SlideShare a Scribd company logo

Security and Ethical Challenges Contributors Kim Wanders.docx

Download as DOCX, PDF
F
fathwaitewalter

Security and Ethical Challenges Contributors: Kim Wandersee, Les Pang Computer Security Computer Security Goals Computer security must be viewed in a holistic manner and provide an end-to-end protection as data moves through its lifecycle. Data originates from a user or sensor, passes over a network to reach a computing system that hosts software. This computer system has software and processes the data and stores in in a storage device. That data is backed up on a device and finally archived. The elements that handle the data need to be secure. Computer security pertains to all the means to protect the confidentiality, integrity, availability, authenticity, utility, and possession of data throughout its lifecycle. Confidentiality: A security principle that works to ensure that data is not disclosed to unauthorized persons. Integrity: A security principle that makes sure that information and systems are not modified maliciously or accidentally. Availability: A security principle that assures reliable and timely access to data and resources by authorized individuals. Authenticity: A security principle that the data, transactions, communications or documents are genuine, valid, and not fraudulent. Utility: A security principle that addresses that the information is usable for its intended purpose. . Possession: A security principle that works to ensure that data remains under the control of the authorized individuals. Figure 1. Parkerian Hexad (PH) security model. The Parerian Hexad (PH) model expands on the Confidentiality, Integrity, and Availability (CIA) triad that has been the basic model of Information Security for over 20 years. This framework is used to list all aspects of security at a basic level. It provides a complete security framework to provide the means for information owners to protect their information from any adversaries and vulnerabilities. It adds Authenticity, Utility, and Possession to CIA triad security model. It addresses security aspects for data throughout its lifecycle. The Center for Internet Security has identified 20 controls necessary to protect an organization from known cyber-attack. The first 5 controls will provide effective defense against the most common cyber-attacks, approximately 85% of attacks. The 5 controls are: 1. Inventory of Authorized and Devices 2. Inventory of Authorized and Unauthorized Software 3. Secure Configurations for Hardware and Software 4. Continuous Vulnerability Assessment and Remediation 5. Controlled User of Administrative Privileges A full explanation of all 20 controls is available at the Center for Internet Security website. Search for CIS controls. Security Standards and Regulations The National Institute of Standards and Technology (NIST), Computer Security Division, provides security standards in its Federal Information Processing Standards ( ...

