COB 302 Management Information System (Lesson 8)

Size: px
Start display at page:

Download "COB 302 Management Information System (Lesson 8)"

Transcription

1 COB 302 Management Information System (Lesson 8) Dr. Stanley Wong Macau University of Science and Technology Chapter 13 Security and Ethical Challenges 安 全 與 倫 理 挑 戰 Remarks: Some of the contents in this series of files are taken from the course book (Management Information Systems by O Brien and Marakas) and other materials published by McGraw-Hill. 1-2

2 Learning Objectives Identify several ethical issues on how the use of information technologies in business affects Employment Individuality Working conditions Privacy Crime Health Solutions to societal problems 13-3 Learning Objectives Identify several types of security management strategies and defenses, and explain how they can be used to ensure the security of business applications of information technology Propose several ways that business managers and professionals can help to lessen the harmful effects and increase the beneficial effects associated with the use of information technology 13-4

3 IT Security, Ethics, and Society 13-5 IT Security, Ethics, and Society Information technology has both beneficial ( 有 益 ) and detrimental ( 有 害 ) effects on society and people Manage work activities to minimize the detrimental effects ( 盡 量 減 少 不 利 的 影 響 ) of information technology Optimize the beneficial effects ( 優 化 正 面 影 響 ) 13-6

4 Business Ethics Managers in making decisions day-to-day may need to address the following ethics questions Equity ( 公 平 ) Rights ( 權 利 ) Honesty ( 誠 實 ) Exercise of corporate power ( 行 使 公 司 權 力 ) 13-7 Categories of Ethical Business Issues 知 識 產 權 私 隱 權 公 司 信 息 安 全 工 作 場 所 安 全 13-8

5 AITP Standards of Professional Conduct 13-9 Responsible Professional Guidelines A responsible professional Acts with integrity ( 誠 信 ) Increases personal competence ( 個 人 能 力 ) Sets high standards of personal performance Accepts responsibility ( 承 擔 責 任 ) for his/her work Advances ( 提 升 ) the health, privacy, and general welfare of the public 13-10

6 Computer Crime Computer crime includes Unauthorized use, access, modification, or destruction of hardware, software, data, or network resources The unauthorized release of information The unauthorized copying of software Denying ( 拒 絕 ) an end user access to his/her own hardware, software, data, or network resources Using or conspiring ( 串 謀 ) to use computer or network resources illegally to obtain information or tangible property Hacking Hacking is The obsessive use ( 濫 用 ) of computers The unauthorized access and use of networked computer systems Electronic Breaking and Entering Hacking into a computer system and reading files, but neither stealing nor damaging anything Cracker A malicious ( 惡 意 ) or criminal ( 犯 罪 ) hacker ( 黑 客 ) who maintains knowledge of the vulnerabilities ( 漏 洞 ) found for private advantage ( 私 利 ) 13-12

7 Common Hacking Tactics Denial of Service (DoS, 拒 絕 服 務 ) Hammering ( 攻 擊 ) a website s equipment with too many requests for information ( 資 訊 請 求 ) Clogging ( 堵 塞 ) the system, slowing performance, or crashing the site Scans Widespread probes ( 試 探 ) of the Internet to determine types of computers, services, and connections Looking for weaknesses Common Hacking Tactics Sniffer ( 嗅 探 ) Programs that search individual packets of data as they pass through the Internet Capturing passwords or entire contents Spoofing ( 偽 冒 ) Faking an address or Web page to trick users into passing along critical information like passwords or credit card numbers 13-14

8 Common Hacking Tactics Trojan Horse ( 特 洛 伊 木 馬 ) A program that, unknown to the user, contains instructions that exploit a known vulnerability in some software Back Doors A hidden point of entry to be used in case the original entry point is detected or blocked Malicious Applets ( 惡 意 小 程 序 ) Tiny Java programs that misuse your computer s resources, modify files on the hard disk, send fake , or steal passwords Common Hacking Tactics War Dialing 撥 號 偵 測 閒 置 的 數 據 機 Programs that automatically dial thousands of telephone numbers in search of a way in through a modem connection Logic Bombs ( 邏 輯 炸 彈 ) An instruction in a computer program that triggers a malicious act Buffer Overflow ( 緩 存 溢 出 ) Crashing or gaining control of a computer by sending too much data to buffer memory 13-16

9 Common Hacking Tactics Password Crackers Software that can guess passwords Social Engineering ( 社 交 工 程 ) Gaining access to computer systems by talking unsuspecting company employees out of valuable information, such as passwords Dumpster Diving ( 垃 圾 桶 尋 寶 ) 直 接 向 對 方 套 話 Sifting through a company s garbage to find information to help break into their computers Cyber Theft Many computer crimes involve the theft of money The majority are inside jobs that involve unauthorized network entry and alternation of computer databases to cover the tracks of the employees involved Many attacks occur through the Internet Most companies don t reveal ( 不 會 透 露 ) that they have been targets or victims ( 受 害 者 ) of cybercrime ( 網 絡 犯 罪 ) 13-18

