SlideShare a Scribd company logo
Ron Briggs UT-Dallas
Ethics and Security in
Information Management
• You run the Dallas County office of DHS. Its Monday
morning of the week before you take-off on a two week
vacation.You are reading your mail. There is a letter from the
Information Systems division of the Office of the State
Auditor. They will be visiting you three weeks from today to:
“review policies and procedures with respect to information security and ethics”
• do you break into a cold sweat, or say ‘no sweat, we are in
good shape’
• what needs to be in place in order for you to enjoy a care
free vacation!?
Ron Briggs UT-Dallas
The Ethical Issues in IT
• responsibility, accountability, and liability
– snow storm, roof collapses, people lose money
• privacy and open records
– is gov. e-mail private or a public record?
• intellectual property: trade secrets, copyright, patents
– more than controlling software copying
• appropriate use and ethical behavior
– avoid even the appearance of inpropriety
• equity, access, and social impact
– the digital divide: is IT widening social and economic divisions?
• personal protection and health
– safety hazards in the workplace
Security is central to at least the first three.
Ethics is fundamental to the second three.
Ron Briggs UT-Dallas
Security Problem Areas
Its not a question of if, but of when!
– disasters strike (17%--includes equipment)
» external natural/manmade disasters
– disks, etc. fail
» internal equipment failures
– staff screw-up (50%)
– employees abuse (14%)
– hackers/viruses attack (5%)
– criminals conspire (14%--mostly internal)
– somebody sues
(Numbers refer to one estimate of losses, by source)
Ron Briggs UT-Dallas
The Response
• prevention, prevention, prevention
• detection
• prosecution/suing
The majority of problems are internal not external!
Your biggest problem is trusted staff messing up!
Prosecution & suing are after the fact. They won’t
prevent the problem (or save your job)!
It’s not luck, its planning!
Ron Briggs UT-Dallas
Basic Concepts:
responsibility, accountability, liability
Responsibility: the personal issue
accepting the inherent costs and obligations of the
decisions you make
Accountability: the institutional issue
the ability to determine who took the responsible (or
irresponsible!) action
Liability: the legal issue
the ability to recover for the damage done to
individuals or organizations through a system of due
process
Ron Briggs UT-Dallas
The Three Dimensions of Security
• Confidentiality
– assuring that legally protected data is not disclosed to the
public
• Integrity
– assuring that info. is correct and protected from
unauthorized alteration
• Availability
– assuring that data is available to support the agency’s
mission and operations
» information recoverable
» operations continuable
Ron Briggs UT-Dallas
Strategies for Security
• security policy/procedures
– physical security:
» people: locks, cameras,
exit/entry monitoring,
» water: basement, pipes
» electricity: surge, UPS
» structures: no prefabs!
– system access control : logon
– database security systems and
record/attribute level control
– data management policies
(which must be known and
followed)
» data ownership and
responsibility assignation
» data classification:
confidential, sensitive, public
• error control
– program development:
independent user testing
– data entry
» one time input/automated source
capture
» validation rules
» duplicate data entry for verification
– journalling: tracking all accesses
and changes by userID, date, time,
etc. (audit trail)
– hardware/network/database
monitoring: spotting trouble ahead
of time. (alarm)
– data audits
• disaster recovery
– back-ups: on-site & off-site
– mirroring/fault tolerant systems
– hot sites/cold sites
Ron Briggs UT-Dallas
Computer Systems v. Manual System
Is vulnerability increased?
• information is more highly concentrated, easier to gather
and more difficult to control
• potentially accessed by many more people.
• tools simplify and speed up copy/deletion of large
quantities
• no paper back-up; cannot be replicated manually.
• complex and invisible: difficult to test, audit or detect
change.
• more processing steps therefore more error possibilities.
Ron Briggs UT-Dallas
Trade-offs
• security versus information access
» internal v. external
» need-to-know
» data as power
• security versus convenience
» diminishing returns
• security versus service: risk assessment
» probabilty of occurrence
» institutional impact/cost of failure
Decisions for upper management, not IT folks!
1Ron Briggs UT-Dallas
Ethics and Appropriate Use
Dealing with personal business (e-mail, phones, etc.)
• No financial gain or commercial purpose
• direct costs re-imbursed (e.g. long distance charges)
• does not impeded agency operations (e.g tie up scare dial-in
ports or slow response time)
• consumes incidental amounts of employee time (the coffee
break test)
Dealing with vendors
• no personal gain, incl. family and friends (the tee shirt test)
• all have the opportunity to be included
• follow required procedures e.g. open bidding
For the public sector, it’s a matter of law. For the private
sector, it’s determined by policy.
1Ron Briggs UT-Dallas
Network Security: Needs
applications
– e-mail
– e-forms (internal business)
– edi (eletronic data interchange: external business)
management needs
– minimum manual
intervention
– audit trails
– status and alarms
– immediate and
comprehensive
revocation
user needs
– access control
– user
transparency
data needs
– confidentiality (secret)
– integrity
(secure: no change)
– authenticity
(sender known)
– non-repudiation
(delivery confirmed)
Security
concerns
intensify.
1Ron Briggs UT-Dallas
Network Security: Methods
Network
– closed network
– perimeter security (firewalls)
– object protection
User Access
– passwords (n times)
– smart cards (one time)
– user identification (fingerprint; eyeballs)
User exchange
– encryption (for confidentiality and integrity)
» clipper chip / back door
– public/private keys (for authenticity)
1Ron Briggs UT-Dallas
The Special Case of Telecom Security
Telephone Fraud--$2 billion plus per year
Examples:
• card sharps
• shoulder surfing
• dumpster diving
• sweet talk
codes/lines
• hacking
• internal trouble
Do you even know it?
Personal use
•illegal for gov.
•costly for private
sector
Watch out for:
•international
•1-900

