Submit Search
Upload
Ch. 12 FIT5, CIS 110 13F
•
0 likes
•
985 views
M
mh-108
Follow
Presentation slides from Ch. 12, Fluency w/ Information Technology 5ed (Pearson)
Read less
Read more
Education
Technology
Report
Share
Report
Share
1 of 55
Download now
Download to read offline
Recommended
Linking Data: The Legal Implications - SemTech2010
Linking Data: The Legal Implications - SemTech2010
mleyden
Legal issues, Jordan Hatcher, opencontentlawyer
Legal issues, Jordan Hatcher, opencontentlawyer
jiscpowr
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UK
Sally Hunt
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities
TrustArc
Gdpr and usa data privacy issues
Gdpr and usa data privacy issues
Stefan Schippers
Cross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy Shield
Parsons Behle & Latimer
Evaluating web sites
Evaluating web sites
ewaszolek
EU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTe
TrustArc
Recommended
Linking Data: The Legal Implications - SemTech2010
Linking Data: The Legal Implications - SemTech2010
mleyden
Legal issues, Jordan Hatcher, opencontentlawyer
Legal issues, Jordan Hatcher, opencontentlawyer
jiscpowr
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UK
Sally Hunt
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities
TrustArc
Gdpr and usa data privacy issues
Gdpr and usa data privacy issues
Stefan Schippers
Cross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy Shield
Parsons Behle & Latimer
Evaluating web sites
Evaluating web sites
ewaszolek
EU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTe
TrustArc
Ch. 17 FIT5, CIS 110 13F
Ch. 17 FIT5, CIS 110 13F
mh-108
Rtdna facebook 082313_final
Rtdna facebook 082313_final
Donna Petersen
Ch. 8 FIT5, CIS 110 13F
Ch. 8 FIT5, CIS 110 13F
mh-108
2484615
2484615
Aqsa Khan
Rac lecture 5
Rac lecture 5
Apoorv Pandey
Paccific Agro Lucknow Pvt Ltd.
Paccific Agro Lucknow Pvt Ltd.
promptinfotech
The function of the heart
The function of the heart
Louise Crocombe
Manpower || Paccific Agro Lucknow Pvt Ltd.
Manpower || Paccific Agro Lucknow Pvt Ltd.
promptinfotech
Naina gupta ; compensation plan in indian airways
Naina gupta ; compensation plan in indian airways
Naina Gupta
Eligibility Criteria for Agri Consultants
Eligibility Criteria for Agri Consultants
promptinfotech
Direct marketing of agriculture produce Training Program at Barabanki
Direct marketing of agriculture produce Training Program at Barabanki
promptinfotech
Lawrence house funds
Lawrence house funds
housefunds57
TAR Lazio: il Ministro dell'Interno ed il Prefetto non possono annullare le t...
TAR Lazio: il Ministro dell'Interno ed il Prefetto non possono annullare le t...
Mario Di Carlo
Разумное потребление тепла.
Разумное потребление тепла.
Yuliya Kyamileva
Ch. 1 HTML5, CIS 110 13F
Ch. 1 HTML5, CIS 110 13F
mh-108
Ch. 2 HTML5, CIS 110 13F
Ch. 2 HTML5, CIS 110 13F
mh-108
Rac lecture 4
Rac lecture 4
Apoorv Pandey
Осознанное потребление.
Осознанное потребление.
Yuliya Kyamileva
Ch. 4 FIT5, CIS 110 13F
Ch. 4 FIT5, CIS 110 13F
mh-108
Layer session
Layer session
Herdi Fauzi
Privacy & Data Ethics
Privacy & Data Ethics
Erik Kokkonen
Data Property Rights (Rocky Mountain IP and Technology Institute 2013) (May 2...
Data Property Rights (Rocky Mountain IP and Technology Institute 2013) (May 2...