10 Unauthorized Use at Work Unauthorized use of computer systems and networks is time and resource theft ( 盜 用 時 間 和 資 源 ) Doing private consulting Doing personal finances Playing video games Unauthorized use of the Internet or company networks Sniffers Used to monitor network traffic or capacity Find evidence of improper use Internet Abuses ( 濫 用 ) in the Workplace General abuses Unauthorized usage and access Copyright infringement/plagiarism Newsgroup postings Transmission of confidential data Pornography Hacking Non-work-related download/upload Leisure use of the Internet Use of external ISPs Moonlighting 13-20

11 Software Piracy Software Piracy Unauthorized copying of computer programs Licensing Purchasing software is really a payment for a license for fair use ( 合 理 使 用 / 公 平 使 用 ) Site license allows a certain number of copies A third of the software industry s revenues are lost to piracy 反 思 : 什 麼 是 公 平? Theft of Intellectual Property Intellectual Property Copyrighted material Includes such things as music, videos, images, articles, books, and software Copyright Infringement is Illegal Peer-to-peer networking techniques have made it easy to trade pirated intellectual property Publishers Offer Inexpensive Online Music Illegal downloading of music and video is down and continues to drop 不 公 平 的 價 格 可 能 是 知 識 產 權 盜 竊 的 主 要 原 因 13-22

12 蠕 蟲 是 可 以 自 動 自 我 複 製 的 病 Viruses ( 病 毒 ) and Worms ( 蠕 蟲 ) A virus is a program that cannot work without being inserted into another program A worm can run unaided ( These programs copy annoying or destructive routines into networked computers Copy routines spread the virus Commonly transmitted through The Internet and online services and file attachments Disks from contaminated computers Shareware 毒 ) The Cost of Viruses, Trojans, Worms Cost of the top five virus families Nearly 115 million computers in 200 countries were infected in 2004 Up to 11 million computers are believed to be permanently infected In 2004, total economic damage from virus proliferation was $166 to $202 billion Average damage per computer is between $277 and $

13 Adware and Spyware Adware ( 廣 告 軟 件 ) Software that purports ( 看 來 ) to serve a useful purpose, and often does Allows advertisers to display pop-up and banner ads without the consent of the computer users Spyware ( 間 諜 軟 件 ) Adware that uses an Internet connection in the background, without the user s permission or knowledge Captures information about the user and sends it over the Internet Spyware Problems Spyware can steal private information and also Add advertising links to Web pages Redirect affiliate payments Change a users home page and search settings Make a modem randomly call premium-rate phone numbers Leave security holes ( 安 全 漏 洞 ) Degrade system performance Removal programs are often not completely successful in eliminating spyware 13-26

14 Privacy Issues The power of information technology to store and retrieve information can have a negative effect on every individual s right to privacy Personal information is collected with every visit to a Web site Confidential information stored by credit bureaus, credit card companies, and the government has been stolen or misused Security Management of IT The Internet was developed for inter-operability ( 互 通 性 ), not impenetrability ( 互 斥 ) Business managers and professionals alike are responsible for the security, quality, and performance of business information systems Hardware, software, networks, and data resources must be protected by a variety of security measures 13-28

15 Security Management The goal of security management is the accuracy ( 準 確 性 ), integrity ( 完 整 性 ), and safety of all information system processes ( 系 統 進 程 ) and resources ( 資 源 ) Internetworked Security Defenses Encryption Data is transmitted in scrambled form It is unscrambled by computer systems for authorized users only The most widely used method uses a pair of public and private keys unique to each individual 13-30

16 Public/Private Key Encryption Internetworked Security Defenses Firewalls A gatekeeper system that protects a company s intranets and other computer networks from intrusion Provides a filter and safe transfer point for access to/from the Internet and other networks Important for individuals who connect to the Internet with DSL or cable modems Can deter hacking, but cannot prevent it 13-32

17 Internet and Intranet Firewalls Denial of Service Attacks Denial of service attacks depends on three layers of networked computer systems The victim s website The victim s Internet service provider Zombie or slave computers that have been commandeered by the cybercriminals 13-34