More Related Content

What's hot

The information security audit
The information security auditThe information security audit
The information security audit
Dhani Ahmad
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information Security
SARJERAO Sarju
 
To situation awareness theory
To situation awareness theoryTo situation awareness theory
To situation awareness theory
engineerteju
 
6 Physical Security
6 Physical Security6 Physical Security
6 Physical Security
Alfred Ouyang
 
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdfControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
sulu98
 
Information security management
Information security managementInformation security management
Information security management
UMaine
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
Hamed Moghaddam
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Elumalai Vasan
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
IGN MANTRA
 
I0516064
I0516064I0516064
I0516064
IOSR Journals
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
Jonathan Coleman
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
Nicholas Davis
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001
Hiran Kanishka
 
Rothke Patchlink
Rothke    PatchlinkRothke    Patchlink
Rothke Patchlink
Ben Rothke
 
Practical Application of Physical Security Criteria
Practical Application of Physical Security CriteriaPractical Application of Physical Security Criteria
Practical Application of Physical Security Criteria
Scott L Weiland PE
 
Bis Chapter15
Bis Chapter15Bis Chapter15
Bis Chapter15
Chun Hoi Lam
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101
Jerod Brennen
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
Constantine Karbaliotis
 
Computing safety
Computing safetyComputing safety
Computing safety
titoferrus
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
Anchises Moraes
 

What's hot (20)

The information security audit
The information security auditThe information security audit
The information security audit
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information Security
 
To situation awareness theory
To situation awareness theoryTo situation awareness theory
To situation awareness theory
 
6 Physical Security
6 Physical Security6 Physical Security
6 Physical Security
 
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdfControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
 
Information security management
Information security managementInformation security management
Information security management
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
 
I0516064
I0516064I0516064
I0516064
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001
 
Rothke Patchlink
Rothke    PatchlinkRothke    Patchlink
Rothke Patchlink
 
Practical Application of Physical Security Criteria
Practical Application of Physical Security CriteriaPractical Application of Physical Security Criteria
Practical Application of Physical Security Criteria
 
Bis Chapter15
Bis Chapter15Bis Chapter15
Bis Chapter15
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
Computing safety
Computing safetyComputing safety
Computing safety
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 

Viewers also liked

Database - Design & Implementation - 1
Database - Design & Implementation - 1Database - Design & Implementation - 1
Database - Design & Implementation - 1
Trivuz ত্রিভুজ
 
Database design, implementation, and management -chapter02
Database design, implementation, and management -chapter02Database design, implementation, and management -chapter02
Database design, implementation, and management -chapter02
Beni Krisbiantoro
 
Information system
Information systemInformation system
Information system
Dhani Ahmad
 
Opportunities, threats, industry competition, and competitor analysis
Opportunities, threats, industry competition, and competitor analysisOpportunities, threats, industry competition, and competitor analysis
Opportunities, threats, industry competition, and competitor analysis
Dhani Ahmad
 
Strategic planning
Strategic planningStrategic planning
Strategic planning
Dhani Ahmad
 
Legal, ethical & professional issues
Legal, ethical & professional issuesLegal, ethical & professional issues
Legal, ethical & professional issues
Dhani Ahmad
 
Islamic information management
Islamic information managementIslamic information management
Islamic information management
Dhani Ahmad
 
