NEW THREATS AND COUNTERMEASURES Identity Theft and Unauthorized Profiling vs Identity Management
|
|
- Marlene Johnston
- 8 years ago
- Views:
Transcription
1 NEW THREATS AND COUNTERMEASURES Identity Theft and Unauthorized Profiling vs Identity Management, Ernesto Damiani (joint work with Marco Cremonini, Sabrina De Capitani di Vimercati, Pierangela Samarati) Università degli Studi di Milano Dipartimento di Tecnologie dell'informazione Crema (CR) Firenze, 19 Maggio 2005
2 Types of Cyber Crime Security Threats and Violations Access Control Violations Integrity/ Privacy Violations Fraud/ Identity Theft Sabotage Denial of Service/ Infrastructure Attacks Confidentiality Authentication Nonrepudiation Violations 2
3 Identity Theft Generic Definition Identity theft is a crime in which an impostor obtains key pieces of personal information in order to impersonate someone else. Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain. 3
4 Identity Theft Legal Definitions The Identity Theft and Assumption Deterrence Act of 1998 (Identity Theft Act) was passed to address the problem of Identity Theft. This act (codified at 18 U.S.C. 1028) makes it a federal crime when anyone. Knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable state or local law European Union: the EU (European Union) Privacy Directive and EU Electronic Commerce Policy Safe Harbor Provisions 4
5 Identity Theft Statistics In 1995, 8806 financial crimes investigation cases were related to identity theft. In 1996 there were 8686 cases 1997 there were 9455 cases. In 2002, an estimated 500,000 to 700,000 people were victimized by identity theft U.S. statistics showing ID-theft losses are growing 20 percent a year Source: Janine Benner, Beth Givens, and Ed Mierzwinski, < The Federal Trade Commission says, 6 percent of the 86,168 people who reported identity theft to the agency said a family member was responsible. 5
6 Identity Theft Cost In 2002, The General Accounting Office (GAO) released the second edition of a report to Congressional requesters entitled, "Identity Fraud: Information on Prevalence, Cost, and Internet Impact is Limited." The report noted that the Secret Service quantified identity theft losses to individuals and financial institutions at $442 million in fiscal year 1995, $450 million in fiscal year 1996, and $745 million in fiscal year This involved only those cases of financial crime that the Secret Service itself had tracked. MasterCard stated that dollar losses related to identity theft fraud represent 96% of member banks' overall fraud losses of $407 million in Also in 2001, U.S. fraud losses of VISA member banks totaled $490 million or about 0.1% of billing transactions. 6
7 Interesting Scams In 2002, the FBI has arrested Philip Cummings, who is alleged to have started the scam while he worked on the help desk at Teledata Communications Inc. (TCI), a company in Bay Shore, N.Y., that provides banks and other entities with computerized access to consumer credit reports from the three commercial credit history bureaus -- Equifax Inc., Experian Information Solutions Inc. and Trans Union LLC. Federal investigators have charged three men they say were involved in a massive identity theft scheme that spanned three years, involved more than 30,000 victims and, so far, has resulted in more than $2.7 million in losses. 7
8 Interesting Scams - continued FTD.COM Leaks Credit Card Numbers to the Internet. Source: Gerald Quakenbush, BugTraq Identity Thieves Strike e-bay. Source: Paul Festa Staff Writer, CNET News.com November 22, 2002 Identity Theft Targeted H&R Block Customers Source: AP Newswire, November 4, 2002 Latest ID Theft Scam: Fake Job Listings Source: Saturday, March 1, 2003 TriWest Healthcare Alliance Corp Broke Into And Record Stolen Source: Dennis Wagner,The Arizona Republic, Jan. 1,
9 Id Theft Categories Account takeover identity theft The impostor uses personal information to gain access to the person's existing accounts Example: credit card fraud; cell phone fraud A real life story True name and account takeover True name identity theft means that the thief uses personal information to open new accounts. Example: opening new credit card account; opening a new checking account A real life nightmare 9
10 Identity Theft Management Need for secure identity management Ease the burden of managing numerous identities Prevent misuse of identity: preventing identity theft Techniques for preventing identity thefts include Access control, Encryption, Digital Signatures A merchant encrypts the data and signs with the public key of the recipient Recipient decrypts with his private key 10
11 Platform for Privacy Preferences (P3P): What is it? P3P is an emerging industry standard that enables web sites t9o express their privacy practices in a standard format The format of the policies can be automatically retrieved and understood by user agents It is a product of W3C; World wide web consortium When a user enters a web site, the privacy policies of the web site is conveyed to the user If the privacy policies are different from user preferences, the user is notified User can then decide how to proceed 11
12 What To Do Social Engineering 12
13 Things To Look For At Work Information security procedures in your workplace. Process to screen employees who have access to personal information. Keep all personal information in locked files, and establish secure procedures for data services. Limit use of personal identifiers. Encrypt all personal and confidential information on computers. Secure methods for disposing of personal information 3rd party to carryout privacy audits/investigations that gauge how vulnerable records are to theft Supply employees with a yearly credit check as a benefit of employment 13