18 Defending Against Denial of Service At Zombie ( 殭 屍 ) Machines Set and enforce security policies ( 制 定 和 執 行 安 全 政 策 ) Scan for vulnerabilities ( 漏 洞 掃 描 ) At the ISP Monitor and block traffic spikes ( 尖 峰 ) At the Victim s Website Create backup servers and network connections Internetworked Security Defenses Monitoring ( 郵 件 監 控 ) Use of content monitoring software that scans for troublesome words that might compromise corporate security Virus Defenses ( 病 毒 防 禦 ) Centralize the updating and distribution of antivirus software Use a security suite that integrates virus protection with firewalls, Web security, and content blocking features 13-36

19 Other Security Measures Security Codes ( 安 全 碼 ) Multilevel password system Encrypted passwords ( 加 密 密 碼 ) Smart cards ( 智 能 卡 ) with microprocessors Backup Files ( 文 件 備 份 ) Duplicate files of data or programs Security Monitors ( 安 全 監 控 ) Monitor the use of computers and networks Protects them from unauthorized use, fraud ( 詐 騙 ), and destruction ( 破 壞 ) Other Security Measures 視 網 膜 掃 Biometrics ( 生 物 識 別 技 術 ) Voice recognition, fingerprints, retina scan ( Computer devices measure physical traits that make each individual unique ( 個 人 獨 特 的 ) Computer Failure Controls ( 電 腦 故 障 控 制 ) Prevents computer failures or minimizes its effects Preventive maintenance Arrange backups with a disaster recovery organization 描 ) 13-38

20 Other Security Measures In the event of a system failure, fault-tolerant systems have redundant ( 冗 餘 ) processors, peripherals, and software that provide Fail-over capability ( 容 錯 移 轉 能 力 ) : shifts to back up components Fail-save capability ( 故 障 保 护 能 力 ) : the system continues to operate at the same level Fail-soft capability ( 故 障 弱 化 能 力 ) : the system continues to operate at a reduced but acceptable level Other Security Measures A disaster recovery plan ( 災 難 恢 復 計 劃 ) contains formalized procedures to follow in the event of a disaster Which employees will participate What their duties will be What hardware, software, and facilities will be used Priority of applications that will be processed Use of alternative facilities Offsite storage of databases 13-40

21 Information System Controls Methods and devices that attempt to ensure the accuracy ( 準 確 性 ), validity ( 有 效 性 ), and propriety ( 合 乎 規 範 ) of information system activities Auditing IT Security IT Security Audits Performed by internal or external auditors Review and evaluation of security measures and management policies Goal is to ensure that proper and adequate measures and policies are in place 13-42

22 Protecting Yourself from Cybercrime 13-43

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers 2012. Your Interactive Guide to the Digital World

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers 2012. Your Interactive Guide to the Digital World Chapter 11 Manage Computing Securely, Safely and Ethically Discovering Computers 2012 Your Interactive Guide to the Digital World Objectives Overview Define the term, computer security risks, and briefly

More information

Managing Information Systems Seventh Canadian Edition. Laudon, Laudon and Brabston. CHAPTER 8 Securing Information Systems

Managing Information Systems Seventh Canadian Edition. Laudon, Laudon and Brabston. CHAPTER 8 Securing Information Systems Managing Information Systems Seventh Canadian Edition Laudon, Laudon and Brabston CHAPTER 8 Securing Information Systems Copyright 2015 Pearson Canada Inc. 8-1 System Vulnerability and Abuse Security:

More information

CHAPTER 10: COMPUTER SECURITY AND RISKS

CHAPTER 10: COMPUTER SECURITY AND RISKS CHAPTER 10: COMPUTER SECURITY AND RISKS Multiple Choice: 1. In a survey of more than 500 companies and government agencies, percent detected computer security breaches. A. 20 B. 75 C. 85 D. 99 Answer:

More information

Chapter 12 Objectives. Chapter 12 Computers and Society: Security and Privacy

Chapter 12 Objectives. Chapter 12 Computers and Society: Security and Privacy Chapter 12 Objectives Chapter 12 Computers and Society: and Privacy p. 12.2 Identify the various types of security risks that can threaten computers Recognize how a computer virus works and take the necessary

More information

Computer Crime & Abuse: What s the Difference? Computer Crime. Federal Legislation Affecting the Use of Computers. Legislation

Computer Crime & Abuse: What s the Difference? Computer Crime. Federal Legislation Affecting the Use of Computers. Legislation Core Concepts of ACCOUNTING INFORMATION SYSTEMS Moscove, Simkin & Bagranoff Chapter 3 Computer Crime, Ethics, and Privacy Developed by: S. Bhattacharya, Ph.D. Florida Atlantic University Introduction Computer

More information

Securing Information Systems

Securing Information Systems Securing Information Systems Reading: Laudon & Laudon chapter 7 Additional Reading: Brien & Marakas chapter 11 COMP 5131 1 Outline System Vulnerability and Abuse Business Value of Security and Control