Types of islamic institutions and records
Types of islamic institutions and recordsTypes of islamic institutions and records
Types of islamic institutions and records
Dhani Ahmad
 
Security policy
Security policySecurity policy
Security policy
Dhani Ahmad
 
Islamic information seeking behavior
Islamic information seeking behaviorIslamic information seeking behavior
Islamic information seeking behavior
Dhani Ahmad
 
Physical security
Physical securityPhysical security
Physical security
Dhani Ahmad
 
Islamic information management sources in islam
Islamic information management sources in islamIslamic information management sources in islam
Islamic information management sources in islam
Dhani Ahmad
 
Information resource management
Information resource managementInformation resource management
Information resource management
Dhani Ahmad
 
Database design
Database designDatabase design
Database design
Dhani Ahmad
 
Lecture 08 distributed dbms
Lecture 08 distributed dbmsLecture 08 distributed dbms
Lecture 08 distributed dbms
emailharmeet
 
Lecture 07 relational database management system
Lecture 07 relational database management systemLecture 07 relational database management system
Lecture 07 relational database management system
emailharmeet
 
Lecture 09 dblc centralized vs decentralized design
Lecture 09   dblc centralized vs decentralized designLecture 09   dblc centralized vs decentralized design
Lecture 09 dblc centralized vs decentralized design
emailharmeet
 
Lecture 06 relational algebra and calculus
Lecture 06 relational algebra and calculusLecture 06 relational algebra and calculus
Lecture 06 relational algebra and calculus
emailharmeet
 
Lecture 10 distributed database management system
Lecture 10   distributed database management systemLecture 10   distributed database management system
Lecture 10 distributed database management system
emailharmeet
 
Pembahasan Soal UKK TKJ 2017 - Paket 3
Pembahasan Soal UKK TKJ 2017 - Paket 3Pembahasan Soal UKK TKJ 2017 - Paket 3
Pembahasan Soal UKK TKJ 2017 - Paket 3
Beni Krisbiantoro
 

Viewers also liked (20)

Database - Design & Implementation - 1
Database - Design & Implementation - 1Database - Design & Implementation - 1
Database - Design & Implementation - 1
 
Database design, implementation, and management -chapter02
Database design, implementation, and management -chapter02Database design, implementation, and management -chapter02
Database design, implementation, and management -chapter02
 
Information system
Information systemInformation system
Information system
 
Opportunities, threats, industry competition, and competitor analysis
Opportunities, threats, industry competition, and competitor analysisOpportunities, threats, industry competition, and competitor analysis
Opportunities, threats, industry competition, and competitor analysis
 
Strategic planning
Strategic planningStrategic planning
Strategic planning
 
Legal, ethical & professional issues
Legal, ethical & professional issuesLegal, ethical & professional issues
Legal, ethical & professional issues
 
Islamic information management
Islamic information managementIslamic information management
Islamic information management
 
Types of islamic institutions and records
Types of islamic institutions and recordsTypes of islamic institutions and records
Types of islamic institutions and records
 
Security policy
Security policySecurity policy
Security policy
 
Islamic information seeking behavior
Islamic information seeking behaviorIslamic information seeking behavior
Islamic information seeking behavior
 
Physical security
Physical securityPhysical security
Physical security
 
Islamic information management sources in islam
Islamic information management sources in islamIslamic information management sources in islam
Islamic information management sources in islam
 
Information resource management
Information resource managementInformation resource management
Information resource management
 
Database design
Database designDatabase design
Database design
 
Lecture 08 distributed dbms
Lecture 08 distributed dbmsLecture 08 distributed dbms
Lecture 08 distributed dbms
 
Lecture 07 relational database management system
Lecture 07 relational database management systemLecture 07 relational database management system
Lecture 07 relational database management system
 
Lecture 09 dblc centralized vs decentralized design
Lecture 09   dblc centralized vs decentralized designLecture 09   dblc centralized vs decentralized design
Lecture 09 dblc centralized vs decentralized design
 
Lecture 06 relational algebra and calculus
Lecture 06 relational algebra and calculusLecture 06 relational algebra and calculus
Lecture 06 relational algebra and calculus
 
Lecture 10 distributed database management system
Lecture 10   distributed database management systemLecture 10   distributed database management system
Lecture 10 distributed database management system
 
Pembahasan Soal UKK TKJ 2017 - Paket 3
Pembahasan Soal UKK TKJ 2017 - Paket 3Pembahasan Soal UKK TKJ 2017 - Paket 3
Pembahasan Soal UKK TKJ 2017 - Paket 3
 

