Professional Documents
Culture Documents
Chapter 3 Presentation
[E]THICS [P]RIVACY [S]ECURITY
[B]y:
Muhamad Ariff bin Sodri &
Yusuf Akram bin Zahari BM2221M
[C]HAPTER OUTLINE
1 ) ETHICAL ISSUE
Responsibi
lity
Accountabi
lity
Who? Liability
What?
How?
Where?
When? ???
ETHICS, PRIVACY AND SECURITY
[E]THICS – LEGAL vs ETHICS
Andrew Fastow
Jeffrey Skilling
ENRON SCANDAL ( 2001 ) Kenneth Lay
LEHMAN BROTHERS ( 2008 )
Yours… or
ours?
Hacker threats
[ E] A CCURACY ISSUES
TH
IC
AL
IS P ROPERTY ISSUES
SU
ES
A CCESSIBILITY ISSUES
http://www.misq.org/archivist/vol/no10/iss
ue1/vol10no1mason.html
HOW FAR CAN WE TAKE OUR
PRIVACY?
Right to privacy is not Digital Dossier &
absolute
Public>private profiling
PROTECTING PRIVACY
Threats to Information
Security
Factors that cause
vulnerability of organizational
[T information assets :
]H
RE 1 .wireless network
AT •
2. Government legislation
S
3. small,fast,cheap computers and storage
device
4. Decreasing skills to become a
hacker
5. International organized crime taking over
cyber-crime
6. Downstream liability
OUTSIDE
CORPORATE
INSIDE
LAN
Other insiders
employees
System software
Hardware threats
Refer to page 86
[T] HREATS
UNINTENTIONAL
ACTS
NATURAL
DISASTER
TECHNICAL
FAILURES
MANAGEMENT
FAILURES
DELIBERATE
ACTS
[T] HREATS
DELIBERATE
ACTS
1 .Espionage or Trespass
2. Information Extortion
3. Sabotage or Vandalism
4. Theft or Eqiupment and Information
5. Identity theft
6. Compromises to Intellectual Property
7. Software attacks
8.Supervisory control and data acquisition (SCADA)
attacks
9.Cyber terrorism
[S]oftware attacks
BLENDED
VIRU ATTACK
S
PHISHIN
WORM G
PASSWORD
ATTACK
TROJAN
HORSE
SOFTWARE ATTACKS
BACK
DOOR
i ) Risk
analysis
Asses value, estimate
probability, compare
cost of protecting the
asset.
ii ) Risk
mitigation iii ) Control
1)to prevent threats from
occurring evaluation
2)Develope recovery measures Identify security deficiency,
acceptance calc cost of implement control
RISK - measures. If cost >value of
limitation
assets, its not efficient
transferenc
e
Protecting Information
Resources
CONTROLS
-Security controls are
designed to protect all o
the components of an IS.
i ) Physical
control
Door, fences, card
security, guards etc