More information

Chapter 7 Information System Security and Control

Chapter 7 Information System Security and Control Chapter 7 Information System Security and Control Essay Questions: 1. Hackers and their companion viruses are an increasing problem, especially on the Internet. What can a digital company do to protect

More information

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT Appendix A to 11-02-P1-NJOIT NJ OFFICE OF INFORMATION TECHNOLOGY P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT The Intent

More information

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details: Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for

More information

E-Commerce Security and Fraud Protection CHAPTER 9

E-Commerce Security and Fraud Protection CHAPTER 9 E-Commerce Security and Fraud Protection CHAPTER 9 LEARNING OBJECTIVES 1. Understand the importance and scope of security of information systems for EC. 2. Describe the major concepts and terminology of

More information

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1 Threats and Attacks Modifications by Prof. Dong Xuan and Adam C. Champion Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to:

More information

Information Security By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore E-mail:bhu261@gmail.com Outline of Information Security Introduction Impact of information Need

More information

COMPUTER-INTERNET SECURITY. How am I vulnerable?

COMPUTER-INTERNET SECURITY. How am I vulnerable? COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus Worm Trojan Spyware Adware Messenger Service 2 VIRUS A computer virus is a small program written to alter the way a computer

More information

9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500

9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500 INFO 1500 9. Information Assurance and Security, Protecting Information Resources 11. ecommerce and ebusiness Janeela Maraj Tutorial 9 21/11/2014 9. Information Assurance and Security, Protecting Information

More information

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee Software Policy Approved by School Committee General Statement of Policy The Medford Public Schools licenses the use of computer software from a variety of third parties. Such software is normally copyrighted

More information

Part I: Ethics. Moral guidelines that govern use of computers and information systems. Unauthorized use of computer systems

Part I: Ethics. Moral guidelines that govern use of computers and information systems. Unauthorized use of computer systems What are Computer Ethics? Computing Issues Moral guidelines that govern use of computers and information systems Part I: Ethics Unauthorized use of computer systems Information privacy Intellectual property

More information

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,

More information

CSCA0101 Computing Basics CSCA0101 COMPUTING BASICS. Chapter 8 Malware

CSCA0101 Computing Basics CSCA0101 COMPUTING BASICS. Chapter 8 Malware CSCA0101 COMPUTING BASICS Chapter 8 1 1. 2. Usage of 3. Types of 4. How Spreads? 5. How Can You Protect Computer? 6. Symptoms 7. Anti- Program 2 Short for malicious software. A is software used or created

More information

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc. Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References

More information

Network Incident Report

Network Incident Report To submit copies of this form via facsimile, please FAX to 202-406-9233. Network Incident Report United States Secret Service Financial Crimes Division Electronic Crimes Branch Telephone: 202-406-5850

More information

The Information Security Problem

The Information Security Problem Chapter 10 Objectives Describe the major concepts and terminology of EC security. Understand phishing and its relationship to financial crimes. Describe the information assurance security principles. Identify

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks Security+ Guide to Network Security Fundamentals, Third Edition Chapter 2 Systems Threats and Risks Objectives Describe the different types of software-based attacks List types of hardware attacks Define

More information

Computers and Society: Security and Privacy

Computers and Society: Security and Privacy 1 Chapter 12 Computers and Society: Security and Privacy 2 Chapter 12 Objectives 3 Computer Security: Risks and Safeguards What is a computer security risk? 4 Computer Security: Risks and Safeguards 1

More information

Don t Fall Victim to Cybercrime:

Don t Fall Victim to Cybercrime: Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security

More information

Malware & Botnets. Botnets

Malware & Botnets. Botnets - 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

More information

WEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project

WEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project WEB SECURITY Oriana Kondakciu 0054118 Software Engineering 4C03 Project The Internet is a collection of networks, in which the web servers construct autonomous systems. The data routing infrastructure

More information

INFORMATION SECURITY INCIDENT MANAGEMENT PROCESS

INFORMATION SECURITY INCIDENT MANAGEMENT PROCESS INFORMATION SECURITY INCIDENT MANAGEMENT PROCESS Effective Date June 9, 2014 INFORMATION SECURITY INCIDENT MANAGEMENT PROCESS OF THE HELLER SCHOOL FOR SOCIAL POLICY AND MANAGEMENT Table of Contents 1.