Similar to Secure

Chapter 3
Chapter 3Chapter 3
Chapter 3
Jennifer Polack
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
pdewitte
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
Perry Slack
 
Why your Information Security MUST mesh with your Business Continuity Program
Why your Information Security MUST mesh with your Business Continuity ProgramWhy your Information Security MUST mesh with your Business Continuity Program
Why your Information Security MUST mesh with your Business Continuity Program
PECB
 
Cyber Security - ASGFOA
Cyber Security - ASGFOACyber Security - ASGFOA
Cyber Security - ASGFOA
Peter Henley
 
Data Protection: We\'re In This Together
Data Protection: We\'re In This TogetherData Protection: We\'re In This Together
Data Protection: We\'re In This Together
myeaton
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?
CBIZ, Inc.
 
Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)
Huntsman Security
 
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Winston & Strawn LLP
 
Information security background
Information security backgroundInformation security background
Information security background
Nicholas Davis
 
Information Security
Information SecurityInformation Security
Information Security
Dhilsath Fathima
 
PP Lec9n10 Sp2020.pptx
PP Lec9n10 Sp2020.pptxPP Lec9n10 Sp2020.pptx
PP Lec9n10 Sp2020.pptx
MuhammadAbdullah201796
 
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
Case IQ
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
Asad Zaman
 
DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentation
Rodonoghue72
 
L007 Managing System Security (2016)
L007 Managing System Security (2016)L007 Managing System Security (2016)
L007 Managing System Security (2016)
Jan Wong
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk Management
Barry Caplin
 
The Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 editionThe Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 edition
Stephen Cobb
 
Privacy, Encryption, and Anonymity in the Civil Legal Aid Context
Privacy, Encryption, and Anonymity in the Civil Legal Aid ContextPrivacy, Encryption, and Anonymity in the Civil Legal Aid Context
Privacy, Encryption, and Anonymity in the Civil Legal Aid Context
Legal Services National Technology Assistance Project (LSNTAP)
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
shinydey
 

Similar to Secure (20)

Chapter 3
Chapter 3Chapter 3
Chapter 3
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
Why your Information Security MUST mesh with your Business Continuity Program
Why your Information Security MUST mesh with your Business Continuity ProgramWhy your Information Security MUST mesh with your Business Continuity Program
Why your Information Security MUST mesh with your Business Continuity Program
 
Cyber Security - ASGFOA
Cyber Security - ASGFOACyber Security - ASGFOA
Cyber Security - ASGFOA
 
Data Protection: We\'re In This Together
Data Protection: We\'re In This TogetherData Protection: We\'re In This Together
Data Protection: We\'re In This Together
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?
 
Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)
 
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
 
Information security background
Information security backgroundInformation security background
Information security background
 
Information Security
Information SecurityInformation Security
Information Security
 
PP Lec9n10 Sp2020.pptx
PP Lec9n10 Sp2020.pptxPP Lec9n10 Sp2020.pptx
PP Lec9n10 Sp2020.pptx
 
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
 
DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentation
 
L007 Managing System Security (2016)
L007 Managing System Security (2016)L007 Managing System Security (2016)
L007 Managing System Security (2016)
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk Management
 
The Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 editionThe Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 edition
 
Privacy, Encryption, and Anonymity in the Civil Legal Aid Context
Privacy, Encryption, and Anonymity in the Civil Legal Aid ContextPrivacy, Encryption, and Anonymity in the Civil Legal Aid Context
Privacy, Encryption, and Anonymity in the Civil Legal Aid Context
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 

More from Dhani Ahmad

Strategic information system planning
Strategic information system planningStrategic information system planning
Strategic information system planning
Dhani Ahmad
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Dhani Ahmad
 
Information security as an ongoing effort
Information security as an ongoing effortInformation security as an ongoing effort
Information security as an ongoing effort
Dhani Ahmad
 
Implementing security
Implementing securityImplementing security
Implementing security
Dhani Ahmad
 
Disaster recovery & business continuity
Disaster recovery & business continuityDisaster recovery & business continuity
Disaster recovery & business continuity
Dhani Ahmad
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
Dhani Ahmad
 
Topic 12 report & presentations
Topic 12   report & presentationsTopic 12   report & presentations
Topic 12 report & presentations
Dhani Ahmad
 
Topic 11 data management
Topic 11   data managementTopic 11   data management
Topic 11 data management
Dhani Ahmad
 
Topic 10 sample designs & procedures
Topic 10   sample designs & proceduresTopic 10   sample designs & procedures
Topic 10 sample designs & procedures
Dhani Ahmad
 