14 Risorse Web - U.S. government's central website for information about identity theft. - Official Website of the Social Security Administration - Privacy Rights Clearinghouse - Identity Theft Resource Center 14
15 What To Do Technological perspective 15
16 Digital Identity Management Digital identity is the identity that a user has to access an electronic resource A person could have multiple identities A physician could have an identity to access medical resources and another to access his bank accounts Digital identity management is about managing the multiple identities Manage databases that store and retrieve identities Resolve conflicts and heterogeneity Make associations Provide security 16
17 Digital Identity Management - II Federated Identity Management Corporations work with each other across organizational boundaries with the concept of federated identity Each corporation has its own identity and may belong to multiple federations Individual identity management within an organization and federated identity management across organizations Technologies for identity management Database management, data mining, ontology management, federated computing MORE LATER 17
18 RFID -- radio frequency identification RFID tags are miniscule microchips the size of grain of sand Retailers adore the concept: RFID tags in clothing and other products Networked RFID readers RFID can be tag with credit card you used to buy it and recognizes you by name Disabled at the cash register only if the consumer chooses to "opt out" and asks for the tags to be turned off. " 18
19 Biometrics Early Identication and Authentication (I&A) systems, were based on passwords Recently physical characteristics of a person are being sued for identification Fingerprinting Facial features Iris scans Blood circulation Facial expressions Biometrics techniques will provide access not only to computers but also to building and homes Other Applications 19
20 Biometric Technologies Pattern recognition Machine learning Statistical reasoning Multimedia/Image processing and management Managing biometric databases Information retrieval Pattern matching Searching Ontology management Data mining 20
21 Secure Biometrics Biometrics systems have to be secure Need to study the attacks for biometrics systems Facial features may be modified: E.g., One can access by inserting another person s features Attacks on biometric databases is a major concern Challenge is to develop a secure biometric systems Policy, Model, Architecture Need to maintain privacy of the individuals as appropriate 21
22 Negotiated Access Control-1 Negotiated AC differs from traditional identity-based access control in the following aspects: Trust between two strangers (requestor and service provider) is established based on parties properties Proven through negotiated disclosure of digital credentials or zero-knowledge proofs. Every party can define release policies to protect sensitive resources. Resources can include services accessible over the Internet, RBAC roles credentials, policies, and capabilities in capability-based systems. 22
23 Negotiated Access Control-2 Policies describe what properties each party must demonstrate (e.g., ownership of a driver s license issued by an EU country) in order to gain access to a resource. The parties negotiate directly without involving trusted third parties, other than credential issuers. Since both parties have policies, peer-to-peer negotiation is appropriate for Web Services on the Open Web. Instead of carrying out a one-shot authorization and authentication process, trust is established incrementally through a sequence of bilateral credential disclosure. 23
24 Negotiation protocol A negotiation process is triggered when one party requests to access a resource owned by another party. E.g., a remote requestor tries to access a Web-based service. The goal of a negotiation between a requestor and a service provider resp. holding policies P r and P s is: Finding a sequence of resources (C 1.x,...,C k.x,s s ) (C i.x : credential belonging to party x, S: service), such that when credential C i.x is disclosed, its release policy has been satisfied by credentials disclosed earlier in the sequence. E.g. C 2.s is released iff policy P s includes a rule like disclose C 2.s if C 1.r has been provided by requestor ). The use of release policies together with a negotiation process seems to be the most promising approach to providing privacy-aware access to services on the Open Web. 24
25 Privacy Issues Privacy issues PKI does not provide a comprehensive solution for avoiding unauthorized disclosure of personal information. Digital Identity Management System (privacy-aware) New solutions (management of partial identity) with support of privacy related features: privacy, minimal disclosure, anonymity support, legislation support. 25
26 Nyms and Partial Identities Digital Identity Nyms Partial Identities Non-disjoint concepts. Nyms give users different identities to use when interacting with other parties in different environments. Behind a nym, strong authentication tools such as tokens, smart cards, digital certificates, or biometrics associate individuals with their true digital identities. 26
27 Partial Identities Partial identities are any subset of the properties associated with users (such as name, age, credit-card number, or employment) that the user can select for interacting with other parties. A partial identity can be named or unnamed, which means it might or might not be related to the user s true identity. 27