More information

Cyber Security Awareness

Cyber Security Awareness Cyber Security Awareness User IDs and Passwords Home Computer Protection Protecting your Information Firewalls Malicious Code Protection Mobile Computing Security Wireless Security Patching Possible Symptoms

More information

This Time. Safety & Security in ICT Systems INFO 2. Threats to ICT systems. Hacking

This Time. Safety & Security in ICT Systems INFO 2. Threats to ICT systems. Hacking This Time Safety & Security in ICT Systems INFO 2 Oliver Boorman-Humphrey www.oliverboorman.biz This time we look at the need to protect data in ICT systems and the subsequent threats if these measures

More information

Odessa College Use of Computer Resources Policy Policy Date: November 2010

Odessa College Use of Computer Resources Policy Policy Date: November 2010 Odessa College Use of Computer Resources Policy Policy Date: November 2010 1.0 Overview Odessa College acquires, develops, and utilizes computer resources as an important part of its physical and educational

More information

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Chapter 10. Privacy and Security. McGraw-Hill/Irwin. Copyright 2008 by The McGraw-Hill Companies, Inc. All rights reserved.

Chapter 10. Privacy and Security. McGraw-Hill/Irwin. Copyright 2008 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 10 Privacy and Security McGraw-Hill/Irwin Copyright 2008 by The McGraw-Hill Companies, Inc. All rights reserved. Competencies (Page 1 of 2) Page 282 Discuss the privacy issues related to the presence

More information

MEMORANDUM INFORMATION TECHNOLOGY SERVICES DEPARTMENT

MEMORANDUM INFORMATION TECHNOLOGY SERVICES DEPARTMENT MEMORANDUM INFORMATION TECHNOLOGY SERVICES DEPARTMENT TO: John Phillips, City Manager Number: 04-020 SUBJECT: Computer Network, Internet and E-Mail Access Policy Date: 9/903 Attached is copy of the Information

More information

Cracking and Computer Security

Cracking and Computer Security Cracking and Computer Security Ethics and Computing Chapter 4 Summer 2001 CSE 4317: Computer Security 1 Motivation Computer security is crucial for trust Cracking activity is harmful, costly and unethical

More information

Secure It or Lose It. A comprehensive security policy for your laboratory can reduce vulnerability to attacks

Secure It or Lose It. A comprehensive security policy for your laboratory can reduce vulnerability to attacks A comprehensive security policy for your laboratory can reduce vulnerability to attacks Published in Scientific Computing - May, 2005 Michael H Elliott In February of this year, ChoicePoint, a service

More information

Computer Security and Privacy

Computer Security and Privacy Computer Security and Privacy 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Guidelines for Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures

More information

Chapter 11 Computers and Society, Security, Privacy, and Ethics

Chapter 11 Computers and Society, Security, Privacy, and Ethics Objectives Computers and Society, Security, Privacy, and Ethics Describe the the types of of computer security risks Identify ways to to safeguard against computer viruses, worms, and and Trojan horses

More information

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Lee Zelyck Network Administrator Regina Public Library Malware, Spyware, Trojans

More information

E-Business, E-Commerce

E-Business, E-Commerce E-Business, E-Commerce Lecture Outline 11 Instructor: Kevin Robertson Introduction to Information Systems Explain the differences between extranets and intranets as well as show how organizations utilize

More information

Computer Security Related Terms and Definitions By Bob (Daddybob) Kober 26 Oct 2005

Computer Security Related Terms and Definitions By Bob (Daddybob) Kober 26 Oct 2005 TABLE OF CONTENTS Adware... 2 Ad Server... 2 Backbone... 2 Backdoor... 2 Browser Hijacker... 2 Cookie... 2 Denial Of Service (Dos)... 3 Dialer... 3 Dumpster Diving... 3 E-Mail Harvester... 3 Encryption...

More information

Deter, Detect, Defend

Deter, Detect, Defend Deter, Detect, Defend Deter Never provide personal information, including social security number, account numbers or passwords over the phone or Internet if you did not initiate the contact Never click

More information

Penetration Testing Service. By Comsec Information Security Consulting

Penetration Testing Service. By Comsec Information Security Consulting Penetration Testing Service By Consulting February, 2007 Background The number of hacking and intrusion incidents is increasing year by year as technology rolls out. Equally, there is no hiding place your

More information

Remote Deposit Quick Start Guide

Remote Deposit Quick Start Guide Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide What s Inside We re committed to the safety of your company s financial information. We want to make you

More information

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003 Lectures 9 Advanced Operating Systems Fundamental Security Computer Systems Administration TE2003 Lecture overview At the end of lecture 9 students can identify, describe and discuss: Main factors while

More information

APPROVED BY: Signatures on File Chief Information Officer APPROVED BY: Chief Financial Officer PURPOSE

APPROVED BY: Signatures on File Chief Information Officer APPROVED BY: Chief Financial Officer PURPOSE TITLE: COMPUTER USE POLICY PAGE 1 OF 5 EFFECTIVE DATE: 07/2001 REVIEW DATES: 02/2003, 09/2006 REVISION DATES: 03/2005, 03/2008 DISTRIBUTION: All Departments PURPOSE APPROVED BY: Signatures on File Chief