Topic 9 secondary data sources
Topic 9   secondary data sourcesTopic 9   secondary data sources
Topic 9 secondary data sources
Dhani Ahmad
 
Topic 8 questionnaire design
Topic 8   questionnaire designTopic 8   questionnaire design
Topic 8 questionnaire design
Dhani Ahmad
 
Topic 7 measurement in research
Topic 7   measurement in researchTopic 7   measurement in research
Topic 7 measurement in research
Dhani Ahmad
 

More from Dhani Ahmad (12)

Strategic information system planning
Strategic information system planningStrategic information system planning
Strategic information system planning
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Information security as an ongoing effort
Information security as an ongoing effortInformation security as an ongoing effort
Information security as an ongoing effort
 
Implementing security
Implementing securityImplementing security
Implementing security
 
Disaster recovery & business continuity
Disaster recovery & business continuityDisaster recovery & business continuity
Disaster recovery & business continuity
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
 
Topic 12 report & presentations
Topic 12   report & presentationsTopic 12   report & presentations
Topic 12 report & presentations
 
Topic 11 data management
Topic 11   data managementTopic 11   data management
Topic 11 data management
 
Topic 10 sample designs & procedures
Topic 10   sample designs & proceduresTopic 10   sample designs & procedures
Topic 10 sample designs & procedures
 
Topic 9 secondary data sources
Topic 9   secondary data sourcesTopic 9   secondary data sources
Topic 9 secondary data sources
 
Topic 8 questionnaire design
Topic 8   questionnaire designTopic 8   questionnaire design
Topic 8 questionnaire design
 
Topic 7 measurement in research
Topic 7   measurement in researchTopic 7   measurement in research
Topic 7 measurement in research
 

Recently uploaded

workbook and project U5 1ºsecundaria.pdf
workbook and project U5 1ºsecundaria.pdfworkbook and project U5 1ºsecundaria.pdf
workbook and project U5 1ºsecundaria.pdf
anya2024forgya
 
High Profile Girls Call ServiCe Chennai XX00XXX00X Tanisha Best High Class Ch...
High Profile Girls Call ServiCe Chennai XX00XXX00X Tanisha Best High Class Ch...High Profile Girls Call ServiCe Chennai XX00XXX00X Tanisha Best High Class Ch...
High Profile Girls Call ServiCe Chennai XX00XXX00X Tanisha Best High Class Ch...
shamrisumri
 
Girls Call Mahipalpur 000XX00000 Provide Best And Top Girl Service And No1 in...
Girls Call Mahipalpur 000XX00000 Provide Best And Top Girl Service And No1 in...Girls Call Mahipalpur 000XX00000 Provide Best And Top Girl Service And No1 in...
Girls Call Mahipalpur 000XX00000 Provide Best And Top Girl Service And No1 in...
mahigarg2024#G05
 
Information Systems Auditing, Controls and Assurance , tanapat limsaiprom
Information Systems Auditing, Controls and Assurance , tanapat limsaipromInformation Systems Auditing, Controls and Assurance , tanapat limsaiprom
Information Systems Auditing, Controls and Assurance , tanapat limsaiprom
TanapatLimsaiprom1
 
How Salesforce Development in the UK is Driving Digital Transformation
How Salesforce Development in the UK is Driving Digital TransformationHow Salesforce Development in the UK is Driving Digital Transformation
How Salesforce Development in the UK is Driving Digital Transformation
Sweet Potato Tec
 
Build a Professional Resume using Canva , Tanapat Limsaiprom
Build a Professional Resume using Canva , Tanapat LimsaipromBuild a Professional Resume using Canva , Tanapat Limsaiprom
Build a Professional Resume using Canva , Tanapat Limsaiprom
TanapatLimsaiprom1
 
Girls Call Shimla 000XX00000 Provide Best And Top Girl Service And No1 in City
Girls Call Shimla 000XX00000 Provide Best And Top Girl Service And No1 in CityGirls Call Shimla 000XX00000 Provide Best And Top Girl Service And No1 in City
Girls Call Shimla 000XX00000 Provide Best And Top Girl Service And No1 in City
dilbaagsingh0898
 
Bitcoin vs Ethereum Which Crypto Performed Better in Q2, 2024.docx
Bitcoin vs Ethereum Which Crypto Performed Better in Q2, 2024.docxBitcoin vs Ethereum Which Crypto Performed Better in Q2, 2024.docx
Bitcoin vs Ethereum Which Crypto Performed Better in Q2, 2024.docx
SFC Today
 
Web development Platform Constraints.pptx
Web development Platform Constraints.pptxWeb development Platform Constraints.pptx
Web development Platform Constraints.pptx
ssuser2f6682
 