28 Partial Identities Examples of partial identities. Each dashed line delimits a subset of the user s attributes that can be used as a partial identity when interacting with a party such as an airline or a car rental company. 28
29 Multiple and Dependable Digital Identity (MDDI) : Requirements Reliability and dependability Protect users against forgery and related attacks while also guaranteeing to other parties (such as suppliers and brokers in an ebusiness transaction) that the users can meet transaction-related obligations. Controlled information disclosure Users must have control over which identity to use in specific circumstances, as well as over its secondary use and the possible replication of any identity information revealed in a transaction. Mobility support The mobile computing infrastructure must be able to take into account its own peculiarities (such as limited bandwidth and display size) to apply MDDI technology successfully. 29
30 MDDI System Design Issues Multiple and dependable digital identity (MDDI) system design issues.the shaded boxes represent the main categories of problems and the clear boxes the specific issues to be addressed. 30
31 Identities Life Cycle Management Open issues: Provisioning: users must be given the ability to efficiently obtain/create identities. Revocation: Identities may become obsolete and not applicable anymore. Profile management: users must be given the ability to manage their own identity information. Prevention of identity proliferation: impose soft/hard limit on the number of identities that can be associated with a single individual. 31
32 Digital Identities Representation Ontology: domain ontology, task ontology. Need to allow for sound reasoning about the identity equivalence and trust propagation. Identity interoperability and portability: Identity must be provided in a common interchange format. The identity management service must support extensible mapping between identities. Identity extensibility: Unlimited number of attributes that may be associated with an identity. 32
33 Cross-domain Identity Communication Federated identity management support: need to investigate techniques for identity composition and interchange. Challenge is to balance complete retrieval with privacy. Distributed profile management: retrieval of different chunks of identity information. Distributed update support: Distribution of profile information and update support. 33
34 Controlled Dissemination Privacy and secondary usage control: identity attributes should be enriched with privacy preferences. Current languages are still in their infancy. Negotiation protocols (e.g., avoid cases when identity is released and no service is given in return). Linkability control between transactions and different information releases. 34
35 Trust management Control on single sign-on identity disclosure: SSO approaches delegate to the infrastructure all decisions on identity communication. Solutions are needed enabling users to retain some control on such disclosure. Trust models to determine under which conditions a party can trust others for their security and privacy. E.g., reputation models. Support of trust levels for instance non-sensitive information can be provided directly by the user, while for others certificates may be needed. 35
36 The PRIME Project Objective of the project PRIME focuses on solutions for privacy-enhancing identity management that supports end-users sovereignty over their private sphere and enterprises privacy-compliant data. Main features: anonymity and end-user control flexible and expressive access control rules client side restrictions 36
37 Model and Format Privacy-aware access control model New privacy-aware access control model together with an access control protocol for the communication of policies and of identity information among parties. Profiles and Ontologies Profiles associated with subjects and objects define the name and value of some properties that characterize the subjects and objects. Ontologies (Subject and Object) contain terms that can be used to make generic assertions on subjects and objects. 37
38 Privacy Policies Access control policies. They govern access to data/services managed by the user/server-side party (as in traditional access control). Release policies. They govern release of properties/credentials/pii of the party and specify under which conditions they can be disclosed. Data handling policies. Specified by the user that decide how his/her personal information must be managed by the counterpart (also called Sticky policies). Sanitized policies. They provide filtering functionalities on the response to be returned to the counterpart to avoid release of sensitive information related to the policy itself. The first version of the language (Feb. 05), integrated in PRIME Prototype V1, deals with access control and release policies only. 38
39 Access Request Each request is characterized by: the Subject that makes the request, defined as a pair: User: identifier of the human entity (possible anonymous) that connected to the system and submitted the request. Purpose: reason for which data are being requested and will be used (e.g., Commercial, Teaching, Research, etc.). the Action that is being requested (e.g., read, write, download). the Object on which the subject wishes to perform the action. 39
40 Access Request: Examples <tom.smith,research>, read, object1 user tom.smith requires to read object1 for research purposes. <john.doe, _>, read, object1 user john.doe with undeclared purpose requires to read object1. <_,_,>, browse, object5 an anonymous user with undeclared purpose requires to browse object5. 40
