1 operations tactics strategy government consumers employees culture businesses privacy education...
TRANSCRIPT
1
Operations
Tactics
StrategyGovernment
Consumers
Employees
CultureBusinesses
Privacy
Education
Company
The IT Environment
INFSY540Information Resources in Management
Lesson 14 Chapter 14
MIS Impact on Society
2
Home-health
Programmer/analysts
Travel agents
Childcare
Guards
Cooks
Nurses
Gardners
Lawyers
Teachers
Janitors
Bank tellers
Electrical assemblers
Typists/word processors
Machine-tool operators
Textile workers
Switchboard operators
Packaging operators
Telephone & cable TV installers
Directory-assistance operators
Job Changes 1995-2001
3
AdvantagesDecreased overhead.Flexibility in part-time workers.
DisadvantagesHarder to evaluate workers.Harder to manage workers.
The Firm
AdvantagesReduced commuting costs.Flexible schedule.
DisadvantagesLoss of personal contacts.Distractions.
Employees
Suburbanwork centers
Telecommuting
4
ConsumerVendor (data)
Customer choosesproduct, sends IDor digital cash number.
NetBill(1) Price, product decryption key, customer code are sent to third party.
NetBill(2) Accounts are debited and credited. Product key is sent to customer.
Trusted Party
Conversion to“real” money.
Bank
Digital Cash(B) “Cash” amount is verified and added to vendor account.
Digital Cash(A) Consumer purchases a cash value that can be used only once.
Electronic Transactions
5
credit cardsorganizations
loans & licenses
financialpermitscensus
transportation data
financialregulatoryemploymentenvironmental
subscriptionseducation
purchases phone
criminal recordcomplaintsfinger prints
medicalrecords
Privacy
6
Privacy Problems TRW--1991
Norwich, VT Listed everyone delinquent on
property taxes Terry Dean Rogan
Lost wallet Impersonator, 2 murders and 2
robberies NCIC database Rogan arrested 5 times in 14
months Sued and won $55,000 from LA
Employees 26 million monitored
electronically 10 million pay based on
statistics
Jeffrey McFadden--1989 SSN and DoB for William Kalin
from military records Got fake Kentucky ID Wrote $6000 in bad checks Kalin spent 2 days in jail Sued McFadden, won $10,000
San Francisco Chronicle--1991 Person found 12 others using
her SSN Someone got 16 credit cards
from another’s SSN, charged $10,000
Someone discovered unemployment benefits had already been collected by 5 others
7
Privacy Laws Minimal in US
Credit reports Right to add comments 1994 disputes settled in 30 days 1994 some limits on access to data
Bork Bill--can’t release video rental data Educational data--limited availability 1994 limits on selling state/local data
Europe France and some other controls European Union, controls but undecided 1995 EU Privacy Controls
8
Horror Stories Security Pacific--Oct. 1978
Stanley Mark Rifkin Electronic Funds Transfer $10.2 million Switzerland Soviet Diamonds Came back to U.S.
Equity Funding--1973 The Impossible Dream Stock Manipulation
Insurance Loans Fake computer records
Robert Morris--1989 Graduate Student Unix “Worm” Internet--tied up for 3 days
Clifford Stoll--1989 The Cuckoo’s Egg Berkeley Labs Unix--account not balance Monitor, false information Track to East German spy
Old Techniques Salami slice Bank deposit slips Trojan Horse Virus
9
Privacy
10
Privacy Government expansion/intrusion
Impact of Sep 11th attack Welfare laws require identification because of fraud--some states
use fingerprints Identification databases: fingerprints nationwide, DNA proposal “Deadbeat dads” 1999 act requires SSN to receive any license
(driver’s, fishing, building, etc.)