Portugal Dreamin 24 - How to easily use an API with Flows
Portugal Dreamin 24  - How to easily use an API with FlowsPortugal Dreamin 24  - How to easily use an API with Flows
Portugal Dreamin 24 - How to easily use an API with Flows
Thierry TROUIN ☁
 
AWS Networking Basic , tanapat limsaiprom
AWS Networking Basic , tanapat limsaipromAWS Networking Basic , tanapat limsaiprom
AWS Networking Basic , tanapat limsaiprom
ธนาพัฒน์ ลิ้มสายพรหม
 
Cyber Security Course & Guide. X.GI. pdf
Cyber Security Course & Guide. X.GI. pdfCyber Security Course & Guide. X.GI. pdf
Cyber Security Course & Guide. X.GI. pdf
RohitRoshanBengROHIT
 
Trading Strategy for London silver bullet
Trading Strategy for London silver bulletTrading Strategy for London silver bullet
Trading Strategy for London silver bullet
OkgatoSemadi1
 
202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧
202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧
202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧
ffg01100
 
6 Reasons to Use a VPN | 3S VPN Server App
6 Reasons to Use a VPN | 3S VPN Server App6 Reasons to Use a VPN | 3S VPN Server App
6 Reasons to Use a VPN | 3S VPN Server App
VPN Server
 
Kolkata @Girls @Call WhatsApp Numbers 🫦0000XX0000🫦 List For Friendship Girls ...
Kolkata @Girls @Call WhatsApp Numbers 🫦0000XX0000🫦 List For Friendship Girls ...Kolkata @Girls @Call WhatsApp Numbers 🫦0000XX0000🫦 List For Friendship Girls ...
Kolkata @Girls @Call WhatsApp Numbers 🫦0000XX0000🫦 List For Friendship Girls ...
paridubey2024#G05
 
Jarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirts
Jarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirtsJarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirts
Jarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirts
exgf28
 
Draya Michele’s Son – Kniko Howard’s Rise to Fame.pptx
Draya Michele’s Son – Kniko Howard’s Rise to Fame.pptxDraya Michele’s Son – Kniko Howard’s Rise to Fame.pptx
Draya Michele’s Son – Kniko Howard’s Rise to Fame.pptx
ashishkumarrana9
 
Top 50 Telephone Conversation Sample Examples For IT Industries.pdf
Top 50 Telephone Conversation Sample Examples For IT Industries.pdfTop 50 Telephone Conversation Sample Examples For IT Industries.pdf
Top 50 Telephone Conversation Sample Examples For IT Industries.pdf
Krishna L
 
Tarun Gaur On Data Breaches and Privacy Fears
Tarun Gaur On Data Breaches and Privacy FearsTarun Gaur On Data Breaches and Privacy Fears
Tarun Gaur On Data Breaches and Privacy Fears
Tarun Gaur
 

Recently uploaded (20)

workbook and project U5 1ºsecundaria.pdf
workbook and project U5 1ºsecundaria.pdfworkbook and project U5 1ºsecundaria.pdf
workbook and project U5 1ºsecundaria.pdf
 
High Profile Girls Call ServiCe Chennai XX00XXX00X Tanisha Best High Class Ch...
High Profile Girls Call ServiCe Chennai XX00XXX00X Tanisha Best High Class Ch...High Profile Girls Call ServiCe Chennai XX00XXX00X Tanisha Best High Class Ch...
High Profile Girls Call ServiCe Chennai XX00XXX00X Tanisha Best High Class Ch...
 
Girls Call Mahipalpur 000XX00000 Provide Best And Top Girl Service And No1 in...
Girls Call Mahipalpur 000XX00000 Provide Best And Top Girl Service And No1 in...Girls Call Mahipalpur 000XX00000 Provide Best And Top Girl Service And No1 in...
Girls Call Mahipalpur 000XX00000 Provide Best And Top Girl Service And No1 in...
 
