SlideShare ist ein Scribd-Unternehmen logo

Secure

Als PPT, PDF herunterladen
Dhani Ahmad
Dhani Ahmad

Information Technology & Management Program

Internet
1 von 13
Ron Briggs UT-Dallas Ethics and Security in Information Management • You run the Dallas County office of DHS. Its Monday morning of the week before you take-off on a two week vacation.You are reading your mail. There is a letter from the Information Systems division of the Office of the State Auditor. They will be visiting you three weeks from today to: “review policies and procedures with respect to information security and ethics” • do you break into a cold sweat, or say ‘no sweat, we are in good shape’ • what needs to be in place in order for you to enjoy a care free vacation!?
Ron Briggs UT-Dallas The Ethical Issues in IT • responsibility, accountability, and liability – snow storm, roof collapses, people lose money • privacy and open records – is gov. e-mail private or a public record? • intellectual property: trade secrets, copyright, patents – more than controlling software copying • appropriate use and ethical behavior – avoid even the appearance of inpropriety • equity, access, and social impact – the digital divide: is IT widening social and economic divisions? • personal protection and health – safety hazards in the workplace Security is central to at least the first three. Ethics is fundamental to the second three.
Ron Briggs UT-Dallas Security Problem Areas Its not a question of if, but of when! – disasters strike (17%--includes equipment) » external natural/manmade disasters – disks, etc. fail » internal equipment failures – staff screw-up (50%) – employees abuse (14%) – hackers/viruses attack (5%) – criminals conspire (14%--mostly internal) – somebody sues (Numbers refer to one estimate of losses, by source)
Ron Briggs UT-Dallas The Response • prevention, prevention, prevention • detection • prosecution/suing The majority of problems are internal not external! Your biggest problem is trusted staff messing up! Prosecution & suing are after the fact. They won’t prevent the problem (or save your job)! It’s not luck, its planning!
Ron Briggs UT-Dallas Basic Concepts: responsibility, accountability, liability Responsibility: the personal issue accepting the inherent costs and obligations of the decisions you make Accountability: the institutional issue the ability to determine who took the responsible (or irresponsible!) action Liability: the legal issue the ability to recover for the damage done to individuals or organizations through a system of due process
Ron Briggs UT-Dallas The Three Dimensions of Security • Confidentiality – assuring that legally protected data is not disclosed to the public • Integrity – assuring that info. is correct and protected from unauthorized alteration • Availability – assuring that data is available to support the agency’s mission and operations » information recoverable » operations continuable
Ron Briggs UT-Dallas Strategies for Security • security policy/procedures – physical security: » people: locks, cameras, exit/entry monitoring, » water: basement, pipes » electricity: surge, UPS » structures: no prefabs! – system access control : logon – database security systems and record/attribute level control – data management policies (which must be known and followed) » data ownership and responsibility assignation » data classification: confidential, sensitive, public • error control – program development: independent user testing – data entry » one time input/automated source capture » validation rules » duplicate data entry for verification – journalling: tracking all accesses and changes by userID, date, time, etc. (audit trail) – hardware/network/database monitoring: spotting trouble ahead of time. (alarm) – data audits • disaster recovery – back-ups: on-site & off-site – mirroring/fault tolerant systems – hot sites/cold sites
Ron Briggs UT-Dallas Computer Systems v. Manual System Is vulnerability increased? • information is more highly concentrated, easier to gather and more difficult to control • potentially accessed by many more people. • tools simplify and speed up copy/deletion of large quantities • no paper back-up; cannot be replicated manually. • complex and invisible: difficult to test, audit or detect change. • more processing steps therefore more error possibilities.
Ron Briggs UT-Dallas Trade-offs • security versus information access » internal v. external » need-to-know » data as power • security versus convenience » diminishing returns • security versus service: risk assessment » probabilty of occurrence » institutional impact/cost of failure Decisions for upper management, not IT folks!
1Ron Briggs UT-Dallas Ethics and Appropriate Use Dealing with personal business (e-mail, phones, etc.) • No financial gain or commercial purpose • direct costs re-imbursed (e.g. long distance charges) • does not impeded agency operations (e.g tie up scare dial-in ports or slow response time) • consumes incidental amounts of employee time (the coffee break test) Dealing with vendors • no personal gain, incl. family and friends (the tee shirt test) • all have the opportunity to be included • follow required procedures e.g. open bidding For the public sector, it’s a matter of law. For the private sector, it’s determined by policy.
1Ron Briggs UT-Dallas Network Security: Needs applications – e-mail – e-forms (internal business) – edi (eletronic data interchange: external business) management needs – minimum manual intervention – audit trails – status and alarms – immediate and comprehensive revocation user needs – access control – user transparency data needs – confidentiality (secret) – integrity (secure: no change) – authenticity (sender known) – non-repudiation (delivery confirmed) Security concerns intensify.
1Ron Briggs UT-Dallas Network Security: Methods Network – closed network – perimeter security (firewalls) – object protection User Access – passwords (n times) – smart cards (one time) – user identification (fingerprint; eyeballs) User exchange – encryption (for confidentiality and integrity) » clipper chip / back door – public/private keys (for authenticity)
1Ron Briggs UT-Dallas The Special Case of Telecom Security Telephone Fraud--$2 billion plus per year Examples: • card sharps • shoulder surfing • dumpster diving • sweet talk codes/lines • hacking • internal trouble Do you even know it? Personal use •illegal for gov. •costly for private sector Watch out for: •international •1-900