41 Subject and Object Information Each party's portfolio contains properties that the party can use to gain (or offer) services: data declarations: statements issued by the party. credentials: statements issued and signed (i.e., certified) by authorities trusted for making the statements. To refer to specific data in a credential we introduce the concept of credential term. A credential term is an expression of the form credential name(predicate list) Users and Objects can be grouped into groups. Ontologies represent relationships (part-of and is-a) among attributes and credentials to establish what credentials can be provided to fulfill a declaration or credential request. 41
42 Basic elements of the language-1 A predicate declaration where the argument is a list of predicates of the form predicate name(arguments); A binary predicate credential where the first argument is a credential term and the second argument is a public key term. Intuitively, a ground atom credential(c;k) is evaluated to true if and only if there exists a credential c verifiable with public key K. A set of standard built-in mathematic predicates, such as equal(), greater_than(), less_than(), and so on. 42
43 Basic elements of the language-2 A set of location-based predicates of the form predicate name(arguments); A set of trusted-based predicates of the form predicate name(arguments); A set of non predefined predicates that evaluate information stored at the site. 43
44 Obligation An obligation establishes how a released personal data must be managed by the counterpart. Obligations are associated to release policies and linked to released data. Types of obligations: Transactional Obligation: to be immediately enforced (e.g. delete PII data as soon as the transaction is over) Data Retention and Handling Obligation: driven by timebased or specific events (e.g. delete PII data after x days from the reception, or delete PII data after 3 accesses) 44
45 Access Control rules - 1 subject WITH subject-expression CAN action FOR purpose ON object WITH object-expression IF conditions FOLLOW obligations An access is granted if there is satisfaction of at least one of the AC rules that apply to the given request. Rule structure: subject identifies the subject to which the rule refers. subject-expression is an expression defining conditions on the subject that must be evaluated on the subject's portfolio (declarations and credentials); 45
46 Access Control rules - 2 subject WITH subject-expression CAN action FOR purpose ON object WITH object-expression IF conditions FOLLOW obligations action is the action to which the rule refers (e.g., read, write, etc.). purpose is the purpose to which the rule refers and represents how the data is going to be used by the recipient. object identifies the object to which the rule refers. object-expression is an expression defining conditions on the object that must be evaluated on object's data (stored in DB or other repositories). 46
47 Access Control rules - 3 subject WITH subject-expression CAN action FOR purpose ON object WITH object-expression IF conditions FOLLOW obligations conditions is a boolean expression of generic conditions that an access request to which the rule applies has to satisfy. For instance, trust properties, or the user's consent to disclose. obligations is a boolean expression of obligations that the server must follow when manage the information/data/pii. E.g., all accesses against a certain type of data for a given purpose must be logged. 47
48 Examples of rules - 1 A registered user who works as a doctor, can read for research the patientxxx-data with the agreement of the patient. registeredusers WITH declaration(equal(user.work, "doctor")) CAN read FOR research ON patientxxx-data with declaration(equal(object.patient_agreement, yes)) IF no-condition FOLLOW no-obligation 48
49 Examples of rules 2 Anybody with age>18 can book two seat for the movie "Full Metal Jacket" giving a credit card and accepting a contract. Server must delete credit card after the end of transaction. Anonymous WITH declaration(greater than(user.age,18)) CAN book FOR no-purpose ON movie with declaration(equal(object.title, "Full Metal Jacket")) IF sign_contract() and credential(credit_card, K) FOLLOW delete(credit_card) 49
50 Open problems Policy correctness Unfortunately, real-world policies tend to be very complex. Policy errors could allow outsiders to gain inappropriate access to services, possibly inflicting huge and costly damages. Leakage in automated negotiation Very specific policies may leak information about what we want to protect. Malicious services may try to get information which is not relevant to the resource the requestor needs to access. 50
51 Conclusions Identity: a central concept in the e- infrastructure Identity theft/misuse and unauthorized profiligs: two major security threats Identity management: a key technology for securing the global infrastructure 51
Identity Management for Web-based Services
Identity Management for Web-based Services Marco Cremonini, Ernesto Damiani, Sabrina De Capitani di Vimercate, Pierangela Samarati Università degli Studi di Milano Dipartimento di Tecnologie dell'informazione
More informationDigital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government
Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government Briefing W. Frisch 1 Outline Digital Identity Management Identity Theft Management