Information Systems Auditing, Controls and Assurance , tanapat limsaiprom
Information Systems Auditing, Controls and Assurance , tanapat limsaipromInformation Systems Auditing, Controls and Assurance , tanapat limsaiprom
Information Systems Auditing, Controls and Assurance , tanapat limsaiprom
 
How Salesforce Development in the UK is Driving Digital Transformation
How Salesforce Development in the UK is Driving Digital TransformationHow Salesforce Development in the UK is Driving Digital Transformation
How Salesforce Development in the UK is Driving Digital Transformation
 
Build a Professional Resume using Canva , Tanapat Limsaiprom
Build a Professional Resume using Canva , Tanapat LimsaipromBuild a Professional Resume using Canva , Tanapat Limsaiprom
Build a Professional Resume using Canva , Tanapat Limsaiprom
 
Girls Call Shimla 000XX00000 Provide Best And Top Girl Service And No1 in City
Girls Call Shimla 000XX00000 Provide Best And Top Girl Service And No1 in CityGirls Call Shimla 000XX00000 Provide Best And Top Girl Service And No1 in City
Girls Call Shimla 000XX00000 Provide Best And Top Girl Service And No1 in City
 
Bitcoin vs Ethereum Which Crypto Performed Better in Q2, 2024.docx
Bitcoin vs Ethereum Which Crypto Performed Better in Q2, 2024.docxBitcoin vs Ethereum Which Crypto Performed Better in Q2, 2024.docx
Bitcoin vs Ethereum Which Crypto Performed Better in Q2, 2024.docx
 
Web development Platform Constraints.pptx
Web development Platform Constraints.pptxWeb development Platform Constraints.pptx
Web development Platform Constraints.pptx
 
Portugal Dreamin 24 - How to easily use an API with Flows
Portugal Dreamin 24  - How to easily use an API with FlowsPortugal Dreamin 24  - How to easily use an API with Flows
Portugal Dreamin 24 - How to easily use an API with Flows
 
AWS Networking Basic , tanapat limsaiprom
AWS Networking Basic , tanapat limsaipromAWS Networking Basic , tanapat limsaiprom
AWS Networking Basic , tanapat limsaiprom
 
Cyber Security Course & Guide. X.GI. pdf
Cyber Security Course & Guide. X.GI. pdfCyber Security Course & Guide. X.GI. pdf
Cyber Security Course & Guide. X.GI. pdf
 
Trading Strategy for London silver bullet
Trading Strategy for London silver bulletTrading Strategy for London silver bullet
Trading Strategy for London silver bullet
 
202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧
202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧
202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧
 
6 Reasons to Use a VPN | 3S VPN Server App
6 Reasons to Use a VPN | 3S VPN Server App6 Reasons to Use a VPN | 3S VPN Server App
6 Reasons to Use a VPN | 3S VPN Server App
 
Kolkata @Girls @Call WhatsApp Numbers 🫦0000XX0000🫦 List For Friendship Girls ...
Kolkata @Girls @Call WhatsApp Numbers 🫦0000XX0000🫦 List For Friendship Girls ...Kolkata @Girls @Call WhatsApp Numbers 🫦0000XX0000🫦 List For Friendship Girls ...
Kolkata @Girls @Call WhatsApp Numbers 🫦0000XX0000🫦 List For Friendship Girls ...
 
Jarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirts
Jarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirtsJarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirts
Jarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirts
 
Draya Michele’s Son – Kniko Howard’s Rise to Fame.pptx
Draya Michele’s Son – Kniko Howard’s Rise to Fame.pptxDraya Michele’s Son – Kniko Howard’s Rise to Fame.pptx
Draya Michele’s Son – Kniko Howard’s Rise to Fame.pptx
 
Top 50 Telephone Conversation Sample Examples For IT Industries.pdf
Top 50 Telephone Conversation Sample Examples For IT Industries.pdfTop 50 Telephone Conversation Sample Examples For IT Industries.pdf
Top 50 Telephone Conversation Sample Examples For IT Industries.pdf
 
Tarun Gaur On Data Breaches and Privacy Fears
Tarun Gaur On Data Breaches and Privacy FearsTarun Gaur On Data Breaches and Privacy Fears
Tarun Gaur On Data Breaches and Privacy Fears
 