Empfohlen

Risk management i
Risk management iRisk management i
Risk management i
Dhani Ahmad
 
The need for security
The need for securityThe need for security
The need for security
Dhani Ahmad
 
Risk management ii
Risk management iiRisk management ii
Risk management ii
Dhani Ahmad
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnel
Dhani Ahmad
 
Privacy & security in heath care it
Privacy & security in heath care itPrivacy & security in heath care it
Privacy & security in heath care it
Dhani Ahmad
 
Security technologies
Security technologiesSecurity technologies
Security technologies
Dhani Ahmad
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
Mark John Lado, MIT
 
IT Security and Management - Prelim Lessons by Mark John Lado
IT Security and Management - Prelim Lessons by Mark John LadoIT Security and Management - Prelim Lessons by Mark John Lado
IT Security and Management - Prelim Lessons by Mark John Lado
Mark John Lado, MIT
 

Empfohlen

Risk management i
Risk management iRisk management i
Risk management i
Dhani Ahmad
 
The need for security
The need for securityThe need for security
The need for security
Dhani Ahmad
 
Risk management ii
Risk management iiRisk management ii
Risk management ii
Dhani Ahmad
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnel
Dhani Ahmad
 
Privacy & security in heath care it
Privacy & security in heath care itPrivacy & security in heath care it
Privacy & security in heath care it
Dhani Ahmad
 
Security technologies
Security technologiesSecurity technologies
Security technologies
Dhani Ahmad
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
Mark John Lado, MIT
 
IT Security and Management - Prelim Lessons by Mark John Lado
IT Security and Management - Prelim Lessons by Mark John LadoIT Security and Management - Prelim Lessons by Mark John Lado
IT Security and Management - Prelim Lessons by Mark John Lado
Mark John Lado, MIT
 
The information security audit
The information security auditThe information security audit
The information security audit
Dhani Ahmad
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information Security
SARJERAO Sarju
 
To situation awareness theory
To situation awareness theoryTo situation awareness theory
To situation awareness theory
engineerteju
 
6 Physical Security
6 Physical Security6 Physical Security
6 Physical Security
Alfred Ouyang
 
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdfControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
sulu98
 