Education
1 of 27
Security and Ethical Challenges Contributors: Kim Wandersee, Les Pang Computer Security Computer Security Goals Computer security must be viewed in a holistic manner and provide an end-to-end protection as data moves through its lifecycle. Data originates from a user or sensor, passes over a network to reach a computing system that hosts software. This computer system has software and processes the data and stores in in a storage device. That data is backed up on a device and finally archived. The elements that handle the data need to be secure. Computer security pertains to all the means to protect the confidentiality, integrity, availability, authenticity, utility, and possession of data throughout its lifecycle. Confidentiality: A security principle that works to ensure that data is not disclosed to unauthorized persons. Integrity: A security principle that makes sure that information and systems are not
modified maliciously or accidentally. Availability: A security principle that assures reliable and timely access to data and resources by authorized individuals. Authenticity: A security principle that the data, transactions, communications or documents are genuine, valid, and not fraudulent. Utility: A security principle that addresses that the information is usable for its intended purpose. . Possession: A security principle that works to ensure that data remains under the control of the authorized individuals. Figure 1. Parkerian Hexad (PH) security model. The Parerian Hexad (PH) model expands on the Confidentiality, Integrity, and Availability (CIA) triad that has been the basic model of Information Security for over 20 years. This framework is used to list all aspects of security at a basic level. It provides a complete security framework to provide the means for information owners to protect their
information from any adversaries and vulnerabilities. It adds Authenticity, Utility, and Possession to CIA triad security model. It addresses security aspects for data throughout its lifecycle. The Center for Internet Security has identified 20 controls necessary to protect an organization from known cyber-attack. The first 5 controls will provide effective defense against the most common cyber-attacks, approximately 85% of attacks. The 5 controls are: 1. Inventory of Authorized and Devices 2. Inventory of Authorized and Unauthorized Software 3. Secure Configurations for Hardware and Software 4. Continuous Vulnerability Assessment and Remediation 5. Controlled User of Administrative Privileges A full explanation of all 20 controls is available at the Center for Internet Security website. Search for CIS controls. Security Standards and Regulations The National Institute of Standards and Technology (NIST), Computer Security Division, provides security standards in its Federal Information Processing
Standards (FIPS) SP 800 series. These publications are used often by security professionals to ensure they are properly safeguarding information technology. NIST maintains a library of security- related publications. Individual industries are often guided by a Federal law to help ensure that the proper security and privacy controls are established. The following list provides examples of an industry and it associated Federal Law. -- HIPAA - FISMA - FERPA Responsibilities Computer Security's responsibility is to prevent an intrusion from occurring, detect a security breach if one occurs and recover from the security breach. Computer security generally involves the following practices: http://csrc.nist.gov/publications/PubsSPs.html https://www.hhs.gov/hipaa/for-professionals/security/laws- regulations/index.html https://www.dhs.gov/fisma https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html
onitoring and Auditing Once a security breach is detected, the following steps may be taken: o Review event logs o Review variations from the baseline performance o Use Intrusion Detection Systems (IDS) o Research security resources to gather information o Look for common symptoms of a specific attack o E-mail o Voice-mail broadcast o Shut down affected servers o Remove affected computers from network o Remove network from the Internet o Preserve the evidence o External attacks protocols can enter the perimeter network and the private network o Internal attacks
clean backup o Maintain service pack versions o Run intrusion detection systems o Review event logs regularly nt logon events o Collect and record attack details o Perform a postmortem meeting o Develop an action plan for future attacks o Modify the security policy and security plan as needed Threats Figure 2. Typical threats. Disasters Disasters include natural and man-made disasters. These include: tornado, hurricane, earthquake, fire, bombings, and bioterrorism.
Humans Human activity creates a number of threats to computer security. llowing company policy passwords tricks on legitimate users of a computer system, in order to obtain information he needs to gain access to the system -sharing policies with business partnerships Malicious Code Malicious Code Description Virus A code fragment that copies itself into a larger program, modifying that program. It executes only when its host program begins to run. It can reproduce immediately or can be triggered by a particular event, such as a date. Worm Typically an independent program and copies itself from
one computer to another, usually over a network. Trojan Horse A code fragment that hides inside a program and performs a disguised, unauthorized function. Bomb A type of Trojan Horse, used to release a virus, a worm, or other system attack. It is planted by a system developer and is triggered when a particular date, time, or condition occurs. Trap Door A mechanism that is built into a system by its designer or programmer. It provides the designer a way to circumvent the normal access to the application. Unfortunately these can be left in the system and allow unauthorized access to the system. Spoof A program that tricks an unsuspecting user into giving away privileges. Hoax A program that claims that it is malicious code, but does not do harm to the system. Instead, it wastes time while security engineers determine there is no threat. Spyware A program that resides on your computer, captures all of your activities, and then sends the information to a company or hacker for their use. Ransomware Malicious software that typically encrypts the victim’s file making them no longer accessible and demands a ransom to decrypt the files.
E-Commerce Dangers misrepresentation of identities or other facts in order to obtain something of value. With a proper security system in place, the consumer will be able positively to authenticate the identity of the e- commerce business and the business will be able to identify the consumer before performing the transaction. Identity theft constitutes a current, serious example of fraud perpetrated through unauthorized access to personal information on the Internet. system. The financial transactions may be altered if one can modify the data during transit. Cryptographic message digests can indicate whether a message has been tampered with. -of-service attack involves preventing one from accessing data by confusing or overloading the related computers or networking equipment. Transmission Control Protocol (TCP) is a communication protocol commonly used on the Internet for many kinds of communication. TCP SYN flooding attack is a threat that involves denial of service launched on the Internet. With TCP SYN flooding attack, hackers attempt to open so many TCP connections with a server that it results in denial
of additional incoming connections. Interactive Web technologies such as Java, JavaScript, and ActiveX increase the difficulty of preventing denial-of-service attacks. With these Web technologies, a denial-of-service can be easily embedded in programs. Controls and Defenses Policy, Processes, and Procedures A security policy: and network usage security incidents procedures Data Backups and Hot Sites Data backup protects not only against physical disasters but also against equipment failure, data theft, data modification and data corruption. Obviously the backup site must be remote from the primary database to avoid a common disaster. Backup media include tape, at lower cost, and disk, at higher cost. Backup frequency may be periodic, as in once a week, or continuous, as in a site that mirrors the primary site.
Communication with the backup site may vary from physical transport to high-speed telecommunications links. The type of backup needs to be matched to the requirements of company or individual. Backup frequency depends on the acceptable data loss that might occur between the last recovery point and a failure. The speed and sophistication of recovery depends on the acceptable down time. The cost of the backup and recovery system should not greatly exceed the risk. Here, risk is taken to be the amount of the possible loss times the probability of its occurrence. Access Control Access control can take a variety of forms. "Firewall" or "proxy server" software provides access control for computers connected to the Internet. Access control can involve using transmission cables that cannot be tapped. Access control can also involve requiring authentication prior to allowing a computer to make known the content of certain data files. Forms of the latter type of access control are the following: Strong Passwords Passwords are critical to preventing unauthorized access to the network and applications. Therefore, passwords should be difficult to guess. They should
be eight or more characters and a combination of capital and small letters, numbers, and special characters. Passwords should be changed regularly and frequently. Microsoft provides recommendations for creating and using strong passwords at the following URL. http://www.microsoft.com/protect/yourself/password/create.msp x Microsoft also provides a free password checker. To check the strength of your password, use the following URL: http://www.microsoft.com/protect/yourself/password/checker.m spx Single Sign-On (SSO) Many organizations are implementing Single Sign-On technology. This technology consolidates all user passwords into one. The user can access all applications with only one login to the network. Some organizations require two- or three-factor authentication when using single sign-on technology. Three Factor Authentication
that individuals are who they say they are. -factor authentication requires the use of a password (something you know), a token (something you have), and biometric data (something you are). Figure 3. Authentication Factors Trusted Transactions Before the Internet, most security measures focused on Perimeter Security for an organization. Technologies included firewalls, anti-virus software, intrusion detection, and e- mail scanning. In the early 2000s, people hesitated to use the Internet for banking, on-line shopping and other transactions that involved sending financial or credit card information over the Internet. There was insufficient confidence in the technology that the data would reach its destination without being alter or intercepted. E-Commerce enabled by the Internet requires trusted transactions. E-Commerce has moved transactions away from the organization to integrated transactions between the customer, the business, the supplier and the payer. In order to do this, security
measures had to be in place to create trust. http://www.microsoft.com/protect/yourself/password/create.msp x http://www.microsoft.com/protect/yourself/password/checker.m spx In other words, Internet transactions require -repudiation Cryptography (or Encryption) Cryptography can satisfy many of the security requirements for trusted transactions. Cryptography involves the use of codes and ciphers in order to transmit information so that access is restricted to the intended recipient. The primary objective of cryptography is to allow two or more users to communicate securely over an insecure medium, for example, the Internet. The information to be transmitted, called plaintext, is encrypted using a predetermined key to generate the ciphertext. The ciphertext is transmitted over the insecure medium to the receiver, who recovers the plaintext using a cryptographic key and algorithm. Cryptosystems can be classified into two categories: (1)
symmetric key cryptosystems and (2) public key cryptosystems. 1. Symmetric Key Cryptosystems. These have the same problem as unconditionally secure codes. The key to decode the message must be transported to the desired recipient without a chance of falling into the wrong hands. 2. Public Key Cryptosystems. These provide a means to move information in a secure fashion without the need to secretly transmit a decoding key. The disadvantage is that it requires a large amount of computing to code and decode a lengthy message. Symmetric key and public key cryptography systems together possess the necessary characteristics to perform security for a wide variety of systems, including secure e-commerce, e-mail, and World Wide Web (WWW) interactivity. Today's secure Internet data movements are based on the following concepts: for a symmetric code with a reasonable amount of computing effort. using the fast symmetric key system. Commonly Encountered Symmetric Codes Data Encryption Standard. In 1977, the National Institute of
