Security in ComputingSecurity in ComputingPrivacy in ComputingLegal & Ethical Issues in Computer SecurityInformation Security Management and Security Controls

I.I. Privacy in ComputingPrivacy in ComputingI. What is privacy

A. Individual Control of personal information

B. Right to declare certain information sensitive

C. Privacy has a cost: giving – or not giving – certain information may have affect how we are treated

D. Computerization did not invent privacy problems, nor will it solve them...

I.I. Privacy in ComputingPrivacy in ComputingE. Basic qualities/dimensions/tenets of

privacy1. Consent of information collection2. Limited use3. Limited period of retention4. Limited disclosure5. Protection of collected information against

inappropriate use6. Controlled access, logging7. Monitoring of use, logging8. Policies cannot be weakened once data

items are collected.

I.I. Privacy in ComputingPrivacy in ComputingF. Anonymity, pseudonymity, multiple

identities

II.II. Principles and PoliciesPrinciples and PoliciesA. Fair information policiesB. Privacy laws – which country?

III.III. AuthenticationAuthenticationA. Of an:

1. Individual2. Identity3. Attribute

B. Anonymization1. Delivering unique identities from

anonymized data2. Work of Anderson, Sweeney

IV.IV. Data MiningData MiningA. Privacy-preserving data mining

1. Tradeoff between anonymity and identification for good purpose

2. Joining databases on common data values

3. Aggregating for study of trends, connections

V.V. Privacy on the InternetPrivacy on the InternetA. Finance

1. Web payments2. Credit cards3. Anonymous payments4. Payments in cases of mutual distrust

B. Retained relationshipsA. CookiesB. Site loginsC. ImpersonationD. Unannounced relationships (tracking)

V.V. Privacy on the InternetPrivacy on the InternetC. Tracking

1. Web bugs2. Keystrokes logging3. Spyware4. Adware5. hijacking

VI.VI. Secure e-mailSecure e-mailA. No sender assurance; little ability to

track the origin of a messageB. Insecure channelsC. MonitoringD. Anonymous e-mail and remailersE. Spoofing, spam

VII.VII. Emerging technologies Emerging technologies (examples)(examples)

A. RFID – Radio-frequency identification1. Definition2. Uses3. Misuses

B. Electronic voting1. Far election principles2. Contrast to fairness of paper ballot,

mechanical voting techniques3. Internet voting4. Voice over IP

I.I. Legal and Ethical Issues Legal and Ethical Issues in Computer Securityin Computer Security

I. This is a very broad topic – some topics for class discussion based on case studies are:

A. Determining current and national laws concerning personal privacy and computer records, computer fraud, or hacking, given that laws change frequently

B. Review recent prosecutions of computer crime cases to see what laws where used for this prosecution

I.I. Legal and Ethical Issues Legal and Ethical Issues in Computer Securityin Computer Security

C. How to address the international aspect of computer crime – i.e. when a criminal in one country commits a crime against a computer in another country- Whose law is broken? whose police and courts have jurisdiction? how should the crime be investigated?- What if the transaction is passed through a third country or if the criminal uses an ISP in fourth country?

I.I. Information Security Information Security Management and Security Management and Security ControlsControls

I. Key area relating to ISO/IEC code of practice for information security management and security controls in terms of:general principles, best practice recommendations, established guidelines and any specific issues within this area. http://en.wikipedia.org/wiki/ISO/IEC_27002http://www.iso.org/iso/catalogue_detail?csnumber=39612