BCIS 1305 Business Computer Applications

BCIS 1305 Business Computer Applications
Allan Kochis,Adjunct Professor - CIT

Security

Acxiom Case (p. 273)
They Know about 96 Percent of American Households This case centers on the Acxiom Corporation,> in Little Rock, Arkansas, a company that specialized in collecting, maintaining, and selling information on consumers to other businesses, mainly for marketing purposes. The company has 20 billion records on 110 million people or 96% of U.S. households.
ETHICS (p. 275)
1. Ethical spectrum
  
  Situation
  Ethics - - - - - - - - - - - - - - - - - - Strict
  Legalists
2. Two Factors that Determine How You Decide Ethical Issues
  The two factors are
  1. your basic ethical structure (p 275 fig 8.2)
    1. The outside layer is where minor infractions, like taking paper clips.
    2. The middle layer will be reached by more serious transgressions, like reading someone else's e-mail.
    3. The inside layer is only penetrated by the most serious ethical violations, those that would strike at the core of your being and cause you sleepless nights
  2. the circumstances surrounding the situation in which you are involved.
    1. Consequences - the amount of good or harm that will come from the decision.
    2. Society's opinion - how you perceive that world will view your decision.
    3. Likelihood of effect - the probability of good or harm.
    4. Time to consequences - How long it will take for the harm or good to be felt.
    5. Relatedness - your level of empathy for the affected parties.
    6. Reach of result - the number of people affected by the decision.
3. Guidelines for Ethical Computer System Use
  1. Ethics has very few hard and fast rules.
  2. If you feel you're in an ethical dilemma, your probably are.
  3. Talk to someone you trust.
  4. .Make sure you understand as much as you can about the situation before deciding what to do.
  5. Be prepared to act on your beliefs if you need to.
  6. Legal vs Ethical (p 276 fig 8.3)
4. Intellectual Property
  1. Patents
  2. Copyrights (Look and feel)
  3. Fair Use Doctrine
  4. Pirated software
  5. Counterfeit software
5. Case on page 284.
PRIVACY (p. 279)
1. Privacy and Other Individuals
2. Identity Theft
  1. Identity theft is the use of someone else's identity on paper for the purpose of fraud of some kind.
  2. Usually the fraud is financial theft, but it can also be for other reasons.
  3. The crime of identity theft has tripled for each of the last two years.
  4. According to the FTC numbers, 46% of all identity thefts claim victims under the age of 40.
  5. Phishing (also called carding or brand spoofing) is a method of finding people who can be conned into supplying their personal information, like social security numbers, bank account numbers, credit card numbers, etc.
    IRS Scam this year was new
3. Privacy and Employees
  1. Cyberslacking refers to the misuse of company computer resources, especially the use of the Internet for personal purposes during working hours.
  2. Private companies are NOT the government.
4. Privacy and Consumers
  1. Cookies
  2. Spam
  3. Adware (Pop ups)
  4. Spyware (Trojan horse)
  5. WEb logs
5. Privacy and Government Agencies
  1. NCIC
  2. FBI
  3. IRS
  4. Canris
  5. Census - Statistical abstract of the United States.
  6. Some legal protection.
  7. Freedom of information act.
6. Privacy and International Trade
  1. Import export laws
7. Laws on Privacy
  1. New area not much legal precedence.
INFORMATION (p. 294)
1. Information as Raw Material
  Packaging incorporates information and is sold as part of that product. This is the use of information as raw material
2. Information as Capital
  The decision regarding what and how to build the packaging involves information. That's information as capital.
SECURITY (p. 295)
1. Terminology
  1. ASCII
    The American Standard for Code for Information Interchange. Coding that assigns numerical equivalents to printable letters and numbers.
  2. back door
    A form of access to data aside from the normal process that bypasses security checks or decryption.
  3. CERT
    The Computer Emergency Response Team formed after the internet worm attack in 1988. The center is at Carnegie Mellon University. It was founded to coordinate security response and increase security awareness. It acts a kind of clearinghouse for security vulnerability.
  4. cipher
    A system for concealing the meaning of a message by rearranging the letters and/or substituting some letters with others.
  5. ciphertext
    A message that has been encrypted so that it cannot be easily understood by anyone other then the intended recipient.
  6. Clipper chip
    A sophisticated, high-speed encryption chip designed by the National Security Agency. A Clipper chip encrypts data with the Skipjack algorithm. Clipper-encrypted communications can be decrypted by law enforcement agencies or others who possess the chip's secret key.
  7. code
    A system for substituting letters or words in a message with a predefined set of symbols found in a codebook.
  8. codebook