More information

region16.net Acceptable Use Policy ( AUP )

region16.net Acceptable Use Policy ( AUP ) region16.net Acceptable Use Policy ( AUP ) Introduction By using service(s) provided by region16.net (including, but not necessarily limited to, Internet Services and videoconferencing), you agree to comply

More information

Cyber Security: Beginners Guide to Firewalls

Cyber Security: Beginners Guide to Firewalls Cyber Security: Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers This appendix is a supplement to the Cyber Security: Getting Started

More information

Hackers: Detection and Prevention

Hackers: Detection and Prevention Computer Networks & Computer Security SE 4C03 Project Report Hackers: Detection and Prevention Due Date: March 29 th, 2005 Modified: March 28 th, 2005 Student Name: Arnold Sebastian Professor: Dr. Kartik

More information

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security

More information

Computer Security and Safety, Ethics, and Privacy

Computer Security and Safety, Ethics, and Privacy Computer Security and Safety, Ethics, and Privacy Computer Security Risks Today, people rely on computers to create, store, and manage critical information. It is crucial to take measures to protect their

More information

Service Monitoring Discrimination. Prohibited Uses and Activities Spamming Intellectual Property Violations 5

Service Monitoring Discrimination. Prohibited Uses and Activities Spamming Intellectual Property Violations 5 WIN reserves the right to prioritize traffic based on real time and non-real time applications during heavy congestion periods, based on generally accepted technical measures. WIN sets speed thresholds

More information

Network Security and the Small Business

Network Security and the Small Business Network Security and the Small Business Why network security is important for a small business Many small businesses think that they are less likely targets for security attacks as compared to large enterprises,

More information

Data Security Incident Response Plan. [Insert Organization Name]

Data Security Incident Response Plan. [Insert Organization Name] Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security

More information

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for

More information

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced

More information

SAFE ONLINE BANKING. Online Banking, Data Security You. Your Partnership for Safe Online Banking

SAFE ONLINE BANKING. Online Banking, Data Security You. Your Partnership for Safe Online Banking SAFE ONLINE BANKING Online Banking, Data Security You & Your Partnership for Safe Online Banking Partnering for Online Security O Online banking has grown rapidly from a niche service to a major new way

More information

ORANGE REGIONAL MEDICAL CENTER Hospital Wide Policy/Procedure

ORANGE REGIONAL MEDICAL CENTER Hospital Wide Policy/Procedure ORANGE REGIONAL MEDICAL CENTER Hospital Wide Policy/Procedure MANUAL: Hospital Wide SECTION: Information Technology SUBJECT: Acceptable Use of Information Systems Policy IMPLEMENTATION: 01/2011 CONCURRENCE:

More information

HE WAR AGAINST BEING AN INTERMEDIARY FOR ANOTHER ATTACK

HE WAR AGAINST BEING AN INTERMEDIARY FOR ANOTHER ATTACK HE WAR AGAINST BEING AN INTERMEDIARY FOR ANOTHER ATTACK Prepared By: Raghda Zahran, Msc. NYIT-Jordan campus. Supervised By: Dr. Lo ai Tawalbeh. November 2006 Page 1 of 8 THE WAR AGAINST BEING AN INTERMEDIARY

More information

E-BUSINESS THREATS AND SOLUTIONS

E-BUSINESS THREATS AND SOLUTIONS E-BUSINESS THREATS AND SOLUTIONS E-BUSINESS THREATS AND SOLUTIONS E-business has forever revolutionized the way business is done. Retail has now a long way from the days of physical transactions that were

More information

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions SURVEY REPORT: cyber security Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions Confidence in a connected world. Executive summary An online survey revealed that while U.S.

More information

United Tribes Technical College Acceptable Use Policies for United Tribes Computer System

United Tribes Technical College Acceptable Use Policies for United Tribes Computer System United Tribes Technical College Acceptable Use Policies for United Tribes Computer System 1.0 Policy The purpose of this policy is to outline the acceptable use of computer equipment at United Tribes Technical

More information

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy 1.0 BACKGROUND AND PURPOSE Information Technology ( IT ) includes a vast and growing array of computing, electronic and voice communications facilities and services. At the Colorado School of Mines ( Mines

More information

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12 Trends in Malware DRAFT OUTLINE Presentation Synopsis Security is often a game of cat and mouse as security professionals and attackers each vie to stay one step ahead of the other. In this race for dominance,

More information

Computer Viruses: How to Avoid Infection

Computer Viruses: How to Avoid Infection Viruses From viruses to worms to Trojan Horses, the catchall term virus describes a threat that's been around almost as long as computers. These rogue programs exist for the simple reason to cause you