Information security management
Information security managementInformation security management
Information security management
UMaine
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
Hamed Moghaddam
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Elumalai Vasan
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
IGN MANTRA
 
I0516064
I0516064I0516064
I0516064
IOSR Journals
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
Jonathan Coleman
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
Nicholas Davis
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001
Hiran Kanishka
 
Rothke Patchlink
Rothke PatchlinkRothke Patchlink
Rothke Patchlink
Ben Rothke
 
Practical Application of Physical Security Criteria
Practical Application of Physical Security CriteriaPractical Application of Physical Security Criteria
Practical Application of Physical Security Criteria
Scott L Weiland PE
 
Bis Chapter15
Bis Chapter15Bis Chapter15
Bis Chapter15
Chun Hoi Lam
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101
Jerod Brennen
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
Constantine Karbaliotis
 
Computing safety
Computing safetyComputing safety
Computing safety
titoferrus
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
Anchises Moraes
 
Database - Design & Implementation - 1
Database - Design & Implementation - 1Database - Design & Implementation - 1
Database - Design & Implementation - 1
Trivuz ত্রিভুজ
 
Database design, implementation, and management -chapter02
Database design, implementation, and management -chapter02Database design, implementation, and management -chapter02
Database design, implementation, and management -chapter02
Beni Krisbiantoro
 

Weitere ähnliche Inhalte

Was ist angesagt?

is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information Security
SARJERAO Sarju
 
Information security management
Information security managementInformation security management
Information security management
UMaine
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
Jonathan Coleman
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
Nicholas Davis
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101
Jerod Brennen
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
Anchises Moraes
 

Was ist angesagt? (20)

The information security audit
The information security auditThe information security audit
The information security audit
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information Security
 
To situation awareness theory
To situation awareness theoryTo situation awareness theory
To situation awareness theory
 
6 Physical Security
6 Physical Security6 Physical Security
6 Physical Security
 
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdfControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
 
Information security management
Information security managementInformation security management
Information security management
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
 
I0516064
I0516064I0516064
I0516064
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001
 
Rothke Patchlink
Rothke PatchlinkRothke Patchlink
Rothke Patchlink
 
Practical Application of Physical Security Criteria
Practical Application of Physical Security CriteriaPractical Application of Physical Security Criteria
Practical Application of Physical Security Criteria
 
Bis Chapter15
Bis Chapter15Bis Chapter15
Bis Chapter15
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
Computing safety
Computing safetyComputing safety
Computing safety
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 

Andere mochten auch

Information system
Information systemInformation system
Information system
Dhani Ahmad
 
Opportunities, threats, industry competition, and competitor analysis
Opportunities, threats, industry competition, and competitor analysisOpportunities, threats, industry competition, and competitor analysis
Opportunities, threats, industry competition, and competitor analysis
Dhani Ahmad
 
Information resource management
Information resource managementInformation resource management
Information resource management
Dhani Ahmad
 
Lecture 08 distributed dbms
Lecture 08 distributed dbmsLecture 08 distributed dbms
Lecture 08 distributed dbms
emailharmeet
 
Lecture 07 relational database management system
Lecture 07 relational database management systemLecture 07 relational database management system
Lecture 07 relational database management system
emailharmeet
 
Lecture 09 dblc centralized vs decentralized design
Lecture 09 dblc centralized vs decentralized designLecture 09 dblc centralized vs decentralized design
Lecture 09 dblc centralized vs decentralized design
emailharmeet
 
Lecture 06 relational algebra and calculus
Lecture 06 relational algebra and calculusLecture 06 relational algebra and calculus
Lecture 06 relational algebra and calculus
emailharmeet
 
Lecture 10 distributed database management system
Lecture 10 distributed database management systemLecture 10 distributed database management system
Lecture 10 distributed database management system
emailharmeet
 

Andere mochten auch (20)

Database - Design & Implementation - 1
Database - Design & Implementation - 1Database - Design & Implementation - 1
Database - Design & Implementation - 1
 