More informationCombating Identify Theft: A Theoretical Framework
Combating Identify Theft: A Theoretical Framework Yufei Yuan Wayne C. Fox Chair in Business Innovation DeGroote School of Business McMaster University, Canada yuanyuf@mcmaster.ca Feb. 28, 2006 1 Agenda
More informationPrivacy and Identity Management for Europe
Privacy and Identity Management for Europe Pierangela Samarati Università degli Studi di Milano Milan, Italy samarati@dti.unimi.it Page 1 Vision and Objectives Users disclose vast amounts of personal information
More informationCrime Prevention Tips
Crime Prevention Tips The suggests the following crime prevention techniques to avoid becoming a victim of Identity Theft: 1. To minimize the amount of information an identity thief can steal, do not carry
More informationExtending XACML for Open Web-based Scenarios
Extending XACML for Open Web-based Scenarios Claudio A. Ardagna 1, Sabrina De Capitani di Vimercati 1, Stefano Paraboschi 2, Eros Pedrini 1, Pierangela Samarati 1, Mario Verdicchio 2 1 DTI - Università
More informationWISCONSIN IDENTITY THEFT RANKING BY STATE: Rank 15, 175.9 Complaints Per 100,000 Population, 9852 Complaints (2007) Updated January 16, 2009
WISCONSIN IDENTITY THEFT RANKING BY STATE: Rank 15, 175.9 Complaints Per 100,000 Population, 9852 Complaints (2007) Updated January 16, 2009 Current Laws: It is unlawful to intentionally use or attempt
More informationPENNSYLVANIA IDENTITY THEFT RANKING BY STATE: Rank 14, 72.5 Complaints Per 100,000 Population, 9016 Complaints (2007) Updated January 29, 2009
PENNSYLVANIA IDENTITY THEFT RANKING BY STATE: Rank 14, 72.5 Complaints Per 100,000 Population, 9016 Complaints (2007) Updated January 29, 2009 Current Laws: A person commits the offense of identity theft
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationPart I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
More informationBiometrics and National Strategy for Trusted Identities in Cyberspace Improving the Security of the Identity Ecosystem September 19
Biometrics and National Strategy for Trusted Identities in Cyberspace Improving the Security of the Identity Ecosystem September 19 Andrew Sessions, Abel Sussman Biometrics Consortium Conference Agenda
More informationCONNECTICUT IDENTITY THEFT RANKING BY STATE: Rank 19, 68.8 Complaints Per 100,000 Population, 2409 Complaints (2007) Updated November 28, 2008
CONNECTICUT IDENTITY THEFT RANKING BY STATE: Rank 19, 68.8 Complaints Per 100,000 Population, 2409 Complaints (2007) Updated November 28, 2008 Current Laws: A person commits identity theft when he intentionally
More informationBest Practices for the Use of RF-Enabled Technology in Identity Management. January 2007. Developed by: Smart Card Alliance Identity Council
Best Practices for the Use of RF-Enabled Technology in Identity Management January 2007 Developed by: Smart Card Alliance Identity Council Best Practices for the Use of RF-Enabled Technology in Identity
More informationEvaluation of different Open Source Identity management Systems
Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems
More informationBusiness Issues in the implementation of Digital signatures
Business Issues in the implementation of Digital signatures Much has been said about e-commerce, the growth of e-business and its advantages. The statistics are overwhelming and the advantages are so enormous
More informationA California Business Privacy Handbook
A California Business Privacy Handbook April 2008 This brochure is for informational purposes and should not be construed as legal advice or as policy of the State of California. If you want advice in
More informationSecure communications via IdentaDefense
Secure communications via IdentaDefense How vulnerable is sensitive data? Communication is the least secure area of digital information. The many benefits of sending information electronically in a digital
More informationCOLORADO IDENTITY THEFT RANKING BY STATE: Rank 8, 89.0 Complaints Per 100,000 Population, 4328 Complaints (2007) Updated November 28, 2008
COLORADO IDENTITY THEFT RANKING BY STATE: Rank 8, 89.0 Complaints Per 100,000 Population, 4328 Complaints (2007) Updated November 28, 2008 Current Laws: A person commits identity theft if he or she: Knowingly
More informationBest Practices in Identity and Access Management (I&AM) for Regulatory Compliance. RSA Security and Accenture February 26, 2004 9:00 AM
Best Practices in Identity and Access Management (I&AM) for Regulatory Compliance RSA Security and Accenture February 26, 2004 9:00 AM Agenda Laura Robinson, Industry Analyst, RSA Security Definition of
More informationDelivery date: 18 October 2014
Genomic and Clinical Data Sharing Policy Questions with Technology and Security Implications: Consensus s from the Data Safe Havens Task Team Delivery date: 18 October 2014 When the Security Working Group
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationFinancial Crime Report
Classification 484(g) PC 530.5 PC ALHAMBRA POLICE DEPARTMENT Financial Crime Report DR Number UCR INSTRUCTIONS 1. If the suspect is known, contact this Department by calling (626) 570-5151. 2. Please provide
More informationWhy Identity Management. Identity Management. What We Cover. Role of Digital Identity. Digital Identity. Digital Identity (or network identity)
Why Identity Management Identity Management Claudiu Duma Identity crisis Privacy concerns Identity theft Terrorist threat Department of Computer and Information Science cladu@ida.liu.se What We Cover Digital
More informationWhen visiting online banking's sign-on page, your browser establishes a secure session with our server.