    A book or table for defining a code.
  9. Denial of service
    A denial of service (smurf) attack generates a large amount of bogus traffic for a web site so that the site is unable to respond to legislate traffic.
  10. DES
    The National Bureau of Standards Data Encryption Standard. A government standard of encryption that is approved for use with all unclassified data.
  11. encryption
    A method of scrambling data in an organized fashion so that it is not understandable. Usually based on one or more keys that are also used in the reverse process (decryption).
  12. File permissions
    A binary number associated with a file that allows read, write and execute permission to various users.
  13. Hacker
    Originally, anyone addicted to computers (i.e., anyone who stayed up till 4 a.m. programming for the fun of it). The term has come to mean anyone who spends a lot of time trying to break systems' security. A.K.A. spooks, intruders, bad guys, crackers. Hackers can be classified as tourists, collectors and vandals. Only a small percentage of hackers have a deep understanding of technology at a basic level. These write programs or exploits (a hacking tool) that are used by the vast talent less group of hackers called script kiddies.
  14. IDEA
    The International Data Encryption Algorithm, developed in Switzerland which use a 128 bit key.
  15. National Security Agency
    A branch of the U.S. Department of Defense, which is charged with making codes for the U.S. and breaking codes used by other countries.
  16. Password
    Protective word associated with a user name. A user logging in to the system must supply the correct password before the system will permit access.
  17. plaintext
    A message that can be easily read and understood.
  18. PGP
    Pretty Good Privacy, a program written by Phil Zimmerman, which performs public key/ private key cryptography.
  19. steganography
    The science of hiding messages in messages. Microdots are an example of this. In the computer world, steganography has come to mean hiding secret messages in graphics, pictures, movies or sound.
  20. Trojan Horse
    A program that simulates some action (such as playing a game) while doing something else, such as initial infection of a virus into a system.
  21. Virus
    A program that can "infect" other programs by modifying them to include a (possibly evolved) copy of itself. At some time an event will trigger the virus to carry out its purpose usually malicious. There are three primary categories of viruses: file infectors, boot-sector viruses and macro (interpreted) viruses.
    - file infectors - for a long time the most common. They attach themselves to program files. When a user runs an infected application the virus is also run. Most of these are extinct in the wild.
    - boot-sector viruses reside as part of the OS and are loaded when the system boots. While common in Windows 3.1 they have died off with newer systems starting with Windows 95.
    - Macro viruses infect data files rather than programs. A common macro virus would be a macro in a mail file that works when the user opens the mail. Macro viruses are the future. All of the fast spreading Internet viruses are macro viruses.
    The writing of anti-virus software is a bigger business than writing viruses.
  22. worm
    A computer program which replicates itself. The Inter- net worm was perhaps the most famous; it successfully (and accidentally) duplicated itself on systems across the Internet.
2. Security and Employees
  1. Employees and outsiders can attack a company's computer system.
  2. The cost of computer sabotage is staggering.
  3. Usually, the really high cost abuse is perpetrated by employees and not outsiders.
  4. In general, the more senior people in the organization steal the most.
  5. The total cost is estimated to be about $400 billion per year.
3. Security and Collaboration Partners
4. Security and Outside Threats
5. Security Precautions
  1. Risk assessment is the determination of what can go wrong, how likely that is, and the possible consequences.
    Ethical Hacking
  2. Risk management incorporates risk assessment, but goes further in carrying out protective measures and evaluating their effects.
  3. It's important to back up everything so that all is not lost if something disastrous happens to your computer system.
  4. Anti-virus software detects and deals with incoming viruses arriving by e-mail or other methods of transfer.
  5. A firewall protects a computer or network from intruders
  6. Restricting access to a computer system offers a measure of protection.
  7. Biometrics is becoming more widely used since it uniquely identifies an individual and is not easy to fake.
  8. Encryption makes the contents of a message unreadable unless you have the correct decryption key
  9. The best way to protect a computer system is to prevent evil doers from gaining entry. Intrusion detection alerts you when someone is seeking to invade your system.
  10. Security-auditing software finds ways that intruders can get into a network before the intruders find them.