Standards and Technology (NIST) published the Data Encryption Standard (DES). DES is a block cipher algorithm. DES has 64-bit block size (ciphertext is 64 bits in length). The DES key is 56 bits in length. DES was last reviewed in 1993 and was approved for unclassified applications until 1998. Although DES is widely used, it is no longer secure and must be replaced with more robust algorithm. Advanced Encryption Standard. The Advanced Encryption Standard (AES) algorithm succeeded DES. AES is a symmetric block cipher algorithm. AES has 128- bit block size. AES has variable key size (128, 192, or 256 bits). AES is more secure than DES. Rijndael (pronounced as Rhine-Doll) was selected as the algorithm. Conformance testing was done in the summer 2001. The standard will be reevaluated every five years. Public Key Infrastructure (PKI) PKI can be used for Internet e-business security, improve user confidence in using the Internet for transactions, and to implement trusted transactions. PKI ensures the following conditions. Confidentiality: Is the data private? User authentication: Are you who you say you are? Non-repudiation: Are you the only one who could have
made this transaction? Data integrity: Has the data been tampered with? PKI Technology includes the following features. Digital Certificate Binds user's identity to public key in a digital form Registration Authority (RA) Security Officers of PKI Administrator of PKI Certificate Authority (CA) Establishes trust Issues digital certificates Validates owner's identity Certificate Revocation List (CRL) List of all revoked certificates Time revocation Reason for revocation Directories and X.500 Public repositories Complete Public Key Infrastructure Automates the management of digital certificates, public keys, and private keys Digital Certificates Digital certificates provide a mechanism to connect the identity
of a subject (an individual, company, or computer) to a public cryptographic key in a way that can be trusted and verified. To provide digital certificates, a certain entity called a trusted party is responsible for verifying a set of credentials in accordance with a predefined policy. If approved, the subject's public key and credentials are digitally coded and signed using the trusted party's private key to form a certificate. The certificate can then be distributed in a public manner, and the identity associated with a public key can be authenticated by decoding the certificate with the trusted party's public key and verifying the signature on it. Digital certificates are issued by trusted parties called Certification Authorities (CA). Digital Signatures Many public key algorithms can provide authentication, data integrity, and nonrepudiation. Since public key algorithms compute slowly, algorithms to obtain a summary or "fingerprint" of the plaintext are desirable. These algorithms are known as message digests or hash functions. A hash function processes an input of arbitrary length and produces a fixed size output. Secure message digests or hash functions possess three essential mathematical properties. 1. Every input bit influences every output bit.
2. If a single input bit is changed, every output bit has a 50 percent chance of changing. 3. Given an input and corresponding hash, it should be computationally unfeasible to find another input with the same hash. Common message hash functions include: MD2, MD4, MD5, MD6, SHA, SHA-1, SHA-2 and SHA- 3. MD2, MD4, and MD5 were developed by Ronald Rivest of RSA Data Security. These are 128- bit digests. A digital signature may be created and sent along with a message to achieve authentication and to assure data integrity and nonrepudiation. The sender, say, Alice, applies a hash function H to her plaintext message m to create the message digest, represented symbolically by Hm. This means that H operates on m. Alice then operates on Hm with her certified private key A to produce the encrypted message digest AHm. She sends AHm to the recipient, say Bob, along with m. Bob recovers Hm by operating on AHm with Alice's certified public key A*. Symbolically, A*AHm = Hm, since A* just undoes A. Bob then separately operates on the received plaintext message m' with H to obtain Hm'. If Hm' = Hm, Bob is sure that (1) the message came from Alice and (2) it was not tampered with in transmission, and (3) Alice cannot disavow it. Security Considerations
Privacy Although privacy and security are related, they are not identical. Privacy pertains to an individual's right to limit disclosure of personal information. It is an implied right, rather than an expressed one, flowing from the U.S. Constitution. Security pertains to data, which may contain information about individuals. If personal and consumer data are protected, so is personal and consumer privacy. Thus, businesses go to great lengths, on line and off, to guarantee the confidentiality of such data. However, to assure the security of a computer system, it may be necessary to observe the usage of it by individuals, thus infringing upon their complete privacy. It may be necessary to conduct a background check of prospective employees to assess their character and habits, again infringing upon their privacy. In a larger sense, the government finds it necessary to conduct wiretaps under warrant and to perform other surveillance to provide national security. Intellectual Property One of the striking features of intellectual property—that is, creative works of writing and music—in digital form is its cost asymmetry. What this means is that the Beatles incurred a substantial cost to supply the first unit of intellectual property, say, the digital master of Sgt.
Pepper's Lonely Hearts Club Band. Yet the marginal cost—the cost of producing and distributing one more copy of it—is trivial. Therein lies the root of our intellectual property problems. First, how can we pay for the first unit? Then how should we price the subsequent units? The record companies say that the subsequent units must be priced enough over their marginal cost to pay for the first unit. The users say that the subsequent units should be priced at their marginal cost, namely almost nothing. The record companies achieve their goal through their monopoly on production and distribution granted by the copyright law. But when the digital age makes copying and distribution almost free, the users face irresistible temptation to break the monopoly, as the original Napster did. Such issues as this led to the concept of Digital Rights Management (DRM). Here producers used various methods of coding and encryption to restrict copying and distribution of intellectual property. Successful efforts to break the DRM codes led, among other reasons, to the rewrite of the copyright laws as the Digital Millennium Copyright Act of 1998 (DMCA). In one controversial provision, DMCA made it a crime to defeat DRM codes. About the best we can say here is that the issue still simmers. Nevertheless, producers and distributors are having some success in persuading users to pay a little for their music and videos. Apple's iTunes testifies to that.
Equitable User Access Under the heading of equitable user access, the concept of the digital divide looms large. The more affluent individuals of this country and the world have access to personal computers and broadband that bring benefits of information and productivity. The less affluent individuals of this country and the world lack this access and these benefits. Clearly a positive feedback operates to enhance the skills and achievements of those with access, whereas that feedback is lacking for those without access. United States policy recognizes this problem in a limited way. The Federal Communications Commission administers a so- called Universal Service Fund. Telecommunications carriers must contribute a portion of their revenue to the fund. The fund's monies are then made available (1) to subsidize the price of telephone service to high cost areas (like rural or mountainous settlements),(2) to provide core telephone service to low income individuals, (3) to help schools and libraries pay for advanced telecommunications services, and (3) to help rural health care facilities pay for the same. The International Telecommunication Union works to increase the penetration of telecommunications services to developing countries.
The MIT Media Lab has now achieved production of "One Laptop per Child," a bare bones computer costing only $100, operable even in regions without electric power. Intel and other organizations are following suit with competitive offerings. Beyond these efforts, little is really being addressed. Net Neutrality Net neutrality has two sides -- those in favor and those against. Those in favor of the principle argue that the genius of the Internet is its complete neutrality with respect to those who supply content, those who consume content, and the content itself. Because all the intelligence is "at the edges" of the network in the terminal devices, anyone can display his bright idea or videos of his trained seal; others can seize upon that idea and develop it or criticize it. In this way information and innovations are spread around with the result of raising the economic and cultural level of the nation. Those against the principle argue that the nature of content has greatly expanded since the Internet's early days. Some content deserves more priority than others. Some content deserves more speed or reliability than others. Some users, such as Google and Yahoo, pump more volume into the Internet than others. To accommodate these diverse needs, new investment in the facilities and capabilities of the Internet are needed.
Therefore, pricing for some content and some users should be higher to finance such investment. Apart from these principles is the practical fact that some users—even individual users—and some content use up more of Internet capacity than others. An example is file sharing of videos through the BitTorrent protocol. This recently became troublesome for Comcast, in that five percent of the users on its network consumed 70 percent of the capacity. Such lopsided use could degrade service for the other 95 percent of the users sharing the network, suggesting that Comcast should have the right to manage such traffic in the interests of its customers and its business. Fortunately, it was in the mutual interest of both Comcast and BitTorrent to agree on a traffic management solution that ameliorated the problem. No legislative resolution of the issue has occurred to date, although the U.S. Congress is still concerned. Regulatory Considerations Some aspects of information technology are regulated. Historically the most important portion is the telephone industry, especially the local exchange. Accordingly, we volunteer a few salient
points about regulation. You run into regulations every day. When you drive your automobile to work, you follow a set of regulations for driving --observe the speed limit, stay right except to pass, and so forth. You have paid a tax for your tags, which you must have to drive your vehicle on the streets, and you have a driver's license, which you obtained by initially passing written and "behind-the-wheel" tests. You have probably renewed your license by taking an eye test, or perhaps another written test. You enter a restaurant knowing, at least subconsciously, that the meat you will eat was inspected by the Department of Agriculture, its weight measured on a scale calibrated by the division of weights and measures, and prepared in a kitchen inspected by the local department of health. Regulation permeates daily life. Fundamentally, regulations are adopted to protect the public. These regulations are designed to help in a variety of circumstances. Some regulations go to safety, like those governing foods and drugs. Others go to economics, like those governing prices. For example, the market may not be efficient enough to prevent one competitor from holding enough market share to dictate prices to consumers. In such a case, the company may be said to have monopoly power. Regulation is developed to prevent an abuse of such market power, perhaps by setting rates, or at least by limiting them.
Markets in which there are many buyers and sellers characterize perfect competition. Each transaction in the marketplace has a relatively small bearing upon the overall market and each transaction is a small component of overall market volume. Products differ, and consumers may choose the characteristics of the products they want from among a wide range of suppliers. Consumers or purchasers will have a high degree of information on which to base choices. They may use product specifications, price, and other criteria to make their market choice. Choosing one supplier over another does not disadvantage them. When these conditions are met, supply and demand are in equilibrium and determine the market price. The opposite of competition is monopoly, such as existed formerly in many parts of the telephone industry. In a monopoly environment, choice is substantially reduced. There are fewer choices of suppliers, of products or services, and of criteria for choosing products. In a pure monopoly there is but a single supplier. That supplier could then control supply in such a way to maximize profit. It turns out that maximum profit occurs at a smaller supply and higher price than would occur under perfect …
Security and Ethical Challenges Contributors Kim Wanders.docx