The privacy of communications between you (your browser) and our servers is ensured via encryption. Encryption scrambles messages exchanged between your browser and our online banking server. How Encryption
More informationOpinion and recommendations on challenges raised by biometric developments
Opinion and recommendations on challenges raised by biometric developments Position paper for the Science and Technology Committee (House of Commons) Participation to the inquiry on Current and future
More informationFIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
More informationRHODE ISLAND IDENTITY THEFT RANKING BY STATE: Rank 34, 56.0 Complaints Per 100,000 Population, 592 Complaints (2007) Updated January 5, 2009
RHODE ISLAND IDENTITY THEFT RANKING BY STATE: Rank 34, 56.0 Complaints Per 100,000 Population, 592 Complaints (2007) Updated January 5, 2009 Current Laws: A person commits the crime of identity fraud if
More information<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129
Addendum Amendment ID Proposal ID Enrollment number Microsoft to complete This addendum ( Windows Azure Addendum ) is entered into between the parties identified on the signature form for the
More informationProfessional Ethics for Computer Science
Professional Ethics for Computer Science Chapter 4: Privacy Jie Gao Computer Science Department Stony Brook University Privacy Issues Internet privacy consists of privacy over the media of the Internet:
More informationIdentity Theft Packet
BOULDER POLICE DEPARTMENT 1805 33 rd Street Boulder, CO 80301 Identity Theft Packet ** Use this packet when the crime involves the stealing of someone's identity, such as when a victim finds out that someone
More informationEnrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 --------------
w Microsoft Volume Licensing Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 Enrollment for Education Solutions number Microsoft to complete --------------
More informationMicrosoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10
Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID This Microsoft Online Services Security Amendment ( Amendment ) is between
More informationNCUA LETTER TO CREDIT UNIONS
NCUA LETTER TO CREDIT UNIONS NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA DATE: September 2001 LETTER NO.: 01-CU-09 TO: SUBJ: Federally Insured Credit Unions Identity Theft and
More informationWASHINGTON IDENTITY THEFT RANKING BY STATE: Rank 13, 76.4 Complaints Per 100,000 Population, 4942 Complaints (2007) Updated January 11, 2009
WASHINGTON IDENTITY THEFT RANKING BY STATE: Rank 13, 76.4 Complaints Per 100,000 Population, 4942 Complaints (2007) Updated January 11, 2009 Current Laws: Washington s identity theft law states that no
More informationHow the IRS Helps Taxpayers and Assists Victims
How the IRS Helps Taxpayers and Assists Victims Combating Identity Theft and Online Fraud Justin McCarty January, 2014 What is identity theft? Identity theft occurs when someone uses your personal information
More informationSecure Semantic Web Service Using SAML
Secure Semantic Web Service Using SAML JOO-YOUNG LEE and KI-YOUNG MOON Information Security Department Electronics and Telecommunications Research Institute 161 Gajeong-dong, Yuseong-gu, Daejeon KOREA
More informationCertification Practice Statement
FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification
More informationProtect Yourself From Identity Theft
Protect Yourself From Identity Theft Identity theft occurs when a criminal uses another person's personal information to take on that person's identity. Identity theft is much more than misuse of a Social
More informationOpenHRE Security Architecture. (DRAFT v0.5)
OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2
More informationIBM Tivoli Access Manager and VeriSign Managed Strong Authentication Services. Combine resources for one complete online business security solution.
IBM Tivoli Access Manager and VeriSign Managed Strong Authentication Services Combine resources for one complete online business security solution. Big e-business opportunities demand security to match
More informationOverview of Information Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Information Security Murat Kantarcioglu Pag. 1 Purdue University Outline Information Security: basic concepts Privacy: basic
More informationContents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008
Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationHIPAA Audit Risk Assessment - Risk Factors
I II Compliance Compliance I Compliance II SECTION ONE COVERED ENTITY RESPONSIBILITIES AREA ONE Notice of Privacy Practices 1 Is your full notice of privacy practices given to every new patient in your
More informationIdentity Theft Problem and Solutions
Identity Theft Problem and Solutions October 7, 2011 Michigan Cyber Summit 2011 Jon Miller Steiger Regional Director The views expressed are those of the speaker and not necessarily those of the FTC or
More informationIdentity Theft and Medical Theft. *Christine Stagnetto-Sarmiento, Oglala Lakota College, USA
1 Identity Theft and Medical Theft *Christine Stagnetto-Sarmiento, Oglala Lakota College, USA *Corresponding Author, 490 Piya Wiconi Road, Kyle-South Dakota (605) 455-6110 csarmiento@olc.edu Introduction
More informationUNCITRAL United Nations Commission on International Trade Law Introduction to the law of electronic signatures
Introduction to the law of electronic signatures Luca Castellani Head, Regional Centre for Asia and the Pacific UNCITRAL Secretariat Incheon, Republic of Korea Outline 1. Methods and technologies for electronic
More informationData Protection Act 1998. Bring your own device (BYOD)
Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...
More informationIdentity Theft Victim Guide
Becoming the victim of identity theft is an emotionally distressing event in anyone s life. This guide is intended to provide some help by suggesting steps you can take to stop the fraudulent use of your
More informationIntroduction to The Privacy Act
Introduction to The Privacy Act Defense Privacy and Civil Liberties Office dpclo.defense.gov 1 Introduction The Privacy Act (5 U.S.C. 552a, as amended) can generally be characterized as an omnibus Code
More informationHow To Get A Free Credit Report From A Credit Report Website
FACTS FOR OLDER CONSUMERS National Consumer Law Center Protect Yourself From Identity Theft Identity theft is one of the fastest growing crimes in the country. It can strike anyone, but elders may be particularly
More informationFacts and Statistics
Facts and Statistics A Wall Street Journal poll asked Americans what they feared most in the new millennium. Privacy came out on top, substantially higher than terrorism, global warming and overpopulation.