Jason Haislmaier
More Related Content
Viewers also liked
Ch. 17 FIT5, CIS 110 13F
Ch. 17 FIT5, CIS 110 13F
mh-108
Rtdna facebook 082313_final
Rtdna facebook 082313_final
Donna Petersen
Ch. 8 FIT5, CIS 110 13F
Ch. 8 FIT5, CIS 110 13F
mh-108
2484615
2484615
Aqsa Khan
Rac lecture 5
Rac lecture 5
Apoorv Pandey
Paccific Agro Lucknow Pvt Ltd.
Paccific Agro Lucknow Pvt Ltd.
promptinfotech
The function of the heart
The function of the heart
Louise Crocombe
Manpower || Paccific Agro Lucknow Pvt Ltd.
Manpower || Paccific Agro Lucknow Pvt Ltd.
promptinfotech
Naina gupta ; compensation plan in indian airways
Naina gupta ; compensation plan in indian airways
Naina Gupta
Eligibility Criteria for Agri Consultants
Eligibility Criteria for Agri Consultants
promptinfotech
Direct marketing of agriculture produce Training Program at Barabanki
Direct marketing of agriculture produce Training Program at Barabanki
promptinfotech
Lawrence house funds
Lawrence house funds
housefunds57
TAR Lazio: il Ministro dell'Interno ed il Prefetto non possono annullare le t...
TAR Lazio: il Ministro dell'Interno ed il Prefetto non possono annullare le t...
Mario Di Carlo
Разумное потребление тепла.
Разумное потребление тепла.
Yuliya Kyamileva
Ch. 1 HTML5, CIS 110 13F
Ch. 1 HTML5, CIS 110 13F
mh-108
Ch. 2 HTML5, CIS 110 13F
Ch. 2 HTML5, CIS 110 13F
mh-108
Rac lecture 4
Rac lecture 4
Apoorv Pandey
Осознанное потребление.
Осознанное потребление.
Yuliya Kyamileva
Ch. 4 FIT5, CIS 110 13F
Ch. 4 FIT5, CIS 110 13F
mh-108
Layer session
Layer session
Herdi Fauzi
Viewers also liked
(20)
Ch. 17 FIT5, CIS 110 13F
Ch. 17 FIT5, CIS 110 13F
Rtdna facebook 082313_final
Rtdna facebook 082313_final
Ch. 8 FIT5, CIS 110 13F
Ch. 8 FIT5, CIS 110 13F
2484615
2484615
Rac lecture 5
Rac lecture 5
Paccific Agro Lucknow Pvt Ltd.
Paccific Agro Lucknow Pvt Ltd.
The function of the heart
The function of the heart
Manpower || Paccific Agro Lucknow Pvt Ltd.
Manpower || Paccific Agro Lucknow Pvt Ltd.
Naina gupta ; compensation plan in indian airways
Naina gupta ; compensation plan in indian airways
Eligibility Criteria for Agri Consultants
Eligibility Criteria for Agri Consultants
Direct marketing of agriculture produce Training Program at Barabanki
Direct marketing of agriculture produce Training Program at Barabanki
Lawrence house funds
Lawrence house funds
TAR Lazio: il Ministro dell'Interno ed il Prefetto non possono annullare le t...
TAR Lazio: il Ministro dell'Interno ed il Prefetto non possono annullare le t...
Разумное потребление тепла.
Разумное потребление тепла.
Ch. 1 HTML5, CIS 110 13F
Ch. 1 HTML5, CIS 110 13F
Ch. 2 HTML5, CIS 110 13F
Ch. 2 HTML5, CIS 110 13F
Rac lecture 4
Rac lecture 4
Осознанное потребление.
Осознанное потребление.
Ch. 4 FIT5, CIS 110 13F
Ch. 4 FIT5, CIS 110 13F
Layer session
Layer session
Similar to Ch. 12 FIT5, CIS 110 13F
Privacy & Data Ethics
Privacy & Data Ethics
Erik Kokkonen
Data Property Rights (Rocky Mountain IP and Technology Institute 2013) (May 2...