Recommended

In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfanandanand521251
 
ppt on securities.pptx
ppt on securities.pptxppt on securities.pptx
ppt on securities.pptxmuskaangoel15
 
A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...Erin Moore
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and youArt Ocain
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
 
Cyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David BundoCyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David Bundohdbundo
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data ProtectionUthsoNandy
 

Recommended

In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfanandanand521251
 
ppt on securities.pptx
ppt on securities.pptxppt on securities.pptx
ppt on securities.pptxmuskaangoel15
 
A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...Erin Moore
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and youArt Ocain
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
 
Cyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David BundoCyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David Bundohdbundo
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data ProtectionUthsoNandy
 
security IDS
security IDSsecurity IDS
security IDSGregory Hanis
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
network_security.docx_2.pdf
network_security.docx_2.pdfnetwork_security.docx_2.pdf
network_security.docx_2.pdfahmed53254
 
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02anjalee990
 
Computing safety
Computing safetyComputing safety
Computing safetytitoferrus
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxcuddietheresa
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxsalmonpybus
 
I0516064
I0516064I0516064
I0516064IOSR Journals
 
Data security
Data securityData security
Data securitySoumen Mondal
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1Temesgen Berhanu
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Webdpd
 
Is4560
Is4560Is4560
Is4560Tara Hardin
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysisdadkhah077
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Mim Attack Essay
Mim Attack EssayMim Attack Essay
Mim Attack EssayHaley Johnson
 
Mis 1
Mis 1Mis 1
Mis 1Rohit Garg
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
Unit v
Unit vUnit v
Unit vbharatnaruka90
 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security iEmmanuel Gbenga Dada (BSc, MSc, PhD)
 
Write a 5-paragraph Argumentative Essay on your chosen controversial.docx
Write a 5-paragraph Argumentative Essay on your chosen controversial.docxWrite a 5-paragraph Argumentative Essay on your chosen controversial.docx
Write a 5-paragraph Argumentative Essay on your chosen controversial.docxfathwaitewalter
 
write a 5-7 page paper using APA standards for citation of sources t.docx
write a 5-7 page paper using APA standards for citation of sources t.docxwrite a 5-7 page paper using APA standards for citation of sources t.docx
write a 5-7 page paper using APA standards for citation of sources t.docxfathwaitewalter
 

More Related Content

Similar to Security and Ethical Challenges Contributors Kim Wanders.docx

Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
network_security.docx_2.pdf
network_security.docx_2.pdfnetwork_security.docx_2.pdf
network_security.docx_2.pdfahmed53254
 
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02anjalee990
 
Computing safety
Computing safetyComputing safety
Computing safetytitoferrus
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxcuddietheresa
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxsalmonpybus
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1Temesgen Berhanu
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Webdpd
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysisdadkhah077
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 

Similar to Security and Ethical Challenges Contributors Kim Wanders.docx (20)

security IDS
security IDSsecurity IDS
security IDS
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
 
network_security.docx_2.pdf
network_security.docx_2.pdfnetwork_security.docx_2.pdf
network_security.docx_2.pdf
 
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
 
Computing safety
Computing safetyComputing safety
Computing safety
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guards
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
I0516064
I0516064I0516064
I0516064
 
Data security
Data securityData security
Data security
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Web
 
Is4560
Is4560Is4560
Is4560
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Mim Attack Essay
Mim Attack EssayMim Attack Essay
Mim Attack Essay
 
Mis 1
Mis 1Mis 1
Mis 1
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
Unit v
Unit vUnit v
Unit v
 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security i
 

More from fathwaitewalter

Write a 5-paragraph Argumentative Essay on your chosen controversial.docx
Write a 5-paragraph Argumentative Essay on your chosen controversial.docxWrite a 5-paragraph Argumentative Essay on your chosen controversial.docx
Write a 5-paragraph Argumentative Essay on your chosen controversial.docxfathwaitewalter
 
write a 5-7 page paper using APA standards for citation of sources t.docx
write a 5-7 page paper using APA standards for citation of sources t.docxwrite a 5-7 page paper using APA standards for citation of sources t.docx
write a 5-7 page paper using APA standards for citation of sources t.docxfathwaitewalter
 
Write a 4-page proposal that addresses the followingWorking title.docx
Write a 4-page proposal that addresses the followingWorking title.docxWrite a 4-page proposal that addresses the followingWorking title.docx
Write a 4-page proposal that addresses the followingWorking title.docxfathwaitewalter
 
Write a 350- to 700-word summary.Include the following in yo.docx
Write a 350- to 700-word summary.Include the following in yo.docxWrite a 350- to 700-word summary.Include the following in yo.docx
Write a 350- to 700-word summary.Include the following in yo.docxfathwaitewalter
 
write a 5 paged essayBody is 5 pg, 12 pt, double spaced Times .docx
write a 5 paged essayBody is 5 pg, 12 pt, double spaced Times .docxwrite a 5 paged essayBody is 5 pg, 12 pt, double spaced Times .docx
write a 5 paged essayBody is 5 pg, 12 pt, double spaced Times .docxfathwaitewalter
 
Write a 4-5 page feminist critique of a contemporary mainstream fi.docx
Write a 4-5 page feminist critique of a contemporary mainstream fi.docxWrite a 4-5 page feminist critique of a contemporary mainstream fi.docx
Write a 4-5 page feminist critique of a contemporary mainstream fi.docxfathwaitewalter
 
Write a 4 and Half page report (Microsoft Word).What are the m.docx
Write a 4 and Half page report (Microsoft Word).What are the m.docxWrite a 4 and Half page report (Microsoft Word).What are the m.docx
Write a 4 and Half page report (Microsoft Word).What are the m.docxfathwaitewalter
 
Write a 3-4 pages Word document paper that explains the following to.docx
Write a 3-4 pages Word document paper that explains the following to.docxWrite a 3-4 pages Word document paper that explains the following to.docx
Write a 3-4 pages Word document paper that explains the following to.docxfathwaitewalter
 
Write a 3-4 page paper; APA format; minimum of 3 referencesTh.docx
Write a 3-4 page paper; APA format; minimum of 3 referencesTh.docxWrite a 3-4 page paper; APA format; minimum of 3 referencesTh.docx
Write a 3-4 page paper; APA format; minimum of 3 referencesTh.docxfathwaitewalter
 
Write a 3-4 page Team report using APA style that1) Identifies an.docx
Write a 3-4 page Team report using APA style that1) Identifies an.docxWrite a 3-4 page Team report using APA style that1) Identifies an.docx
Write a 3-4 page Team report using APA style that1) Identifies an.docxfathwaitewalter
 
