PROTECTING PEOPLE AND INFORMATION Threats and Safeguards INTRODUCTION As weve already learned, the three components of an IT system

are people, information, and information technology. Most of what weve seen in previous chapters has deal with IT and how it stores and process information. In this chapter were going to concentrate on information-its use, ownership, and protection. The best environment for handling information is one that has stability without stagnation and change without chaos. To handle information in a responsible way you must understand The importance of ethics in the ownership and use of information. The importance of people in the ownership and use of information. The importance to people of personal privacy and the ways in which it can be compromised. Threats to information and how to protect against them (Security).

Ethics are the principles and standards that guide our behavior toward other people. Acting ethically means behaving in a principled fashion and treating other people with respect and dignity. Its simple to say but not so simple to do since some situations are complex and ambiguous. The important role of ethics in our lives has long been recognized. As far back 44 B.C., Cicero said that ethics are indispensable to anyone who wants to have a good career. Having said that, Cicero, along with some of the greatest minds over the centuries, struggled with what the rules of ethics should be. Our ethics are rooted in our history, culture, and religion, and may stay the same and yet also shift over time. In this electronic age theres a new dimension in the ethics debate the amount of personal information that we can collect and store, and the speed with which we can access and process that information. TWO FACTORS THAT DETERMINE HOW YOU DECIDE ETHICAL ISSUES How you collect, store, access, and use information depends to a large extent on your sense of ethics what you perceive as right and wrong. (1)The first is your basic ethical structure, which you developed as you grew up. (2)The second is the set of practical circumstances inevitably involved in the decision that youre trying to make, that is, all the shades of grey in what are rarely black or white decisions.

Your ethical structure and the ethical challenges youll face exist at several levels (see figure 8.1). The outside levels are things that most people wouldnt consider bad, such as taking a couple of paper clips or sending an occasional personal e-mail on company such time. Do these things really matter? The middle levels are more significant ethical challenges. One example might be accessing personnel records for personal reasons. Could there ever be a personal reason so compelling that you would not feel ethical discomfort doing this? Reading someone elses e-mail might be another middle-level example. The innermost ethical levels are ethical violations that youd surely consider very serious, such as embezzling funds or selling company records to a competitor. And yet, over time, your ethical structure can change so that even such acts as these could seem more or less acceptable. For example, if everyone around you is accessing confidential records for their own purposes, in time you might come to think such an act is no big deal. And this might spell big trouble for you.

Consequences

Societys Opinion

Very Serious Ethical Violations

Relatedness

Likelihood of effect

Serious Ethical Violations

Minor Ethical Violations

Time to Consequences

Figure 8.1 Your Ethical Structure

Reach of Result

It would be nice if every decision were crystal clear, such as in the innermost circle in figure 8.1, but ethical decisions are seldom so easy. Ideally, you personal ethics should tell you what to do. But the practical circumstances of a decision inevitably also influence you in an ethical dilemma: 1. Consequences - How much or how little benefit or harm will come from a particular decision? 2. Societys Opinion - What is your perception to what society really thinks of your intended action? 3. Likelihood of Effect- What is the probability of the harm or benefit that will occur if you take the action? 4. Time to consequences- How long will it take for the benefit or harm to take effect? 5. Relatedness- How much do you identify with the person or persons who will receive the benefit or suffer the harm? 6. Reach of result- How many people will be affected by your action? No matter how strong your sense of ethics is, this practical aspects of situation may affect you as you make your decision perhaps unduly, perhaps quite justifiable. Thus, ethical dilemmas usually arise not out if simple situations but from a clash of between competing goals, responsibilities, and loyalties. Ethical decisions are complex judgments that balance rewards for your-self and others against responsibilities to your-self and others. Inevitably, your decision process is influenced by uncertainty about the magnitude of the outcome, by your estimate of the importance of the situation, sometimes by your perception of conflicting right reactions, and more than one socially acceptable correct decision. Intellectual Property Rights -is a term referring to a number of distinct types of creations of the mind for which property rights are recognizedand the corresponding fields of law. -Under intellectual property law, owners are granted certain exclusive rights to a variety of intangible assets, such as: Musical Literary Artistic works

discoveries and inventions words, phrases, symbols, and designs

Common types of intellectual property include: Copyrights Trademarks Patents Industrial Design Rights and Trade Secrets in some jurisdictions.

Copyright -It is the legal protection afforded an expression of an idea, such as a song, video game, and some types of proprietary documents. Copyright law protects the authorship of literary and dramatic works, musical and theatrical compositions, and works of arts. Fair Use Doctrine Fair Use Doctrine says that you may use copyrighted material in certain situations, for example, in the creation of the new work or, within certain limits, for teaching purposes. One of those limits is on the amount of the copyrighted materials you may use. Pirated Software Pirated Software is the unauthorized use, duplication, distribution, or sale of copyrighted software. Privacy Privacy is the right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without consent. Its the right to be free of unwanted intrusion into your private life.