Secure

  • 1. Ron Briggs UT-Dallas Ethics and Security in Information Management • You run the Dallas County office of DHS. Its Monday morning of the week before you take-off on a two week vacation.You are reading your mail. There is a letter from the Information Systems division of the Office of the State Auditor. They will be visiting you three weeks from today to: “review policies and procedures with respect to information security and ethics” • do you break into a cold sweat, or say ‘no sweat, we are in good shape’ • what needs to be in place in order for you to enjoy a care free vacation!?
  • 2. Ron Briggs UT-Dallas The Ethical Issues in IT • responsibility, accountability, and liability – snow storm, roof collapses, people lose money • privacy and open records – is gov. e-mail private or a public record? • intellectual property: trade secrets, copyright, patents – more than controlling software copying • appropriate use and ethical behavior – avoid even the appearance of inpropriety • equity, access, and social impact – the digital divide: is IT widening social and economic divisions? • personal protection and health – safety hazards in the workplace Security is central to at least the first three. Ethics is fundamental to the second three.
  • 3. Ron Briggs UT-Dallas Security Problem Areas Its not a question of if, but of when! – disasters strike (17%--includes equipment) » external natural/manmade disasters – disks, etc. fail » internal equipment failures – staff screw-up (50%) – employees abuse (14%) – hackers/viruses attack (5%) – criminals conspire (14%--mostly internal) – somebody sues (Numbers refer to one estimate of losses, by source)
  • 4. Ron Briggs UT-Dallas The Response • prevention, prevention, prevention • detection • prosecution/suing The majority of problems are internal not external! Your biggest problem is trusted staff messing up! Prosecution & suing are after the fact. They won’t prevent the problem (or save your job)! It’s not luck, its planning!
  • 5. Ron Briggs UT-Dallas Basic Concepts: responsibility, accountability, liability Responsibility: the personal issue accepting the inherent costs and obligations of the decisions you make Accountability: the institutional issue the ability to determine who took the responsible (or irresponsible!) action Liability: the legal issue the ability to recover for the damage done to individuals or organizations through a system of due process
  • 6. Ron Briggs UT-Dallas The Three Dimensions of Security • Confidentiality – assuring that legally protected data is not disclosed to the public • Integrity – assuring that info. is correct and protected from unauthorized alteration • Availability – assuring that data is available to support the agency’s mission and operations » information recoverable » operations continuable
  • 7. Ron Briggs UT-Dallas Strategies for Security • security policy/procedures – physical security: » people: locks, cameras, exit/entry monitoring, » water: basement, pipes » electricity: surge, UPS » structures: no prefabs! – system access control : logon – database security systems and record/attribute level control – data management policies (which must be known and followed) » data ownership and responsibility assignation » data classification: confidential, sensitive, public • error control – program development: independent user testing – data entry » one time input/automated source capture » validation rules » duplicate data entry for verification – journalling: tracking all accesses and changes by userID, date, time, etc. (audit trail) – hardware/network/database monitoring: spotting trouble ahead of time. (alarm) – data audits • disaster recovery – back-ups: on-site & off-site – mirroring/fault tolerant systems – hot sites/cold sites
  • 8. Ron Briggs UT-Dallas Computer Systems v. Manual System Is vulnerability increased? • information is more highly concentrated, easier to gather and more difficult to control • potentially accessed by many more people. • tools simplify and speed up copy/deletion of large quantities • no paper back-up; cannot be replicated manually. • complex and invisible: difficult to test, audit or detect change. • more processing steps therefore more error possibilities.
  • 9. Ron Briggs UT-Dallas Trade-offs • security versus information access » internal v. external » need-to-know » data as power • security versus convenience » diminishing returns • security versus service: risk assessment » probabilty of occurrence » institutional impact/cost of failure Decisions for upper management, not IT folks!
  • 10. 1Ron Briggs UT-Dallas Ethics and Appropriate Use Dealing with personal business (e-mail, phones, etc.) • No financial gain or commercial purpose • direct costs re-imbursed (e.g. long distance charges) • does not impeded agency operations (e.g tie up scare dial-in ports or slow response time) • consumes incidental amounts of employee time (the coffee break test) Dealing with vendors • no personal gain, incl. family and friends (the tee shirt test) • all have the opportunity to be included • follow required procedures e.g. open bidding For the public sector, it’s a matter of law. For the private sector, it’s determined by policy.
  • 11. 1Ron Briggs UT-Dallas Network Security: Needs applications – e-mail – e-forms (internal business) – edi (eletronic data interchange: external business) management needs – minimum manual intervention – audit trails – status and alarms – immediate and comprehensive revocation user needs – access control – user transparency data needs – confidentiality (secret) – integrity (secure: no change) – authenticity (sender known) – non-repudiation (delivery confirmed) Security concerns intensify.
  • 12. 1Ron Briggs UT-Dallas Network Security: Methods Network – closed network – perimeter security (firewalls) – object protection User Access – passwords (n times) – smart cards (one time) – user identification (fingerprint; eyeballs) User exchange – encryption (for confidentiality and integrity) » clipper chip / back door – public/private keys (for authenticity)
  • 13. 1Ron Briggs UT-Dallas The Special Case of Telecom Security Telephone Fraud--$2 billion plus per year Examples: • card sharps • shoulder surfing • dumpster diving • sweet talk codes/lines • hacking • internal trouble Do you even know it? Personal use •illegal for gov. •costly for private sector Watch out for: •international •1-900