Write a 5-page essay about two readings. Two essays are The made-t.docx
Write a 5-page essay about two readings. Two essays are The made-t.docxWrite a 5-page essay about two readings. Two essays are The made-t.docx
Write a 5-page essay about two readings. Two essays are The made-t.docxfathwaitewalter
 
Complete Part I, then revise the sentences in Part II so that their .docx
Complete Part I, then revise the sentences in Part II so that their .docxComplete Part I, then revise the sentences in Part II so that their .docx
Complete Part I, then revise the sentences in Part II so that their .docxfathwaitewalter
 
Complete OutlinePlease include the following1)Title2.docx
Complete OutlinePlease include the following1)Title2.docxComplete OutlinePlease include the following1)Title2.docx
Complete OutlinePlease include the following1)Title2.docxfathwaitewalter
 
Complete Appendix B by writing a paragraph explaining your fictional.docx
Complete Appendix B by writing a paragraph explaining your fictional.docxComplete Appendix B by writing a paragraph explaining your fictional.docx
Complete Appendix B by writing a paragraph explaining your fictional.docxfathwaitewalter
 
Complete an 8- to 10-slide Microsoft® PowerPoint® presentation. Bo.docx
Complete an 8- to 10-slide Microsoft® PowerPoint® presentation. Bo.docxComplete an 8- to 10-slide Microsoft® PowerPoint® presentation. Bo.docx
Complete an 8- to 10-slide Microsoft® PowerPoint® presentation. Bo.docxfathwaitewalter
 
Complete Action Research Activity 4.1 (Textbook Analysis) on page 12.docx
Complete Action Research Activity 4.1 (Textbook Analysis) on page 12.docxComplete Action Research Activity 4.1 (Textbook Analysis) on page 12.docx
Complete Action Research Activity 4.1 (Textbook Analysis) on page 12.docxfathwaitewalter
 
Complete Akron Childrens Hospital Case. Answer the fo.docx
Complete Akron Childrens Hospital Case. Answer the fo.docxComplete Akron Childrens Hospital Case. Answer the fo.docx
Complete Akron Childrens Hospital Case. Answer the fo.docxfathwaitewalter
 
Complete Action Research Activity 4.1 (Textbook Analysis) on pag.docx
Complete Action Research Activity 4.1 (Textbook Analysis) on pag.docxComplete Action Research Activity 4.1 (Textbook Analysis) on pag.docx
Complete Action Research Activity 4.1 (Textbook Analysis) on pag.docxfathwaitewalter
 
CompletarProvide the correct present participle for each verb..docx
CompletarProvide the correct present participle for each verb..docxCompletarProvide the correct present participle for each verb..docx
CompletarProvide the correct present participle for each verb..docxfathwaitewalter
 
Complete both parts of this assignment and submit as a s.docx
Complete both parts of this assignment and submit as a s.docxComplete both parts of this assignment and submit as a s.docx
Complete both parts of this assignment and submit as a s.docxfathwaitewalter
 

More from fathwaitewalter (20)

Write a 5-paragraph Argumentative Essay on your chosen controversial.docx
Write a 5-paragraph Argumentative Essay on your chosen controversial.docxWrite a 5-paragraph Argumentative Essay on your chosen controversial.docx
Write a 5-paragraph Argumentative Essay on your chosen controversial.docx
 
write a 5-7 page paper using APA standards for citation of sources t.docx
write a 5-7 page paper using APA standards for citation of sources t.docxwrite a 5-7 page paper using APA standards for citation of sources t.docx
write a 5-7 page paper using APA standards for citation of sources t.docx
 
Write a 4-page proposal that addresses the followingWorking title.docx
Write a 4-page proposal that addresses the followingWorking title.docxWrite a 4-page proposal that addresses the followingWorking title.docx
Write a 4-page proposal that addresses the followingWorking title.docx
 
Write a 350- to 700-word summary.Include the following in yo.docx
Write a 350- to 700-word summary.Include the following in yo.docxWrite a 350- to 700-word summary.Include the following in yo.docx
Write a 350- to 700-word summary.Include the following in yo.docx
 
write a 5 paged essayBody is 5 pg, 12 pt, double spaced Times .docx
write a 5 paged essayBody is 5 pg, 12 pt, double spaced Times .docxwrite a 5 paged essayBody is 5 pg, 12 pt, double spaced Times .docx
write a 5 paged essayBody is 5 pg, 12 pt, double spaced Times .docx
 
Write a 4-5 page feminist critique of a contemporary mainstream fi.docx
Write a 4-5 page feminist critique of a contemporary mainstream fi.docxWrite a 4-5 page feminist critique of a contemporary mainstream fi.docx
Write a 4-5 page feminist critique of a contemporary mainstream fi.docx
 
Write a 4 and Half page report (Microsoft Word).What are the m.docx
Write a 4 and Half page report (Microsoft Word).What are the m.docxWrite a 4 and Half page report (Microsoft Word).What are the m.docx
Write a 4 and Half page report (Microsoft Word).What are the m.docx
 
Write a 3-4 pages Word document paper that explains the following to.docx
Write a 3-4 pages Word document paper that explains the following to.docxWrite a 3-4 pages Word document paper that explains the following to.docx
Write a 3-4 pages Word document paper that explains the following to.docx
 
Write a 3-4 page paper; APA format; minimum of 3 referencesTh.docx
Write a 3-4 page paper; APA format; minimum of 3 referencesTh.docxWrite a 3-4 page paper; APA format; minimum of 3 referencesTh.docx
Write a 3-4 page paper; APA format; minimum of 3 referencesTh.docx
 
Write a 3-4 page Team report using APA style that1) Identifies an.docx
Write a 3-4 page Team report using APA style that1) Identifies an.docxWrite a 3-4 page Team report using APA style that1) Identifies an.docx
Write a 3-4 page Team report using APA style that1) Identifies an.docx
 
Write a 5-page essay about two readings. Two essays are The made-t.docx
Write a 5-page essay about two readings. Two essays are The made-t.docxWrite a 5-page essay about two readings. Two essays are The made-t.docx
Write a 5-page essay about two readings. Two essays are The made-t.docx
 
Complete Part I, then revise the sentences in Part II so that their .docx
Complete Part I, then revise the sentences in Part II so that their .docxComplete Part I, then revise the sentences in Part II so that their .docx
Complete Part I, then revise the sentences in Part II so that their .docx
 
Complete OutlinePlease include the following1)Title2.docx
Complete OutlinePlease include the following1)Title2.docxComplete OutlinePlease include the following1)Title2.docx
Complete OutlinePlease include the following1)Title2.docx
 
Complete Appendix B by writing a paragraph explaining your fictional.docx
Complete Appendix B by writing a paragraph explaining your fictional.docxComplete Appendix B by writing a paragraph explaining your fictional.docx
Complete Appendix B by writing a paragraph explaining your fictional.docx
 
Complete an 8- to 10-slide Microsoft® PowerPoint® presentation. Bo.docx
Complete an 8- to 10-slide Microsoft® PowerPoint® presentation. Bo.docxComplete an 8- to 10-slide Microsoft® PowerPoint® presentation. Bo.docx
Complete an 8- to 10-slide Microsoft® PowerPoint® presentation. Bo.docx
 