Dimension of Piracy Psychologically, its a need for personal space. All of us, to a greater or lesser extent, need to feel in control of our most personal possessions, and personal information belongs on that list. Legally, privacy is necessary for self-protection.

Some specific areas of privacy: Individuals snooping on each other; Employers collection of information about employees; Businesses collection of information about consumers; Government collection of personal information; And the issue of privacy in international trade.

PRIVACY AND OTHER INDIVIDUALS Other individuals, like family members, associates, fellow employees, and hackers, could be electronically invading our privacy. Their motives might be simple curiosity, an attempt to get password, or to access something they have no right to. -Snoopware is a program that helps people to monitor whats happening to a computer. Key logger or Key trapper, is a program that, when installed on the computer, records every keystroke and mouse click. Packet sniffers (that examine the information passing by) on hubs, switches or routers (the devices on networks that connect computers to each other), and log analysis tools that keep track logons deletions, and so forth.

IDENTITY THEFT -It is a forging of someones identity for the purpose of fraud. The fraud is often for financial gain, and the stolen identity is used to apply for and use credit cards in the victims name or to apply for a loan. But it can also be simply disguise a real identity, particularly if the thief is hiding from law enforcement or is running some sort of scam. -Phishing (carding or brand spoofing) is a technique to gain personal information for the purpose of identity theft.

One way this is done to send out e-mail messages that look as though they came from legitimate businesses like AOL, MSN, eBay, PayPal, insurance companies, or online retailers like amazon.com. A second kind of phishing is to persuade people in an e-mail to click on a web site included in the message, and provide personal information there.

PRIVACY AND EMPLOYEES -Companies need information about their employees to run their business effectively. Reasons for seeking and storing information on employees: To ensure theyve hired the best people possible. Ensure appropriate behavior on the job not wasting company time and resources. Avoid litigation for employee misconduct.

MONITORING TECHNOLOGY - Monitoring Technology provides products that monitor industrial equipment and processes. It is now recognized as a crucial activity for achieving and maintaining competitive positions in a rapidly evolving business environment. Technology Monitoring systematizes the process through which a company maintains its window on the technology developments in the world. PRIVACY AND CONSUMER - Consumers want businesses to Know who they are, but not to know too much Provide what they want, but not gather information on them Let them know about products, but not pester them with advertising

COOKIES -A very small text file placed on your hard drive by a Web Page server. It is essentially your identification card, and cannot be executed as code or deliver viruses. It is uniquely yours and can only be read by the server that gave it to you. SPAM -Spam is any kind of unwanted online communication.

The most common form of spam is unwanted email. You can also get text message spam, instant message spam (sometimes known as spim), and social networking spam. Some spam is annoying but harmless. However, some spam is part of an identity theft scam or other kind of fraud. Identity theft spam is often called a phishing scam. ADWARE -Advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer. These advertisements can be in the form of a pop-up.[1] The object of the Adware is to generate revenue for its author. Adware, by itself, is harmless; however, some adware may come with integrated spyware such as keyloggers and other privacy-invasive software. SPYWARE -Spyware is any technology that aids in gathering information about a person or organization without their knowledge. On the Internet (where it is sometimes called a spybot or tracking software), spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. PRIVACY AND GOVERNMENT AGENCIES About 2,000 government agencies have databases with information on people. Government agencies need information to operate effectively. Whenever you are in contact with government agency, you leave behind information about yourself. LAW ENFORCEMENT NCIC (National Crime Information Center)

-is a computerized index of criminal justice information (i.e.- criminal record history information, fugitives, stolen properties, missing persons). It is available to Federal, state, and local law enforcement and other criminal justice agencies and is operational 24 hours a day, 365 days a year. FBI (Federal Bureau of investigation)

-is an agency of the Philippine government under the Department of Justice, responsible for handling or solving sensational cases that are in the interest of the nation.

OTHER FEDERAL AGENCIES - Is an agency is a bureau of the Department of the Treasury, and is under the immediate direction of the Commissioner of Internal Revenue. The IRS is responsible for collecting taxes and the interpretation and enforcement of the IRC (Internal Revenue Code). LAWS ON PRIVACY Health Insurance Portability and Accountability Act (HIPAA) protects personal health information. HIPAA is also known as the Kennedy-Kassebaum Health Insurance Portability and Accountability Act (HIPAA-Public Law 104-191). -Established procedures for the exercise of individual health information privacy rights. -The use and disclosure of individual health information should be authorized or required. Financial Services Modernization Act requires that financial institutions protect personal customer information. Also called the Gramm-Leach-Bliley Act.