More information

BOARD OF EDUCATION POLICY

BOARD OF EDUCATION POLICY BOARD OF EDUCATION POLICY IFBGE Internet Safety 7/1/13 It is the policy of the Cobb County School District (District) to: (a) prevent user access over its computer network to, or transmission of inappropriate

More information

STAR TELEPHONE MEMBERSHIP CORPORATION ACCEPTABLE USE POLICY FOR BROADBAND INTERNET SERVICES

STAR TELEPHONE MEMBERSHIP CORPORATION ACCEPTABLE USE POLICY FOR BROADBAND INTERNET SERVICES STAR TELEPHONE MEMBERSHIP CORPORATION ACCEPTABLE USE POLICY FOR BROADBAND INTERNET SERVICES Star has adopted this Acceptable Use Policy ( AUP ) to outline the acceptable use of Star s Broadband Internet

More information

Acceptable Use Policy

Acceptable Use Policy Acceptable Use Policy As a provider of Internet access, Internet email, web site hosting, and other Internet related services, Pottawatomie Telephone Company and MBO.net herein after referred to as "the

More information

BUCKEYE EXPRESS HIGH SPEED INTERNET SERVICE ACCEPTABLE USE POLICY

BUCKEYE EXPRESS HIGH SPEED INTERNET SERVICE ACCEPTABLE USE POLICY BUCKEYE EXPRESS HIGH SPEED INTERNET SERVICE ACCEPTABLE USE POLICY The Acceptable Use Policy ("the Policy") governs use of the Buckeye Express High Speed Internet Service ("the Service"). All subscribers

More information

REGION 19 HEAD START. Acceptable Use Policy

REGION 19 HEAD START. Acceptable Use Policy REGION 19 HEAD START Acceptable Use Policy 1.0 Overview Research, Evaluation, Assessment and Information Systems (R.E.A.I.S.) intentions for publishing an Acceptable Use Policy are not to impose restrictions

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Acceptable Usage Policy

Acceptable Usage Policy Version 2.1 20141230 Acceptable Usage Policy Acceptable Usage Policy Contents 1. PURPOSE OF THIS POLICY... 2 2. GENERAL... 2 3. APPLICATION... 2 4. UNREASONABLE USE... 2 5. UNACCEPTABLE USE... 3 6. SPAM...

More information

How-To Guide: Cyber Security. Content Provided by

How-To Guide: Cyber Security. Content Provided by How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses

More information

Section 12 MUST BE COMPLETED BY: 4/22

Section 12 MUST BE COMPLETED BY: 4/22 Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege

More information

Cybercrime in Canadian Criminal Law

Cybercrime in Canadian Criminal Law Cybercrime in Canadian Criminal Law Sara M. Smyth, LL.M., Ph. D. Member of the Law Society of British Columbia CARSWELL Table of Contents Preface Table of Cases v xvii PART ONE Introduction to Cybercrime

More information

Security Basics: A Whitepaper

Security Basics: A Whitepaper Security Basics: A Whitepaper Todd Feinman, David Goldman, Ricky Wong and Neil Cooper PricewaterhouseCoopers LLP Resource Protection Services Introduction This paper will provide the reader with an overview

More information

Outpost For Home Users

Outpost For Home Users Outpost For Home Users. Scope of This Document In this white paper we analyze potential risks and threats to home computers, as well as discuss some solutions for these computers secure. Scope of This

More information

Identity Theft Protection

Identity Theft Protection Identity Theft Protection Email Home EDUCATION on DANGER ZONES Internet Payments Telephone ID theft occurs when someone uses your personal information with out your knowledge to commit fraud. Some terms

More information

Responsible Access and Use of Information Technology Resources and Services Policy

Responsible Access and Use of Information Technology Resources and Services Policy Responsible Access and Use of Information Technology Resources and Services Policy Functional Area: Information Technology Services (IT Services) Applies To: All users and service providers of Armstrong

More information

Content Teaching Academy at James Madison University

Content Teaching Academy at James Madison University Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

More information

Alexander Nikov. 9. Information Assurance and Security, Protecting Information Resources. Learning Objectives. You re on Facebook? Watch Out!

Alexander Nikov. 9. Information Assurance and Security, Protecting Information Resources. Learning Objectives. You re on Facebook? Watch Out! INFO 1500 Information Technology Fundamentals Learning Objectives 9. Information Assurance and Security, Protecting Information Resources Alexander Nikov Explain why information systems are vulnerable

More information

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html

More information

Managing Information Resources and IT Security

Managing Information Resources and IT Security Managing Information Resources and IT Security Management Information Code: 164292-02 Course: Management Information Period: Autumn 2013 Professor: Sync Sangwon Lee, Ph. D D. of Information & Electronic

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

Computer Networks & Computer Security

Computer Networks & Computer Security Computer Networks & Computer Security Software Engineering 4C03 Project Report Hackers: Detection and Prevention Prof.: Dr. Kartik Krishnan Due Date: March 29 th, 2004 Modified: April 7 th, 2004 Std Name:

More information

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household This appendix is a supplement to the Cyber Security: Getting Started Guide, a non-technical reference essential for business managers, office managers, and operations managers. This appendix is one of

More information

How are we keeping Hackers away from our UCD networks and computer systems?