Data Property Rights (Rocky Mountain IP and Technology Institute 2013) (May 2...
Jason Haislmaier
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOs
gppcpa
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Alan McSweeney
9 Privacy Clauses for a Landing Page
9 Privacy Clauses for a Landing Page
termsfeed
4514611.ppt
4514611.ppt
ssusera4419c
Data protection For CYP Organisations
Data protection For CYP Organisations
Cliff Ashcroft
A4 presentation
A4 presentation
Sunny Sandhu
6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docx
6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docx
evonnehoggarth79783
Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat...
Financial Poise
TrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc
Chapter 8
Chapter 8
Nada G.Youssef
The Interwoven Complexities of Social Media, Privacy and Data Security
The Interwoven Complexities of Social Media, Privacy and Data Security
Armstrong Teasdale
Ethics in Data Management.pptx
Ethics in Data Management.pptx
Ravindra Babu
Data, Data Wherever.pptx
Data, Data Wherever.pptx
MenchBroqz1
Confidentiality
Confidentiality
izzati masturah
Trending Topics in Data Collection & Targeted Marketing
Trending Topics in Data Collection & Targeted Marketing
cdasLLP
A Global Marketer's Guide to Privacy
A Global Marketer's Guide to Privacy
FLUZO
Get you and your business GDPR ready
Get you and your business GDPR ready
Harrison Clark Rickerbys
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)
Jason Haislmaier
Similar to Ch. 12 FIT5, CIS 110 13F
(20)
Privacy & Data Ethics
Privacy & Data Ethics
Data Property Rights (Rocky Mountain IP and Technology Institute 2013) (May 2...
Data Property Rights (Rocky Mountain IP and Technology Institute 2013) (May 2...
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOs
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
9 Privacy Clauses for a Landing Page
9 Privacy Clauses for a Landing Page
4514611.ppt
4514611.ppt
Data protection For CYP Organisations
Data protection For CYP Organisations
A4 presentation
A4 presentation
6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docx
6102015 1 McGraw-Hill-Ryerson ©2015 The McGraw-Hill .docx
Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat...
TrustArc Webinar: Challenges & Risks Of Data Graveyards
TrustArc Webinar: Challenges & Risks Of Data Graveyards
Chapter 8
Chapter 8
The Interwoven Complexities of Social Media, Privacy and Data Security
The Interwoven Complexities of Social Media, Privacy and Data Security
Ethics in Data Management.pptx
Ethics in Data Management.pptx
Data, Data Wherever.pptx
Data, Data Wherever.pptx
Confidentiality
Confidentiality
Trending Topics in Data Collection & Targeted Marketing
Trending Topics in Data Collection & Targeted Marketing
A Global Marketer's Guide to Privacy
A Global Marketer's Guide to Privacy
Get you and your business GDPR ready
Get you and your business GDPR ready
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)
More from mh-108
Ch. 16 Database Case Study: XML/XSLT
Ch. 16 Database Case Study: XML/XSLT
mh-108
Ch. 15 FIT5, CIS 110 13F
Ch. 15 FIT5, CIS 110 13F
mh-108
Ch. 10 FIT5, CIS 110 13F
Ch. 10 FIT5, CIS 110 13F
mh-108
Ch. 7 FIT5, CIS 110 13F
Ch. 7 FIT5, CIS 110 13F
mh-108
Ch. 3 HTML5, CIS 110 13F
Ch. 3 HTML5, CIS 110 13F
mh-108
Ch. 3 FIT5, CIS 110 13F
Ch. 3 FIT5, CIS 110 13F
mh-108
FIT5 Ch. 5, CIS 110 13F
FIT5 Ch. 5, CIS 110 13F
mh-108
More from mh-108
(7)
Ch. 16 Database Case Study: XML/XSLT
Ch. 16 Database Case Study: XML/XSLT
Ch. 15 FIT5, CIS 110 13F
Ch. 15 FIT5, CIS 110 13F
Ch. 10 FIT5, CIS 110 13F
Ch. 10 FIT5, CIS 110 13F
Ch. 7 FIT5, CIS 110 13F
Ch. 7 FIT5, CIS 110 13F
Ch. 3 HTML5, CIS 110 13F
Ch. 3 HTML5, CIS 110 13F
Ch. 3 FIT5, CIS 110 13F
Ch. 3 FIT5, CIS 110 13F
FIT5 Ch. 5, CIS 110 13F
FIT5 Ch. 5, CIS 110 13F
Recently uploaded
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
PsychoTech Services
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
Steve Thomason
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
GeoBlogs
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
National Information Standards Organization (NISO)
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
SoniaTolstoy
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
Chameera Dedduwage
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
Disha Kariya
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
dawncurless
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
misteraugie
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
AyushMahapatra5
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Krashi Coaching
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
VishalSingh1417
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
sanyamsingh5019
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
RAM LAL ANAND COLLEGE, DELHI UNIVERSITY.