- The GrammLeachBliley Act allowed commercial banks, investment banks, securities firms, and insurance companies to consolidate. SECURITY - is the degree of protection against danger, damage, loss, and criminal activity. Securities as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies (ISECOM) in the OSSTMM 3 defines security as "a form of protection where a separation is created between the assets and the threat". This includes but is not limited to the elimination of either the asset or the threat. Security as a national condition was defined in a United Nations study (1986), so that countries can develop and progress safely. Security has to be compared to related concepts: safety, continuity, reliability. The key difference between security and reliability is that security must take into account the actions of people attempting to cause destruction. Different scenarios also give rise to the context in which security is maintained: With respect to classified matter, the condition that prevents unauthorized persons from having access to official information that is safeguarded in the interests of national security.

Measures taken by a military unit, an activity or installation to protect itself against all acts designed to, or which may, impair its effectiveness.

SECURITY AND EMPLOYEES - Attacks on information and computer resources come from inside and outside the company. Computer sabotage costs about $10 billion per year. In general, employee misconduct is more costly than assaults from outside

INTERNET DOT-CONS Internet Auctions The Bait: Shop in a "virtual marketplace" that offers a huge selection of products at great deals. The Catch: After sending their money, consumers say they've received an item that is less valuable than promised or, worse yet, nothing at all. The Safety Net: When bidding through an Internet auction, particularly for a valuable item, check out the seller and insist on paying with a credit card or using an escrow service. Internet Access Services The Bait: Free money, simply for cashing a check.

The Catch: Consumers say they've been "trapped" into long-term contracts for Internet access or another web service, with big penalties for cancellation or early termination. The Safety Net: If a check arrives at your home or business, read both sides carefully and look inside the envelope to find the conditions you're agreeing to if you cash the check. Read your phone bill carefully for unexpected or unauthorized charges. SECURITY AND OUTSIDE THREATS -Competitors Any person or entity which is a rival against another. In business, a company in the same industry or a similar industry which offers a similar product or service. -Hackers knowledgeable computer users who use their knowledge to invade other people's computers.

TYPES OF CYBERCRIME -Computer virus (virus) software that is written with malicious intent to cause annoyance or damage -Worm type of virus that spreads itself from computer to computer usually via e-mail -Denial-of-service (DoS) attack floods a Web site with so many requests for service that it slows down or crashes.

Computer Viruses Cant Hurt your hardware Ex: Monitors, printers, processors, etc. Hurt any files they werent designed to attack Ex: A worm designed to attack Outlook wont attack other e-mail programs Infect files on write-protected media.

SECURITY PRECAUTIONS Backups - a backup or the process of backing up refers to making copies of data so that these additional copies may be used to restore the original after a data loss event. -Incremental versus Full -On-site and Off-Site AntiVirus Software - detects and removes or quarantines computer viruses. -Microsoft Security Essentials Firewalls - hardware and/or software that protects a computer or network from intruders. -Hardware (routers) and software (ZoneAlarm) Access Authorization - Access Authorization is used to allow access to your Web site only by those who have been given special usernames and passwords defined by you. -Biometrics (i.e., fingerprints, facial recognition) Encryption - scrambles the contents of a file so that you cant read it without the decryption key usually the user password. Public Key Encryption (PKE) an encryption system with two keys: a public for everyone and a private one for the recipient. INTRUSION-DETECTION AND SECURITY-AUDITING SOFTWARE INTRUSION DETECTION SYSTEM (IDS) is a software and/or hardware that watches network traffic for intrusion attempts, reports them, and optionally takes action against them. SECURITY-AUDITING SOFTWARE checks out your computer or network for possible weaknesses.

RISK MANAGEMENT & ASSESSMENT Risk Management -Identification of risks or threats -Implementation of security measures -Monitoring of those measures for effectiveness Risk Assessment -Evaluate IT assets and what can go wrong? -What is the probability that it will go wrong? -What are the worst-case scenario consequences? -Too much security can hamper ability to do job -Too little security can leave you vulnerable.

SOURCES: http://www.microsoft.com/info/cookies.mspx http://www.microsoft.com/security/resources/spam-whatis.aspx http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214518,00.html http://www.softwaretipsandtricks.com/windowsxp/articles/590/1/Different-types-of-Spyware http://www.fas.org/irp/agency/doj/fbi/is/ncic.htm http://www.businessdictionary.com/definition/competitor.html http://www.webcom.com/help/acc_auth/