Complete Action Research Activity 4.1 (Textbook Analysis) on page 12.docx
Complete Action Research Activity 4.1 (Textbook Analysis) on page 12.docxComplete Action Research Activity 4.1 (Textbook Analysis) on page 12.docx
Complete Action Research Activity 4.1 (Textbook Analysis) on page 12.docx
 
Complete Akron Childrens Hospital Case. Answer the fo.docx
Complete Akron Childrens Hospital Case. Answer the fo.docxComplete Akron Childrens Hospital Case. Answer the fo.docx
Complete Akron Childrens Hospital Case. Answer the fo.docx
 
Complete Action Research Activity 4.1 (Textbook Analysis) on pag.docx
Complete Action Research Activity 4.1 (Textbook Analysis) on pag.docxComplete Action Research Activity 4.1 (Textbook Analysis) on pag.docx
Complete Action Research Activity 4.1 (Textbook Analysis) on pag.docx
 
CompletarProvide the correct present participle for each verb..docx
CompletarProvide the correct present participle for each verb..docxCompletarProvide the correct present participle for each verb..docx
CompletarProvide the correct present participle for each verb..docx
 
Complete both parts of this assignment and submit as a s.docx
Complete both parts of this assignment and submit as a s.docxComplete both parts of this assignment and submit as a s.docx
Complete both parts of this assignment and submit as a s.docx
 

Recently uploaded

Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxNikitaBankoti2
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIShubhangi Sonawane
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 

Recently uploaded (20)

Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptx
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 