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
TechSoup
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
iammrhaywood
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
RaunakKeshri1
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
Dr. Mazin Mohamed alkathiri
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
eniolaolutunde
Recently uploaded
(20)
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
Ch. 12 FIT5, CIS 110 13F
1.
Chapter 12 Privacy and
Digital Security Friday, December 6, 13
2.
Information Privacy &
Security Learning Objectives • Privacy: safeguards for Personally Identifying Information (PII) & Personal Identifiers (PIDs) • OECD Fair Information Practices (FIPs) • U.S. privacy: Opt-in/Opt-out, compliance/enforcement • Computer Security • public key cryptosystems (PKCs) Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
3.
Privacy: Whose Information
Is It? • Buying a product at a store generates a transaction, which produces information. • If you do this online, you supply even more PII • Even if you don’t “sign in”, your browser reveals information about you Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
4.
How Can the
Information Be Used? • Transaction information – normal part of business – information belongs to the store • based on your purchases – store sends you ads for other items, – standard business practice Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
5.
Controlling the Use
of Information • Who controls transaction information? 1. No Uses. The information ought to be deleted when the store is finished with it. 2. Approval or Opt-in. The store can use it for other purposes, but only if you approve. 3. Objection or Opt-out. The store can use it for other purposes, but not if you object. 4. No Limits. The information can be used any way the store chooses. Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
6.
Controlling the Use
of Information 5. Internal Use. – store can use the information to conduct business with you, but for no other use – It would not include giving or selling your information to another person or business – may not require your approval Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
7.
Controlling the Use
of Information • Outside the US the law and standards would place it between (1) and (2), but very close to (1). • In the US, the law and standards would place it between (3) and (4), but very close to (4) Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
8.
A Privacy Definition •
Privacy: The right of people to choose freely under what circumstances and to what extent they will reveal personally identifying information to others. Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
9.
Fair Information Practices •
There must be clear guidelines adopted for handling private information: -> Fair Information Practices (FIPs). Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
10.
OECD Fair Information
Practices • 1980: the Organization for Economic Cooperation & Development (OECD) developed an 8-point list of privacy principles => became known as the Fair Information Practices => now, widely accepted standard Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
11.
OECD Fair Information
Practices • The public has an interest in these principles becoming law • The principles also give a standard that businesses and governments can meet as a “due diligence test” for protecting citizens’ rights of privacy Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
12.
OECD Fair Information
Practices An important aspect of the OECD principles is the concept that – a data controller: (the person or office setting the policies) – must interact with individuals about their information – must be accountable for those policies Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
13.
OECD’s Fair Information
Practices • The standard eight-point list of privacy principles. – – – – – – – – Limited Collection Principle Quality Principle Purpose Principle Use Limitation Principle Security Principle Openness Principle Participation Principle Accountability Principle Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13 13
14.