More informationFederal Trade Commission Privacy Impact Assessment for:
Federal Trade Commission Privacy Impact Assessment for: DCBE Websites and Blogs Consumer.ftc.gov, Consumidor.ftc.gov, OnGuardOnline, AlertaenLinea, Consumer.gov, Consumidor.gov and the BCP Business Center
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More informationBiometric Authentication Platform for a Safe, Secure, and Convenient Society
472 Hitachi Review Vol. 64 (2015), No. 8 Featured Articles Platform for a Safe, Secure, and Convenient Society Public s Infrastructure Yosuke Kaga Yusuke Matsuda Kenta Takahashi, Ph.D. Akio Nagasaka, Ph.D.
More informationMobile Electronic Payments
Chapter 7 Mobile Electronic Payments 7.1 Rationale and Motivation Mobile electronic payments are rapidly becoming a reality. There is no doubt that users of mobile phones are willing and even asking to
More informationHow To Protect Your Data From Theft
Understanding the Effectiveness of a Data Protection Program IIA: Almost Free Seminar 21 June 2011 Agenda Data protection overview Case studies Ernst & Young s point of view Understanding the effectiveness
More informationWhite Paper. From Policy to Practice: A Practical Guide to Implementing HIPAA Security Safeguards
From Policy to Practice: A Practical Guide to Implementing HIPAA Security Safeguards Abstract HIPAA requires a number of administrative, technical, and physical safeguards to protect patient information
More informationMulti-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access
Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies
More informationAvondale Police Department Identity Theft / Fraud / Forgery Victim's Packet
Avondale Police Department Identity Theft / Fraud / Forgery Victim's Packet Information and Instructions This packet should be completed once you have contacted the Avondale Police Department and obtained
More informationIT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)
Page 1 of 6 IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT) I. Understanding the need for privacy in the IT environment A. Evolving
More informationINFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL
INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL 1 INTRODUCTION The County of Imperial Information & Technical Services (ITS) Security Policy is the foundation of the County's electronic information
More informationAttribute-Based Access Control Solutions: Federating Authoritative User Data to Support Relying Party Authorization Decisions and Requirements
Joint White Paper: Attribute-Based Access Control Solutions: Federating Authoritative User Data to Support Relying Party Authorization Decisions and Requirements Submitted Date: April 10, 2013 Submitted
More informationEricsson Group Certificate Value Statement - 2013
COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...
More informationPRIVACY AND DATA SECURITY MODULE
"This project has been funded under the fourth AAL call, AAL-2011-4. This publication [communication] reflects the views only of the author, and the Commission cannot be held responsible for any use which
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationDATA AND PAYMENT SECURITY PART 1
STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of
More informationhttp://www.ftc.gov/bcp/edu/microsites/idtheft/index.html
Identity Theft: Steps to Take if You are a Victim We understand the stress, time and effort required as a result of having your identity stolen and used fraudulently. While there are many resources available
More informationEstate Agents Authority
INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in
More informationOffice 365 Data Processing Agreement with Model Clauses
Enrollment for Education Solutions Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Enrollment for Education Solutions number Microsoft to complete 7392924 GOLDS03081
More informationProtecting the Rights of Victims of Identity Theft
Protecting the Rights of Victims of Identity Theft II Congreso Internacional del Derecho de los Mercados Bogotá, Colombia Marzo 2015 The views expressed in this presentation are mine and are not necessarily
More informationGood Afternoon! Since Yesterday we have been talking about threats and how to deal with those threats in order to protect ourselves from individuals
Good Afternoon! Since Yesterday we have been talking about threats and how to deal with those threats in order to protect ourselves from individuals and protect people, information, buildings, countries
More informationAdvanced Authentication
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
More informationPRIVACY POLICY (Update 1) FOR ONLINE GIVING FOR THE UNITED METHODIST CHURCH
A. Overview PRIVACY POLICY (Update 1) FOR ONLINE GIVING FOR THE UNITED METHODIST CHURCH GENERAL COUNCIL ON FINANCE AND ADMINISTRATION OF THE UNITED METHODIST CHURCH, INC., an Illinois corporation 1 Music
More informationWhat is Identity Theft?
What is Identity Theft? Identity theft is a crime in which someone obtains key pieces of personal information, such as Social Security or driver's license numbers, in order to impersonate someone else.
More informationService management White paper. Manage access control effectively across the enterprise with IBM solutions.