Security and Ethical Challenges Contributors Kim Wanders.docx

  • 1. Security and Ethical Challenges Contributors: Kim Wandersee, Les Pang Computer Security Computer Security Goals Computer security must be viewed in a holistic manner and provide an end-to-end protection as data moves through its lifecycle. Data originates from a user or sensor, passes over a network to reach a computing system that hosts software. This computer system has software and processes the data and stores in in a storage device. That data is backed up on a device and finally archived. The elements that handle the data need to be secure. Computer security pertains to all the means to protect the confidentiality, integrity, availability, authenticity, utility, and possession of data throughout its lifecycle. Confidentiality: A security principle that works to ensure that data is not disclosed to unauthorized persons. Integrity: A security principle that makes sure that information and systems are not
  • 2. modified maliciously or accidentally. Availability: A security principle that assures reliable and timely access to data and resources by authorized individuals. Authenticity: A security principle that the data, transactions, communications or documents are genuine, valid, and not fraudulent. Utility: A security principle that addresses that the information is usable for its intended purpose. . Possession: A security principle that works to ensure that data remains under the control of the authorized individuals. Figure 1. Parkerian Hexad (PH) security model. The Parerian Hexad (PH) model expands on the Confidentiality, Integrity, and Availability (CIA) triad that has been the basic model of Information Security for over 20 years. This framework is used to list all aspects of security at a basic level. It provides a complete security framework to provide the means for information owners to protect their
  • 3. information from any adversaries and vulnerabilities. It adds Authenticity, Utility, and Possession to CIA triad security model. It addresses security aspects for data throughout its lifecycle. The Center for Internet Security has identified 20 controls necessary to protect an organization from known cyber-attack. The first 5 controls will provide effective defense against the most common cyber-attacks, approximately 85% of attacks. The 5 controls are: 1. Inventory of Authorized and Devices 2. Inventory of Authorized and Unauthorized Software 3. Secure Configurations for Hardware and Software 4. Continuous Vulnerability Assessment and Remediation 5. Controlled User of Administrative Privileges A full explanation of all 20 controls is available at the Center for Internet Security website. Search for CIS controls. Security Standards and Regulations The National Institute of Standards and Technology (NIST), Computer Security Division, provides security standards in its Federal Information Processing
  • 4. Standards (FIPS) SP 800 series. These publications are used often by security professionals to ensure they are properly safeguarding information technology. NIST maintains a library of security- related publications. Individual industries are often guided by a Federal law to help ensure that the proper security and privacy controls are established. The following list provides examples of an industry and it associated Federal Law. -- HIPAA - FISMA - FERPA Responsibilities Computer Security's responsibility is to prevent an intrusion from occurring, detect a security breach if one occurs and recover from the security breach. Computer security generally involves the following practices: http://csrc.nist.gov/publications/PubsSPs.html https://www.hhs.gov/hipaa/for-professionals/security/laws- regulations/index.html https://www.dhs.gov/fisma https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html
  • 5. onitoring and Auditing Once a security breach is detected, the following steps may be taken: o Review event logs o Review variations from the baseline performance o Use Intrusion Detection Systems (IDS) o Research security resources to gather information o Look for common symptoms of a specific attack o E-mail o Voice-mail broadcast o Shut down affected servers o Remove affected computers from network o Remove network from the Internet o Preserve the evidence o External attacks protocols can enter the perimeter network and the private network o Internal attacks
  • 6. clean backup o Maintain service pack versions o Run intrusion detection systems o Review event logs regularly nt logon events o Collect and record attack details o Perform a postmortem meeting o Develop an action plan for future attacks o Modify the security policy and security plan as needed Threats Figure 2. Typical threats. Disasters Disasters include natural and man-made disasters. These include: tornado, hurricane, earthquake, fire, bombings, and bioterrorism.
  • 7. Humans Human activity creates a number of threats to computer security. llowing company policy passwords tricks on legitimate users of a computer system, in order to obtain information he needs to gain access to the system -sharing policies with business partnerships Malicious Code Malicious Code Description Virus A code fragment that copies itself into a larger program, modifying that program. It executes only when its host program begins to run. It can reproduce immediately or can be triggered by a particular event, such as a date. Worm Typically an independent program and copies itself from
  • 8. one computer to another, usually over a network. Trojan Horse A code fragment that hides inside a program and performs a disguised, unauthorized function. Bomb A type of Trojan Horse, used to release a virus, a worm, or other system attack. It is planted by a system developer and is triggered when a particular date, time, or condition occurs. Trap Door A mechanism that is built into a system by its designer or programmer. It provides the designer a way to circumvent the normal access to the application. Unfortunately these can be left in the system and allow unauthorized access to the system. Spoof A program that tricks an unsuspecting user into giving away privileges. Hoax A program that claims that it is malicious code, but does not do harm to the system. Instead, it wastes time while security engineers determine there is no threat. Spyware A program that resides on your computer, captures all of your activities, and then sends the information to a company or hacker for their use. Ransomware Malicious software that typically encrypts the victim’s file making them no longer accessible and demands a ransom to decrypt the files.
  • 9. E-Commerce Dangers misrepresentation of identities or other facts in order to obtain something of value. With a proper security system in place, the consumer will be able positively to authenticate the identity of the e- commerce business and the business will be able to identify the consumer before performing the transaction. Identity theft constitutes a current, serious example of fraud perpetrated through unauthorized access to personal information on the Internet. system. The financial transactions may be altered if one can modify the data during transit. Cryptographic message digests can indicate whether a message has been tampered with. -of-service attack involves preventing one from accessing data by confusing or overloading the related computers or networking equipment. Transmission Control Protocol (TCP) is a communication protocol commonly used on the Internet for many kinds of communication. TCP SYN flooding attack is a threat that involves denial of service launched on the Internet. With TCP SYN flooding attack, hackers attempt to open so many TCP connections with a server that it results in denial
  • 10. of additional incoming connections. Interactive Web technologies such as Java, JavaScript, and ActiveX increase the difficulty of preventing denial-of-service attacks. With these Web technologies, a denial-of-service can be easily embedded in programs. Controls and Defenses Policy, Processes, and Procedures A security policy: and network usage security incidents procedures Data Backups and Hot Sites Data backup protects not only against physical disasters but also against equipment failure, data theft, data modification and data corruption. Obviously the backup site must be remote from the primary database to avoid a common disaster. Backup media include tape, at lower cost, and disk, at higher cost. Backup frequency may be periodic, as in once a week, or continuous, as in a site that mirrors the primary site.
  • 11. Communication with the backup site may vary from physical transport to high-speed telecommunications links. The type of backup needs to be matched to the requirements of company or individual. Backup frequency depends on the acceptable data loss that might occur between the last recovery point and a failure. The speed and sophistication of recovery depends on the acceptable down time. The cost of the backup and recovery system should not greatly exceed the risk. Here, risk is taken to be the amount of the possible loss times the probability of its occurrence. Access Control Access control can take a variety of forms. "Firewall" or "proxy server" software provides access control for computers connected to the Internet. Access control can involve using transmission cables that cannot be tapped. Access control can also involve requiring authentication prior to allowing a computer to make known the content of certain data files. Forms of the latter type of access control are the following: Strong Passwords Passwords are critical to preventing unauthorized access to the network and applications. Therefore, passwords should be difficult to guess. They should
  • 12. be eight or more characters and a combination of capital and small letters, numbers, and special characters. Passwords should be changed regularly and frequently. Microsoft provides recommendations for creating and using strong passwords at the following URL. http://www.microsoft.com/protect/yourself/password/create.msp x Microsoft also provides a free password checker. To check the strength of your password, use the following URL: http://www.microsoft.com/protect/yourself/password/checker.m spx Single Sign-On (SSO) Many organizations are implementing Single Sign-On technology. This technology consolidates all user passwords into one. The user can access all applications with only one login to the network. Some organizations require two- or three-factor authentication when using single sign-on technology. Three Factor Authentication
  • 13. that individuals are who they say they are. -factor authentication requires the use of a password (something you know), a token (something you have), and biometric data (something you are). Figure 3. Authentication Factors Trusted Transactions Before the Internet, most security measures focused on Perimeter Security for an organization. Technologies included firewalls, anti-virus software, intrusion detection, and e- mail scanning. In the early 2000s, people hesitated to use the Internet for banking, on-line shopping and other transactions that involved sending financial or credit card information over the Internet. There was insufficient confidence in the technology that the data would reach its destination without being alter or intercepted. E-Commerce enabled by the Internet requires trusted transactions. E-Commerce has moved transactions away from the organization to integrated transactions between the customer, the business, the supplier and the payer. In order to do this, security
  • 14. measures had to be in place to create trust. http://www.microsoft.com/protect/yourself/password/create.msp x http://www.microsoft.com/protect/yourself/password/checker.m spx In other words, Internet transactions require -repudiation Cryptography (or Encryption) Cryptography can satisfy many of the security requirements for trusted transactions. Cryptography involves the use of codes and ciphers in order to transmit information so that access is restricted to the intended recipient. The primary objective of cryptography is to allow two or more users to communicate securely over an insecure medium, for example, the Internet. The information to be transmitted, called plaintext, is encrypted using a predetermined key to generate the ciphertext. The ciphertext is transmitted over the insecure medium to the receiver, who recovers the plaintext using a cryptographic key and algorithm. Cryptosystems can be classified into two categories: (1)
  • 15. symmetric key cryptosystems and (2) public key cryptosystems. 1. Symmetric Key Cryptosystems. These have the same problem as unconditionally secure codes. The key to decode the message must be transported to the desired recipient without a chance of falling into the wrong hands. 2. Public Key Cryptosystems. These provide a means to move information in a secure fashion without the need to secretly transmit a decoding key. The disadvantage is that it requires a large amount of computing to code and decode a lengthy message. Symmetric key and public key cryptography systems together possess the necessary characteristics to perform security for a wide variety of systems, including secure e-commerce, e-mail, and World Wide Web (WWW) interactivity. Today's secure Internet data movements are based on the following concepts: for a symmetric code with a reasonable amount of computing effort. using the fast symmetric key system. Commonly Encountered Symmetric Codes Data Encryption Standard. In 1977, the National Institute of