How are we keeping Hackers away from our UCD networks and computer systems? How are we keeping Hackers away from our UCD networks and computer systems? Cybercrime Sony's Hacking Scandal Could Cost The Company $100 Million - http://www.businessinsider.com/sonys-hacking-scandal-could-cost-the-company-100-million-2014-12

More information

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc. Copyright 2007 Pearson Education, Inc. Slide 5-1 E-commerce business. technology. society. Second Edition Kenneth C. Laudon Carol Guercio Traver Copyright 2007 Pearson Education, Inc. Slide 5-2 Chapter

More information

Network and Workstation Acceptable Use Policy

Network and Workstation Acceptable Use Policy CONTENT: Introduction Purpose Policy / Procedure References INTRODUCTION Information Technology services including, staff, workstations, peripherals and network infrastructures are an integral part of

More information

Information Assurance for Defense Security

Information Assurance for Defense Security Information Assurance for Defense Security Prof. Paul A. Strassmann George Mason University, March 27, 2007 1 Elements of Information Transformation in DoD Net-Centric Operations Net-Centric Data Strategy

More information

Cyber Security Awareness

Cyber Security Awareness Cyber Security Awareness William F. Pelgrin Chair Page 1 Introduction Information is a critical asset. Therefore, it must be protected from unauthorized modification, destruction and disclosure. This brochure

More information

Updated January 2016. Hosting and Managed Services Acceptable Use Policy

Updated January 2016. Hosting and Managed Services Acceptable Use Policy Updated January 2016 Hosting and Managed Services Acceptable Use Policy Key Comment This policy provides Cologix customers ordering hosting and managed services from Cologix with standards and rules regarding

More information

Software Engineering 4C03 Class Project. Computer Networks and Computer Security COMBATING HACKERS

Software Engineering 4C03 Class Project. Computer Networks and Computer Security COMBATING HACKERS Software Engineering 4C03 Class Project Computer Networks and Computer Security COMBATING HACKERS Done By: Ratinder Ricky Gill Student Number: 0048973 E-Mail: gillrr@mcmaster.ca Due: Tuesday April 5, 2005

More information

BE SAFE ONLINE: Lesson Plan

BE SAFE ONLINE: Lesson Plan BE SAFE ONLINE: Lesson Plan Overview Danger lurks online. Web access, social media, computers, tablets and smart phones expose users to the possibility of fraud and identity theft. Learn the steps to take

More information

NETWORK SECURITY ASPECTS & VULNERABILITIES

NETWORK SECURITY ASPECTS & VULNERABILITIES NETWORK SECURITY ASPECTS & VULNERABILITIES Luis Sousa Cardoso FIINA President Brdo pri Kranju, 19. in 20. maj 2003 1 Background Importance of Network Explosive growth of computers and network - To protect

More information

EMPLOYEE ACCESS RELEASE AND AUTHORIZATION FORM MCS warehouse form No. 14197

EMPLOYEE ACCESS RELEASE AND AUTHORIZATION FORM MCS warehouse form No. 14197 (Return this page to the Executive Staff member or Principal) MEMPHIS CITY SCHOOLS EMPLOYEE ACCESS RELEASE AND AUTHORIZATION FORM MCS warehouse form No. 14197 As a condition of using the MCS network, I

More information

white paper Malware Security and the Bottom Line

white paper Malware Security and the Bottom Line Malware Security Report: Protecting Your BusineSS, Customers, and the Bottom Line Contents 1 Malware is crawling onto web sites everywhere 1 What is Malware? 2 The anatomy of Malware attacks 3 The Malware

More information

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide Cyber Security Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers Multi-State Information Sharing and Analysis Center (MS-ISAC) U.S.

More information

Helping Your Computer Survive the Zombie Apocalypse. Presentation to UCHUG - 11/06/13 G. Skalka

Helping Your Computer Survive the Zombie Apocalypse. Presentation to UCHUG - 11/06/13 G. Skalka Helping Your Computer Survive the Zombie Apocalypse Presentation to UCHUG - 11/06/13 G. Skalka What Happens When the Zombie Apocalypse Comes? Evil forces are out to get you You don t know who can be trusted

More information