security protects the integrity and privacy of data, both in storage and in transit.
d) Operational security includes the processes and decisions for handling and protecting data assets.
e) Disaster recovery and business continuity define how an organization responds to a cyber-security incident or any other event that causes the loss of operations or data.
f) End-user education addresses the most unpredictable cyber-security factor: people. Anyone can accidentally introduce a virus to an otherwise secure system by failing to follow good security practices.
Cyber safety tips
- Update your software and operating system: get benefit from the latest security patches.
- Use anti-virus software: will detect and removes threats. Keep software updated for protection.
- Use strong passwords: Ensure your passwords are not easily guessable.
- Do not open email attachments from unknown senders: These could be infected with malware.
- Do not click on links in emails from unknown senders or unfamiliar websites: This is a common way that malware is spread.
- Avoid using unsecure WiFi networks in public places: Unsecure networks leave vulnerable to man-in-the-middle attacks.
Software Theft
- Software theft occurs when someone:
a) Steals software media
b) Intentionally erases programs
c) Illegally registers and/or activates a program
d) Illegally copies a program
- Many manufacturers incorporate an activation process into their programs to ensure the software is not installed on more computers than legally licensed
- During the product activation, which is conducted either online or by phone, users provide the software product’s identification number to associate the software with the computer or mobile device on which the software is installed
Information Theft
- Information theft occurs when someone steals personal or confidential information
- Encryption is a process of converting data that is readable by humans into encoded characters to prevent unauthorized access
- A digital signature is an encrypted code that a person, website, or organization attaches to an electronic message to verify the identity of the message sender
a) Often used to ensure that an impostor is not participating in an Internet transaction
- A digital certificate is a notice that guarantees a user or a website is legitimate
- A website that uses encryption techniques to secure its data is known as a secure site
Hardware Theft, Vandalism, and Failure
- Hardware theft is the act of stealing digital equipment
- Hardware vandalism is the act of defacing or destroying digital equipment
Measures to Protect Computer Security
- Security involves protecting information, hardware, and software from unauthorized use, damage from intrusions, sabotage, and natural disasters
- Principle measures to ensure computer security
a) Restricting access
b) Encrypting data
c) Anticipating disasters
-Physical security
-Data security
-Disaster recovery plan
- Preventing data loss
Restricting Access
- Biometric scanning
b) Fingerprint scanners
c) Iris (eye) scanners
- Passwords
a) Dictionary attack
-Uses software to try thousands of common words sequentially in an attempt to gain unauthorized access to a user’s account
- Fingerprint reader
- Hand geometry system
- Signature verification system
- Iris recognition system
- Voice verification system
- Face recognition system
Restricting Access
- A passphrase is a private combination of words, often containing mixed capitalization and punctuation, associated with a user name that allows access to certain computer resources
- A PIN (personal identification number), sometimes called a passcode, is a numeric password, either assigned by a company or selected by a user
- A possessed object is any item that you must possess, or carry with you, in order to gain access to a computer or computer facility (badges, cards, keys and etc)
- A biometric device authenticates a person’s identity by translating a personal characteristic into a digital code that is compared with a digital code in a computer or mobile device verifying a physical or behavioral characteristic
Automated Security Tasks
- Ways to perform and automate important security tasks
a) Security Suites
- Provide a collection of utility programs designed to protect your privacy and security
b) Firewalls
- Security buffer between a corporation’s provide
network and all external networks
c) Password Managers
- Helps to create strong passwords
Encryption
- Coding information to make it unreadable, except to those who have the encryption key
a) E-mail encryption protects emails
b) File encryption protects files
c) Web site encryption uses HTTPS protocol for protection
d) Virtual private networks (VPNs)
e) Wireless network encryption restricts access to authorized users
Anticipating Disasters
- Anticipating Disasters
a) Physical Security - protecting hardware
b) Data Security - protecting software and data from unauthorized tampering or damage
c) Disaster Recovery Plan - describing ways to continue operating until normal computer operations can be restored; can create special emergency facilities called hot sites which are fully equipped backup computer centers or cold sites if hardware must be installed to be utilized
Preventing Data Loss
- Preventing Data Loss
- Frequent backups
- Redundant data storage
- A backup is a duplicate of a file, program, or media that can be used if the original is lost, damaged, or destroyed
- Off-site backups are stored in a location separate from the computer or mobile device site
Ethics
- Technology is moving so fast. It is hard for our legal system to keep up. The essential element that controls how computers are used today is ethics.
- Standards of moral conduct
- Computer Ethics – guidelines for the morally acceptable use of computers
a) Copyright
- Gives content creators the right to control the use and distribution of their work
Paintings, books, music, films, video games
b) Software piracy
- Unauthorized copying and distribution of software
Ethics and Society
- Green computing involves reducing the electricity and environmental waste while using computers, mobile devices, and related technologies
Plagiarism
- Representing some other person’s work and ideas as your own without giving credit to the original person’s work and ideas
Computer Addiction
- Computer addiction occurs when the computer consumes someone’s entire social life
- Symptoms of users include:
a) Craves computer time
b) Overjoyed when at the computer
c) Unable to stop computer activity
d) Irritable when not at the computer
e) Neglects family and friends
f) Problems at work or school
Drone – Uses in various area
- Remote sensing
- Commercial aerial surveillance
- Oil, gas, and mineral exploration
- Disaster relief
- Real estate and construction
- Recreational use