  • 16. Standards and Technology (NIST) published the Data Encryption Standard (DES). DES is a block cipher algorithm. DES has 64-bit block size (ciphertext is 64 bits in length). The DES key is 56 bits in length. DES was last reviewed in 1993 and was approved for unclassified applications until 1998. Although DES is widely used, it is no longer secure and must be replaced with more robust algorithm. Advanced Encryption Standard. The Advanced Encryption Standard (AES) algorithm succeeded DES. AES is a symmetric block cipher algorithm. AES has 128- bit block size. AES has variable key size (128, 192, or 256 bits). AES is more secure than DES. Rijndael (pronounced as Rhine-Doll) was selected as the algorithm. Conformance testing was done in the summer 2001. The standard will be reevaluated every five years. Public Key Infrastructure (PKI) PKI can be used for Internet e-business security, improve user confidence in using the Internet for transactions, and to implement trusted transactions. PKI ensures the following conditions. Confidentiality: Is the data private? User authentication: Are you who you say you are? Non-repudiation: Are you the only one who could have
  • 17. made this transaction? Data integrity: Has the data been tampered with? PKI Technology includes the following features. Digital Certificate Binds user's identity to public key in a digital form Registration Authority (RA) Security Officers of PKI Administrator of PKI Certificate Authority (CA) Establishes trust Issues digital certificates Validates owner's identity Certificate Revocation List (CRL) List of all revoked certificates Time revocation Reason for revocation Directories and X.500 Public repositories Complete Public Key Infrastructure Automates the management of digital certificates, public keys, and private keys Digital Certificates Digital certificates provide a mechanism to connect the identity
  • 18. of a subject (an individual, company, or computer) to a public cryptographic key in a way that can be trusted and verified. To provide digital certificates, a certain entity called a trusted party is responsible for verifying a set of credentials in accordance with a predefined policy. If approved, the subject's public key and credentials are digitally coded and signed using the trusted party's private key to form a certificate. The certificate can then be distributed in a public manner, and the identity associated with a public key can be authenticated by decoding the certificate with the trusted party's public key and verifying the signature on it. Digital certificates are issued by trusted parties called Certification Authorities (CA). Digital Signatures Many public key algorithms can provide authentication, data integrity, and nonrepudiation. Since public key algorithms compute slowly, algorithms to obtain a summary or "fingerprint" of the plaintext are desirable. These algorithms are known as message digests or hash functions. A hash function processes an input of arbitrary length and produces a fixed size output. Secure message digests or hash functions possess three essential mathematical properties. 1. Every input bit influences every output bit.
  • 19. 2. If a single input bit is changed, every output bit has a 50 percent chance of changing. 3. Given an input and corresponding hash, it should be computationally unfeasible to find another input with the same hash. Common message hash functions include: MD2, MD4, MD5, MD6, SHA, SHA-1, SHA-2 and SHA- 3. MD2, MD4, and MD5 were developed by Ronald Rivest of RSA Data Security. These are 128- bit digests. A digital signature may be created and sent along with a message to achieve authentication and to assure data integrity and nonrepudiation. The sender, say, Alice, applies a hash function H to her plaintext message m to create the message digest, represented symbolically by Hm. This means that H operates on m. Alice then operates on Hm with her certified private key A to produce the encrypted message digest AHm. She sends AHm to the recipient, say Bob, along with m. Bob recovers Hm by operating on AHm with Alice's certified public key A*. Symbolically, A*AHm = Hm, since A* just undoes A. Bob then separately operates on the received plaintext message m' with H to obtain Hm'. If Hm' = Hm, Bob is sure that (1) the message came from Alice and (2) it was not tampered with in transmission, and (3) Alice cannot disavow it. Security Considerations
  • 20. Privacy Although privacy and security are related, they are not identical. Privacy pertains to an individual's right to limit disclosure of personal information. It is an implied right, rather than an expressed one, flowing from the U.S. Constitution. Security pertains to data, which may contain information about individuals. If personal and consumer data are protected, so is personal and consumer privacy. Thus, businesses go to great lengths, on line and off, to guarantee the confidentiality of such data. However, to assure the security of a computer system, it may be necessary to observe the usage of it by individuals, thus infringing upon their complete privacy. It may be necessary to conduct a background check of prospective employees to assess their character and habits, again infringing upon their privacy. In a larger sense, the government finds it necessary to conduct wiretaps under warrant and to perform other surveillance to provide national security. Intellectual Property One of the striking features of intellectual property—that is, creative works of writing and music—in digital form is its cost asymmetry. What this means is that the Beatles incurred a substantial cost to supply the first unit of intellectual property, say, the digital master of Sgt.
  • 21. Pepper's Lonely Hearts Club Band. Yet the marginal cost—the cost of producing and distributing one more copy of it—is trivial. Therein lies the root of our intellectual property problems. First, how can we pay for the first unit? Then how should we price the subsequent units? The record companies say that the subsequent units must be priced enough over their marginal cost to pay for the first unit. The users say that the subsequent units should be priced at their marginal cost, namely almost nothing. The record companies achieve their goal through their monopoly on production and distribution granted by the copyright law. But when the digital age makes copying and distribution almost free, the users face irresistible temptation to break the monopoly, as the original Napster did. Such issues as this led to the concept of Digital Rights Management (DRM). Here producers used various methods of coding and encryption to restrict copying and distribution of intellectual property. Successful efforts to break the DRM codes led, among other reasons, to the rewrite of the copyright laws as the Digital Millennium Copyright Act of 1998 (DMCA). In one controversial provision, DMCA made it a crime to defeat DRM codes. About the best we can say here is that the issue still simmers. Nevertheless, producers and distributors are having some success in persuading users to pay a little for their music and videos. Apple's iTunes testifies to that.
  • 22. Equitable User Access Under the heading of equitable user access, the concept of the digital divide looms large. The more affluent individuals of this country and the world have access to personal computers and broadband that bring benefits of information and productivity. The less affluent individuals of this country and the world lack this access and these benefits. Clearly a positive feedback operates to enhance the skills and achievements of those with access, whereas that feedback is lacking for those without access. United States policy recognizes this problem in a limited way. The Federal Communications Commission administers a so- called Universal Service Fund. Telecommunications carriers must contribute a portion of their revenue to the fund. The fund's monies are then made available (1) to subsidize the price of telephone service to high cost areas (like rural or mountainous settlements),(2) to provide core telephone service to low income individuals, (3) to help schools and libraries pay for advanced telecommunications services, and (3) to help rural health care facilities pay for the same. The International Telecommunication Union works to increase the penetration of telecommunications services to developing countries.
  • 23. The MIT Media Lab has now achieved production of "One Laptop per Child," a bare bones computer costing only $100, operable even in regions without electric power. Intel and other organizations are following suit with competitive offerings. Beyond these efforts, little is really being addressed. Net Neutrality Net neutrality has two sides -- those in favor and those against. Those in favor of the principle argue that the genius of the Internet is its complete neutrality with respect to those who supply content, those who consume content, and the content itself. Because all the intelligence is "at the edges" of the network in the terminal devices, anyone can display his bright idea or videos of his trained seal; others can seize upon that idea and develop it or criticize it. In this way information and innovations are spread around with the result of raising the economic and cultural level of the nation. Those against the principle argue that the nature of content has greatly expanded since the Internet's early days. Some content deserves more priority than others. Some content deserves more speed or reliability than others. Some users, such as Google and Yahoo, pump more volume into the Internet than others. To accommodate these diverse needs, new investment in the facilities and capabilities of the Internet are needed.
  • 24. Therefore, pricing for some content and some users should be higher to finance such investment. Apart from these principles is the practical fact that some users—even individual users—and some content use up more of Internet capacity than others. An example is file sharing of videos through the BitTorrent protocol. This recently became troublesome for Comcast, in that five percent of the users on its network consumed 70 percent of the capacity. Such lopsided use could degrade service for the other 95 percent of the users sharing the network, suggesting that Comcast should have the right to manage such traffic in the interests of its customers and its business. Fortunately, it was in the mutual interest of both Comcast and BitTorrent to agree on a traffic management solution that ameliorated the problem. No legislative resolution of the issue has occurred to date, although the U.S. Congress is still concerned. Regulatory Considerations Some aspects of information technology are regulated. Historically the most important portion is the telephone industry, especially the local exchange. Accordingly, we volunteer a few salient
  • 25. points about regulation. You run into regulations every day. When you drive your automobile to work, you follow a set of regulations for driving --observe the speed limit, stay right except to pass, and so forth. You have paid a tax for your tags, which you must have to drive your vehicle on the streets, and you have a driver's license, which you obtained by initially passing written and "behind-the-wheel" tests. You have probably renewed your license by taking an eye test, or perhaps another written test. You enter a restaurant knowing, at least subconsciously, that the meat you will eat was inspected by the Department of Agriculture, its weight measured on a scale calibrated by the division of weights and measures, and prepared in a kitchen inspected by the local department of health. Regulation permeates daily life. Fundamentally, regulations are adopted to protect the public. These regulations are designed to help in a variety of circumstances. Some regulations go to safety, like those governing foods and drugs. Others go to economics, like those governing prices. For example, the market may not be efficient enough to prevent one competitor from holding enough market share to dictate prices to consumers. In such a case, the company may be said to have monopoly power. Regulation is developed to prevent an abuse of such market power, perhaps by setting rates, or at least by limiting them.
  • 26. Markets in which there are many buyers and sellers characterize perfect competition. Each transaction in the marketplace has a relatively small bearing upon the overall market and each transaction is a small component of overall market volume. Products differ, and consumers may choose the characteristics of the products they want from among a wide range of suppliers. Consumers or purchasers will have a high degree of information on which to base choices. They may use product specifications, price, and other criteria to make their market choice. Choosing one supplier over another does not disadvantage them. When these conditions are met, supply and demand are in equilibrium and determine the market price. The opposite of competition is monopoly, such as existed formerly in many parts of the telephone industry. In a monopoly environment, choice is substantially reduced. There are fewer choices of suppliers, of products or services, and of criteria for choosing products. In a pure monopoly there is but a single supplier. That supplier could then control supply in such a way to maximize profit. It turns out that maximum profit occurs at a smaller supply and higher price than would occur under perfect …