11
Property Rights Copyright Right to sell Right to make copies Right to make derivative works Registration is not required, but increases the amount of money
you can receive in a lawsuit In force for “life” + 50 years (corporate is 75 years total) Cannot copyright raw data
Patent More expensive to obtain ($10,000 +) Prohibits similar works, even if created independently. 20-year limitation Useful and innovative
Trademark Prevents use of a name or logo
Trade Secret Non-disclosure agreement (NDA) Minimal legal protection, but establishes contract
12
Crime Computer Fraud and Abuse Act of 1986 outlaws
access to computers without authorization damage to computers, networks, data, and so on actions that lead to denial of service interference with medical care
Enforcement by U.S. Secret Service Enforcement has been difficult, but some successes
13
Employees & Consultants
Links to businesspartners
Virus hiding ingame software
Outsidehackers
Threats to Information Accidents & Disasters Employees Consultants Business Partnerships Outsiders PCs & Viruses
14
Game Program
01 23 05 06 77 033A 7F 3C 5D 83 9419 2C 2E A2 87 6202 8E FA EA 12 7954 29 3F 4F 73 9F
1
2 3
1. User runs program that contains hidden virus
2. Virus copies itself into other programs on the computer
3. Virus spreads until a certain date, then it deletes files, etcetera.
Virus code
Infected Disk
Virus
15
User Identification Passwords
Dial up service found 30% of people used same word
People choose obvious Post-It notes
Hints Don’t use real words Don’t use personal names Include non-alphabetic Change often Use at least 6 characters
Alternatives: Biometrics Finger/hand print Voice recognition Retina/blood vessels DNA ?
Password generator cards Comments
Don’t have to remember Reasonably accurate Price is dropping Nothing is perfect
16
Several methods exist to identify a person based on biological characteristics. Common techniques include fingerprint, handprint readers, and retinal scanners. More exotic devices include body shape sensors and this thermal facial reader which uses infrared imaging to identify the user.
Biometrics: Thermal
17
Security Controls Access Control
Ownership of data Read, Write, Execute,
Delete, Change Permission, Take Ownership
Dial-back modems Security Monitoring
Access logs Violations Lock-outs
Alternatives Audits Physical Access Employee screening
Encryption Single Key (DES) Dual Key (RSA)
18
phonecompany
phonecompany
1
63
7 2
5
4
Jones 1111Smith 2222Olsen 3333Araha 4444
1) User calls computer.2) Modem answers.3) User enters name and password.4) Modem hangs up.5) Modem dials phone number in database.6) User machine answers.7) User gets access.
If hacker somehow gets name and password. Company modem will hang up and call back number in database, preventing hacker from accessing the computer.
Dial Back Modem
19
MakikoTakao
Message
Public Keys
Makiko 29Takao 17
Message
Encrypted
Private Key13 Private Key
37UseTakao’sPublic key
UseTakao’sPrivate key
Makiko sends message to Takao that only he can read.
Encryption: Dual Key
20
Makiko
TakaoPublic Keys
Makiko 29Takao 17
Private Key13
Private Key37
UseTakao’sPublic key
UseTakao’sPrivate key
Takao sends message to Makiko:His key guarantees it came from him.Her key prevents anyone else from reading message.
Message
Message
Encrypt+T
Encrypt+T+M
Encrypt+M
UseMakiko’s
Public key
UseMakiko’s
Private key
Transmission
Dual Key: Authentication
21
Encrypted conversation
Escrow keys
Clipper chipin phones
Intercept
Decrypted conversation
Judicial orgovernment office
Clipper Chip: Key Escrow
22
$$
Security Categories Physical attack & disasters
Backup--off-site Cold/Shell site Hot site Disaster tests Personal computers!
Logical Unauthorized disclosure Unauthorized modification Unauthorized withholding
23
SunGard is a premier provider of computer backup facilities and disaster planning services. Its fleet of Mobile Data Centers can be outfitted with a variety of distributed systems hardware and delivered at a disaster site within 48 hours.
Disaster Planning
24
Law Web references
fedlaw.gsa.gov Basic linkslaw.house.gov U.S. Code and C.F.R.www.lawcircle.com/observer Commentarylcweb.loc.gov/copyright U.S. copyright officewww.uspto.gov U.S. patent officewww.copyright.com Copyright clearancewww.eff.org Electronic frontier found.www.epic.org Privacy information centerwww.uspto.gov/web/offices IITF white paper,/com/doc/ipnii proposed copyright changeswww.wired.com Issue 4(1): Analysis of IITF