Copyright © 2013
Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
15.
Privacy Worldwide • Privacy
is not enjoyed in much of the world at the OECD standard • Privacy often comes in conflict with private or governmental interests: – Example, the United States has not adopted the OECD principles, because many U.S. companies profit by buying and using information in ways that are inconsistent with the OECD principles Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
16.
Privacy Worldwide • Many
non-EU countries have also adopted laws based on OECD principles – One provision in the EU Directive requires that data about EU citizens be protected by the standards of the law even when it leaves their country Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
17.
U.S. Privacy Laws •
The US failure to meet the requirements of the EU Directive concerns information stored by businesses Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
18.
U.S. Privacy Laws •
US Sectoral Laws and Privacy: – Electronic Communication Privacy Act (‘86) – Telephone Consumer Protection Act of (‘91) – Driver’s Privacy Protection Act (’94) – Health Insurance Privacy & Accountability Act (’96) • The sectoral approach provides very strong privacy protections in specific cases Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
19.
Privacy Principles: Abroad •
Three weaknesses in US privacy laws: 1. Opt-in/Opt-out (the US default is opt-out) 2. Enforcement There is no office of data controller in the US The FTC proposes that U.S. companies “comply voluntarily” 3. Coverage Countries adopting the Fair Information Practices have everything covered Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
20.
Copyright © 2013
Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
21.
Cookies • Cookies are exchanged
between the client and the server on each transmission of information, allowing the server to know which of the many clients is sending information Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
22.
Cookies • Many sites
use cookies, even when the interaction is not intended to be as secure as a bank transaction (National Air and Space Museum sent the above) • The meaning of the fields is unimportant • The first is the server and the last is the unique information identifying the session Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
23.
Cookie Abuse • There
is a loophole called a third-party cookie • A cookie is exchanged between the client and server making the interaction private • But, if the Web site includes ads on its page, the server may direct it to link to the ad company to deliver the ad • This new client/server relationship place a cookie on your computer Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
24.
Copyright © 2013
Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
25.
Flash Cookies Flash Cookies
(LSO) Congressmen Seek Answers to ‘Supercookies’ (WSJ) Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
26.
FIPS in the
News Hazards of the FaceBook Generation FTC Fair Information Practices (FIPs) Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
27.
Tracking • Tracking is
the practice of a Web site automatically sending details about a visit to other content providers • This is an emerging problem of concern to privacy experts • The consequences of being tracked are not yet fully understood • HTTP has a tracking flag telling servers what your tracking preferences are Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
28.
Do Not Track Notice
that Google’s Chrome browser does not support user requests not to track. Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
29.
Copyright © 2013
Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
30.
Digital Security • Computer
security is a topic that is in the news almost daily. • Remember the “dos and don’ts” for online behavior: – Do check with the sender before opening an attachment you’re unsure about – Don’t fall for phishing emails Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
31.
Cryptology The scientific study
of cryptography and cryptanalysis Cryptography: creating secret codes encryption Cryptanalysis: breaking secret codes decryption Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
32.
Encryption • Information that
is recoded to hide its true meaning uses encryption • A major component of encryption is the key • They come in two forms: – Private – Public Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
33.
Symmetric-key Encryption • The
key is a “magic number” used to transform plain text into cipher text • Both the sender and receiver must possess the key • The process of sending an encrypted message is a five-step algorithm Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
34.
Symmetric-key Encryption • 5-Step
Encryption algorithm: 1. The sender breaks the message into groups of letters 2. “Multiply” each group of letters times the key 3. Send the “products”/results from the “multiplications” to the receiver 4. The receiver “divides” the “products” by the key to recreate the groups 5. Assemble the groups into the message Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
35.
Symmetric-key Encryption • This
works because the math works • The “reversibility” of encryption makes them 2-way ciphers – Only the sender and receiver know the key, making the products useless numbers • This is a secure communication • This is called private key encryption, or symmetric-key cryptography Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
36.