Service management White paper Manage access control effectively across the enterprise with IBM solutions. July 2008 2 Contents 2 Overview 2 Understand today s requirements for developing effective access
More informationWE MAKE SECURITY WORK
WE MAKE SECURITY WORK Identity Management in action isecure Product family Introduction Infrasec Sweden AB was founded in 2002. Since our start, we have focused on in-house developed security products
More informationLIGC-ACC Presentation November 9, 2015
Bryan Frank, DDIS Info Sec Corp, panelist Jennifer M. Mone, Deputy General Counsel, Hofstra University, panelist Keith J. Frank, Partner, Forchelli, Curto, Deegan, Schwartz, Mineo & Terrana,. LLP, moderator
More informationThe 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance
Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand
More informationThe data which you put into our systems is yours, and we believe it should stay that way. We think that means three key things.
Privacy and Security FAQ Privacy 1. Who owns the data that organizations put into Google Apps? 2. When can Google employees access my account? 3. Who can gain access to my Google Apps administrative account?
More informationSecurity Breaches. There are unscrupulous individuals, like identity thieves, who want your information to commit fraud.
IDENTITY THEFT Security Breaches Our economy generates an enormous amount of data. Most users of that information are from honest businesses - getting and giving legitimate information. Despite the benefits
More informationInformation Security Program Management Standard
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
More informationGuadalupe Regional Medical Center
Guadalupe Regional Medical Center Health Insurance Portability & Accountability Act (HIPAA) By Debby Hernandez, Compliance/HIPAA Officer HIPAA Privacy & Security Training Module 1 This module will address
More informationDr. rer. nat. Hellmuth Broda
International Telecommunication Union Privacy, Security, and Trust with Federated Identity Management Dr. rer. nat. Hellmuth Broda Distinguished Director and CTO, Global Government Strategy, Sun Microsystems
More informationIDENTITY THEFT VICTIM S PACKET
DEPARTMENT OF PUBLIC SAFETY 1150 Canton Center S Canton, MI 48188-1699 John R. Santomauro, Director of Public Safety IDENTITY THEFT VICTIM S PACKET INFORMATION AND INSTRUCTIONS The purpose of this packet
More informationCredit Card Identity Theft Prevention Tips
Identity Theft A Growing Business You retrieve your mail and find yet another application for a pre-approved credit card application. You just throw it out without even opening it. You put your trash out
More informationHands on, field experiences with BYOD. BYOD Seminar
Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationConcept of Electronic Approvals
E-Lock Technologies Contact info@elock.com Table of Contents 1 INTRODUCTION 3 2 WHAT ARE ELECTRONIC APPROVALS? 3 3 HOW DO INDIVIDUALS IDENTIFY THEMSELVES IN THE ELECTRONIC WORLD? 3 4 WHAT IS THE TECHNOLOGY
More informationUnderstanding Digital Signature And Public Key Infrastructure
Understanding Digital Signature And Public Key Infrastructure Overview The use of networked personnel computers (PC s) in enterprise environments and on the Internet is rapidly approaching the point where
More informationCloud Computing Security Considerations
Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction
More informationI. System Activities that Impact End User Privacy
I. System Activities that Impact End User Privacy A. The Information Life Cycle a. Manual processes i. Interaction ii. Data entry b. Systems i. Operating and file ii. Database iii. Applications iv. Network
More informationROCKWALL POLICE DEPARTMENT CRIMINAL INVESTIGATIONS DIVISION 205 W. Rusk St. Rockwall, Texas 75087 (972) 771-7716
ROCKWALL POLICE DEPARTMENT CRIMINAL INVESTIGATIONS DIVISION 205 W. Rusk St. Rockwall, Texas 75087 (972) 771-7716 Identity Theft Information and Affidavit RPD Case # - The attached Identity Theft Affidavit
More informationInvestigation and Prosecution of Identity Theft
Investigation and Prosecution of Identity Theft In an effort to assist you in dealing with problems related to Identity Theft, the Menomonee Falls Police Department has prepared this packet of information
More informationPrivacy Policy. February, 2015 Page: 1
February, 2015 Page: 1 Revision History Revision # Date Author Sections Altered Approval/Date Rev 1.0 02/15/15 Ben Price New Document Rev 1.1 07/24/15 Ben Price Verify Privacy Grid Requirements are met
More informationSecurity Digital Certificate Manager
IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,
More informationApplication of Biometric Technology Solutions to Enhance Security
Application of Biometric Technology Solutions to Enhance Security Purpose: The purpose of this white paper is to summarize the various applications of fingerprint biometric technology to provide a higher
More informationDeterring Identity Theft. The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year.
Deterring Identity Theft The evolving threats of Identity Theft The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year. Identity theft complaints
More informationWhite Paper. Data Breach Mitigation in the Healthcare Industry
White Paper Data Breach Mitigation in the Healthcare Industry Thursday, October 08, 2015 Table of contents 1 Executive Summary 3 2 Personally Identifiable Information & Protected Health Information 4 2.1
More informationIdentity Theft Victim s Packet
Identity Theft Victim s Packet Information and Instructions This packet is to be completed once you have contacted the Lafayette County Sheriff s Department and obtained a report number related to your
More information