Database design, implementation, and management -chapter02
Database design, implementation, and management -chapter02Database design, implementation, and management -chapter02
Database design, implementation, and management -chapter02
 
Information system
Information systemInformation system
Information system
 
Opportunities, threats, industry competition, and competitor analysis
Opportunities, threats, industry competition, and competitor analysisOpportunities, threats, industry competition, and competitor analysis
Opportunities, threats, industry competition, and competitor analysis
 
Strategic planning
Strategic planningStrategic planning
Strategic planning
 
Legal, ethical & professional issues
Legal, ethical & professional issuesLegal, ethical & professional issues
Legal, ethical & professional issues
 
Islamic information management
Islamic information managementIslamic information management
Islamic information management
 
Types of islamic institutions and records
Types of islamic institutions and recordsTypes of islamic institutions and records
Types of islamic institutions and records
 
Security policy
Security policySecurity policy
Security policy
 
Islamic information seeking behavior
Islamic information seeking behaviorIslamic information seeking behavior
Islamic information seeking behavior
 
Physical security
Physical securityPhysical security
Physical security
 
Islamic information management sources in islam
Islamic information management sources in islamIslamic information management sources in islam
Islamic information management sources in islam
 
Information resource management
Information resource managementInformation resource management
Information resource management
 
Database design
Database designDatabase design
Database design
 
Lecture 08 distributed dbms
Lecture 08 distributed dbmsLecture 08 distributed dbms
Lecture 08 distributed dbms
 
Lecture 07 relational database management system
Lecture 07 relational database management systemLecture 07 relational database management system
Lecture 07 relational database management system
 
Lecture 09 dblc centralized vs decentralized design
Lecture 09 dblc centralized vs decentralized designLecture 09 dblc centralized vs decentralized design
Lecture 09 dblc centralized vs decentralized design
 
Lecture 06 relational algebra and calculus
Lecture 06 relational algebra and calculusLecture 06 relational algebra and calculus
Lecture 06 relational algebra and calculus
 
Lecture 10 distributed database management system
Lecture 10 distributed database management systemLecture 10 distributed database management system
Lecture 10 distributed database management system
 
Pembahasan Soal UKK TKJ 2017 - Paket 3
Pembahasan Soal UKK TKJ 2017 - Paket 3Pembahasan Soal UKK TKJ 2017 - Paket 3
Pembahasan Soal UKK TKJ 2017 - Paket 3
 

Ähnlich wie Secure

Why your Information Security MUST mesh with your Business Continuity Program
Why your Information Security MUST mesh with your Business Continuity ProgramWhy your Information Security MUST mesh with your Business Continuity Program
Why your Information Security MUST mesh with your Business Continuity Program
PECB
 
Information security background
Information security backgroundInformation security background
Information security background
Nicholas Davis
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
Asad Zaman
 
DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentation
Rodonoghue72
 

Ähnlich wie Secure (20)

Chapter 3
Chapter 3Chapter 3
Chapter 3
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
Why your Information Security MUST mesh with your Business Continuity Program
Why your Information Security MUST mesh with your Business Continuity ProgramWhy your Information Security MUST mesh with your Business Continuity Program
Why your Information Security MUST mesh with your Business Continuity Program
 
Cyber Security - ASGFOA
Cyber Security - ASGFOACyber Security - ASGFOA
Cyber Security - ASGFOA
 
Data Protection: We\'re In This Together
Data Protection: We\'re In This TogetherData Protection: We\'re In This Together
Data Protection: We\'re In This Together
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?
 
Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)
 
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
 
Information security background
Information security backgroundInformation security background
Information security background
 
Information Security
Information SecurityInformation Security
Information Security
 
PP Lec9n10 Sp2020.pptx
PP Lec9n10 Sp2020.pptxPP Lec9n10 Sp2020.pptx
PP Lec9n10 Sp2020.pptx
 
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
 
DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentation
 
L007 Managing System Security (2016)
L007 Managing System Security (2016)L007 Managing System Security (2016)
L007 Managing System Security (2016)
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk Management
 
The Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 editionThe Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 edition
 
Privacy, Encryption, and Anonymity in the Civil Legal Aid Context
Privacy, Encryption, and Anonymity in the Civil Legal Aid ContextPrivacy, Encryption, and Anonymity in the Civil Legal Aid Context
Privacy, Encryption, and Anonymity in the Civil Legal Aid Context
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 

Mehr von Dhani Ahmad

Mehr von Dhani Ahmad (12)

Strategic information system planning
Strategic information system planningStrategic information system planning
Strategic information system planning
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Information security as an ongoing effort
Information security as an ongoing effortInformation security as an ongoing effort
Information security as an ongoing effort
 
Implementing security
Implementing securityImplementing security
Implementing security
 
Disaster recovery & business continuity
Disaster recovery & business continuityDisaster recovery & business continuity
Disaster recovery & business continuity
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
 
Topic 12 report & presentations
Topic 12 report & presentationsTopic 12 report & presentations
Topic 12 report & presentations
 
Topic 11 data management
Topic 11 data managementTopic 11 data management
Topic 11 data management
 
Topic 10 sample designs & procedures
Topic 10 sample designs & proceduresTopic 10 sample designs & procedures
Topic 10 sample designs & procedures
 
Topic 9 secondary data sources
Topic 9 secondary data sourcesTopic 9 secondary data sources
Topic 9 secondary data sources
 
Topic 8 questionnaire design
Topic 8 questionnaire designTopic 8 questionnaire design
Topic 8 questionnaire design
 
Topic 7 measurement in research
Topic 7 measurement in researchTopic 7 measurement in research
Topic 7 measurement in research
 

Kürzlich hochgeladen

𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Neha Pandey
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Delhi Call girls
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
Escorts Call Girls
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
nirzagarg
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
SUHANI PANDEY
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
nirzagarg
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
roncy bisnoi
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
SUHANI PANDEY
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Chandigarh Call girls 9053900678 Call girls in Chandigarh
 
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
nilamkumrai
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
imonikaupta
 

Kürzlich hochgeladen (20)

𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 

Secure

  • 1. Ron Briggs UT-Dallas Ethics and Security in Information Management • You run the Dallas County office of DHS. Its Monday morning of the week before you take-off on a two week vacation.You are reading your mail. There is a letter from the Information Systems division of the Office of the State Auditor. They will be visiting you three weeks from today to: “review policies and procedures with respect to information security and ethics” • do you break into a cold sweat, or say ‘no sweat, we are in good shape’ • what needs to be in place in order for you to enjoy a care free vacation!?
  • 2. Ron Briggs UT-Dallas The Ethical Issues in IT • responsibility, accountability, and liability – snow storm, roof collapses, people lose money • privacy and open records – is gov. e-mail private or a public record? • intellectual property: trade secrets, copyright, patents – more than controlling software copying • appropriate use and ethical behavior – avoid even the appearance of inpropriety • equity, access, and social impact – the digital divide: is IT widening social and economic divisions? • personal protection and health – safety hazards in the workplace Security is central to at least the first three. Ethics is fundamental to the second three.
  • 3. Ron Briggs UT-Dallas Security Problem Areas Its not a question of if, but of when! – disasters strike (17%--includes equipment) » external natural/manmade disasters – disks, etc. fail » internal equipment failures – staff screw-up (50%) – employees abuse (14%) – hackers/viruses attack (5%) – criminals conspire (14%--mostly internal) – somebody sues (Numbers refer to one estimate of losses, by source)
  • 4. Ron Briggs UT-Dallas The Response • prevention, prevention, prevention • detection • prosecution/suing The majority of problems are internal not external! Your biggest problem is trusted staff messing up! Prosecution & suing are after the fact. They won’t prevent the problem (or save your job)! It’s not luck, its planning!
  • 5. Ron Briggs UT-Dallas Basic Concepts: responsibility, accountability, liability Responsibility: the personal issue accepting the inherent costs and obligations of the decisions you make Accountability: the institutional issue the ability to determine who took the responsible (or irresponsible!) action Liability: the legal issue the ability to recover for the damage done to individuals or organizations through a system of due process
  • 6. Ron Briggs UT-Dallas The Three Dimensions of Security • Confidentiality – assuring that legally protected data is not disclosed to the public • Integrity – assuring that info. is correct and protected from unauthorized alteration • Availability – assuring that data is available to support the agency’s mission and operations » information recoverable » operations continuable
  • 7. Ron Briggs UT-Dallas Strategies for Security • security policy/procedures – physical security: » people: locks, cameras, exit/entry monitoring, » water: basement, pipes » electricity: surge, UPS » structures: no prefabs! – system access control : logon – database security systems and record/attribute level control – data management policies (which must be known and followed) » data ownership and responsibility assignation » data classification: confidential, sensitive, public • error control – program development: independent user testing – data entry » one time input/automated source capture » validation rules » duplicate data entry for verification – journalling: tracking all accesses and changes by userID, date, time, etc. (audit trail) – hardware/network/database monitoring: spotting trouble ahead of time. (alarm) – data audits • disaster recovery – back-ups: on-site & off-site – mirroring/fault tolerant systems – hot sites/cold sites
  • 8. Ron Briggs UT-Dallas Computer Systems v. Manual System Is vulnerability increased? • information is more highly concentrated, easier to gather and more difficult to control • potentially accessed by many more people. • tools simplify and speed up copy/deletion of large quantities • no paper back-up; cannot be replicated manually. • complex and invisible: difficult to test, audit or detect change. • more processing steps therefore more error possibilities.
  • 9. Ron Briggs UT-Dallas Trade-offs • security versus information access » internal v. external » need-to-know » data as power • security versus convenience » diminishing returns • security versus service: risk assessment » probabilty of occurrence » institutional impact/cost of failure Decisions for upper management, not IT folks!
  • 10. 1Ron Briggs UT-Dallas Ethics and Appropriate Use Dealing with personal business (e-mail, phones, etc.) • No financial gain or commercial purpose • direct costs re-imbursed (e.g. long distance charges) • does not impeded agency operations (e.g tie up scare dial-in ports or slow response time) • consumes incidental amounts of employee time (the coffee break test) Dealing with vendors • no personal gain, incl. family and friends (the tee shirt test) • all have the opportunity to be included • follow required procedures e.g. open bidding For the public sector, it’s a matter of law. For the private sector, it’s determined by policy.
  • 11. 1Ron Briggs UT-Dallas Network Security: Needs applications – e-mail – e-forms (internal business) – edi (eletronic data interchange: external business) management needs – minimum manual intervention – audit trails – status and alarms – immediate and comprehensive revocation user needs – access control – user transparency data needs – confidentiality (secret) – integrity (secure: no change) – authenticity (sender known) – non-repudiation (delivery confirmed) Security concerns intensify.
  • 12. 1Ron Briggs UT-Dallas Network Security: Methods Network – closed network – perimeter security (firewalls) – object protection User Access – passwords (n times) – smart cards (one time) – user identification (fingerprint; eyeballs) User exchange – encryption (for confidentiality and integrity) » clipper chip / back door – public/private keys (for authenticity)
  • 13. 1Ron Briggs UT-Dallas The Special Case of Telecom Security Telephone Fraud--$2 billion plus per year Examples: • card sharps • shoulder surfing • dumpster diving • sweet talk codes/lines • hacking • internal trouble Do you even know it? Personal use •illegal for gov. •costly for private sector Watch out for: •international •1-900