Encryption Example Copyright ©
2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
37.
Symmetric-key Schematic Diagram Copyright
© 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
38.
Private Key Encryption •
Real encryption systems use much longer blocks (hundreds of letters) and larger keys • Multiplication, division are not the only operations that can be used for encryption • All that is needed is for an operation to have an inverse (divide is the inverse of multiply) Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
39.
Symmetric-key Encryption • Effective
only if the symmetric key is kept secret by the two parties involved • Problem: The sender and receiver have to agree on the key, which means they need to communicate somehow • Usually, they meet face-to-face (they can’t email, they don’t have a key yet!) Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
40.
Public Key Encryption •
To avoid that face-to-face meeting, publish the key! • Use public key encryption – Two special prime numbers multiplied together Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
41.
Public Key Encryption
Steps • After, the receiver publishes the special key, K, the following happens: 1. The sender breaks up the message into blocks as before 2. The sender cubes each block, and divides by K, keeping only the remainders 3. The remainders are transmitted Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
42.
Public Key Encryption
Steps • After, the receiver publishes the special key, K, the following happens: 4. The receiver raises each remainder to a high power determined by the prime numbers and known only to him 5. The receiver divides by K, too, and saves only the remainders, which are the original blocks. 6. The receiver assembles the message. Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
43.
How Do We
Know It Works? • K, the magic public key, is just two prime numbers, p and q, multiplied together • It is possible to figure out those two numbers from the published key in theory. • This process, called factoring, is tough if the numbers p and q are large (60 digits apiece) • It is impractical to factor them no matter how powerful the computer! Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
44.
Web Field Trip Public-Key
Cryptography (Mozilla Developers Network) • • • • • • Read the following sections: Introduction Internet Security Issues Encryption & Decryption Symmetric-Key Encryption Public-Key Encryption Key Length & Encryption Strength Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
45.
Web Field Trip Public-Key
Cryptography (Mozilla Developers Network) Symmetric-key encryption plays an important role in the SSL protocol, which is used for encryption over TCP/IP networks. SSL also uses techniques of public-key encryption Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
46.
Web Field Trip Mozilla
Developers Network • Public-key encryption requires more computation than private-key encryption • Therefore, use public-key encryption to send a symmetric key, which can then be used to encrypt additional data • This is the approach used by the SSL protocol Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
47.
Copyright © 2013
Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
48.
Back Up your
Personal Computer • First, you need a place to keep the copy, and you need software to make the copy. • The two easiest “places” to keep the copy are on an external hard disk or “in the cloud” • The “cloud” company’s computers store the information for you and they take responsibility of keeping it available to you Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
49.
System Backup Utilities •
OS X: Time Machine • Windows: Backup and Restore Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
50.
Copyright © 2013
Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
51.
Summary • Revealing personal
information can be beneficial (e.g., Facebook, Google, etc.) • Organizations that receive the information must keep it private & secure • Guidelines for keeping data private have been created by several organizations, including the Organization for Economic Cooperation and Development (OECD) Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
52.
Summary • Guidelines often
conflict with the interests of business and government, so some countries like the United States have not adopted them. Because the United States takes a sectoral approach to privacy, adopting laws only for specific business sectors or practices, much of the information collected on its citizens is not protected by OECD standards. Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
53.
Summary • The shortcomings
for privacy conditions in the United States are Opt-in/Opt-out, compliance/enforcement, and coverage. • The “third-party cookie” loophole allows companies to gather information; identity theft is an unresolved problem. The best way to manage privacy in the Information Age is to have OECD-grade privacy laws. Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
54.
Summary • Public key
cryptography (PKC) is a straightforward idea built on familiar concepts. • Computer scientists have not yet proved the invincibility of the RSA scheme, but it can be “made more secure” simply by increasing the size of the key. Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
55.
Ch. 12 Assessment: Learning
Outcomes - Know the following Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Friday, December 6, 13
Download now