Introduction to Computer Information Systems/Computer Security

From Wikibooks, open books for an open world
Jump to: navigation, search

Hardware Loss or Damage[edit]

Brokenlaptop

Hardware loss is inevitable. With so many people wanting the latest and greatest, you could imagine that others might get jealous, or desperate. Hardware theft is prominent and a large issue in the world. For whatever reason, peoples personal possessions are stolen. They could be stolen for valuable information, or just to pawn off the items for some quick money. With 1.6 million phones being stolen, this is an issue that needs to be dealt with. [1] Hardware loss is not the only way someone could lose their laptop or Android[2]. Hardware damage can render any of the latest and greatest useless. Whether is was a clogged fan, spilled water, or dropping it on the floor. When that moment arises, you know that it could all be gone within a matter of seconds.


Not Good...

System Failure is the complete malfunction of a computer system. This may be due to hardware failure, severe issues with certain software on the computer, or even a computer virus. Frequently, system failure will cause the computer to freeze, reboot, or stop functioning altogether and the repercussions of such an event can be devastating for a business. The result is often either the loss of important data, delays in the transfer of important information, and in some cases even the inability to function properly. An easy example of a system failure can be seen in the lawsuit California issued against SAP Public Services Inc.[3] California's payroll was affected by SAP's software solutions which cost the people of the state of California $250 million as well as delaying the paychecks of numerous employees of the California government. In this case, there was no loss of data but rather delays in the transfer of information as well as the corruption of it. Some checks were overpaid, others were underpaid. In some instances the incorrect spouses were paid for child support which could have culminated in the court intervening for an unpaid mother or father. Insurance benefits were also denied to others because of the system's inability to transmit data regarding medical deductions. It can be easily seen how a system failure can affect multiple people on many levels with a case like this, and how quickly the ability to function properly can be the result. The corruption of data and the inability to transfer it swiftly produced one of the largest debacles in government at the state level in recent times.

Software Piracy[edit]

Software piracy, a common name for file sharing, is the illegal copying and distribution of software. It is unauthorized by the copyright holder of the software, and it is a widespread recurrence in the computer era of today. If one purchases a software, he or she is not the owner of that particular software, but he or she is only licensed to the software. This means he or she can make copies, but for their own use only, or as stated in the End User License Agreement. In the United States and other countries, it is illegal to make copies of software, movies, CDs, etc., and then redistribute these copies to someone. In countries such as Sweden, copyright law restricts people to non-commercial sharing. A few common types of software piracy are the following: counterfeit software, OEM unbundling, soft lifting, hard disk loading, corporate software piracy, and Internet software piracy.[4] Software piracy is debated currently, with one side stating that it has a negative effect on the economy because it reduces the funding for ongoing developmental efforts, and it prevents users from getting high quality technical support and product updates, while the pro-sharing argument states that people should be allowed to share as they wish, and the financial benefit of corporations granted by Intellectual Property Law is unjust. However, BSA is a common software who is a global organization that forms to advance free, and open world transfer for legitimate software by advocating strong intellectual property protection. The BSA works with many software and commercial companies to stop file sharing.

Electronic Profiling and Spam[edit]

Electronic Profiling[edit]

Amazon uses electronic profiling to make suggestions as to what people might like to purchase

Electronic profiling is when marketing companies collect information about an individual. They can get the information from purchases that a person makes on the Internet, as well as public information like births, marriages, vehicle registrations, etc. An electronic profile usually consists of a person’s name, age, telephone number, marital status, number and age of children, spending habits, and previous purchases. This is how online websites like Amazon can make suggestions of what someone might want to buy. [5] That information can then be sold to companies who may ask for it for marketing purposes. Most businesses that collect personal information have a privacy policy, which will tell you how your personal information is going to be used and as long as the business follows what they say in their privacy policy it is legal for them to sell your personal information. The problem with this is that sometimes privacy policies can be unclear in their intentions and they can be hard to decipher. Companies may also change their privacy policy often and people don’t take the time to read through it. Electronic profiling also leads to behavioral advertising, where someone might see advertisements about things in their area or about people that are around the same age and gender as them. It is kind of crazy that the computer knows that about someone and then can apply it to the things that person looks at. [6]

Spam[edit]

Spam

Spam is the use of electronic messaging systems to send unsolicited bulk messages. [7] Spam can be sent to personal email addresses as well as to cell phones sent as a text message. Some frequently seen spam examples include advertising for specifically health-related products, pornography, and business opportunities, such as buying and selling stock. With a world full of technology and information around us, individuals can easily receive any email address from a number of ways. Companies receive email addresses either directly from the individual, or through 3rd parties that have a partnership with the other. Personal information can be entered into a database and then spam can be sent out to those individuals. Spam can also be sent over social media sites like Facebook, Twitter, or Google+. Many emails now have a separate folder marked “spam.” This is helpful to individuals because they will now be able to see what is considered “spam” before they open the email or attachment. With text messages, most people ignore or delete those messages. Marketing databases are easy ways to get on a spam distribution list. [8] Surprisingly, most spam is considered illegal, however there are certain guidelines that hackers can follow to be able to send spam emails or messages. It is difficult to stop the spamming, but in recent years, many have been convicted of spamming materials being sent to customers and individuals.

Electronic Surveillance[edit]

Computer Monitoring Software[edit]

Do you get the feeling you're being watched?

One popular tool of electronic surveillance is computer monitoring software. This software is used specifically for the purpose of recording keystrokes, logging the programs or Web sites accessed, or otherwise monitoring someone's computer activity. Some of the highest rated computer monitoring software includes SpyAgent and WebWatcher.[9] It is legal to use this software, either on your own computer or the computers of your employees. However, installing it on another computer without the owner's knowledge is typically illegal. Considering that this software is created to pretty much make sure your kids, spouse, or employees aren't doing anything on the computer that you don't want them to be doing, there are some ethical issues to consider. On the one hand, sometimes kids need help building self-control and avoiding predators so having their internet time monitored can be helpful for parents to use as a teaching tool. On the other hand, if you are supposedly in a loving and trusting romantic relationship, one could argue that you shouldn't be spying on them to be sure that they aren't cheating. As humans, we enjoy being trusted to do the right thing... and we get less credit for doing what we're supposed to do if put into an environment where there is no opportunity to get away with something dishonest. Still, computer monitoring software continues to be popular, and that isn't likely to end in a global culture that grows increasingly paranoid.

Employee Monitoring[edit]

A typical surveillance system monitoring work production

Employees need to be very aware of their actions while working on the clock. Now, more than ever before, companies can monitor exactly what their employees are doing or saying and how productive and efficient they are being while on the clock. Phone calls can be screened, emails can all be archived, website browsing can be tracked, and their every movement can be watched through cameras. Some practices are more common in different workplaces. For example, retail stores generally keep their employees under close surveillance to make sure they are not allowing for theft, or partaking in it themselves. Other office positions can remote to the desktop of its employees and see exactly what is open on their screen. Some more extreme cases include GPS based systems that are installed in company cars, for example, to make sure the vehicle is within the designated areas. Some individuals see this as a breach of their privacy, but employers are more concerned with the productivity, safety, and liability of their employees. An alternative to the continuous monitoring would be frequent training and education. Employers worry about the new avenues for individuals to misbehave at work due to the advances in technology. [10]

Video Surveillance[edit]

Video surveillance

Essentially, the idea of video surveillance is exactly what it sounds like: the use of video cameras to survey an area of monitor what is going on. We see examples of this every day: traffic cameras, police car cameras, ATMs, most retail stores, and even many mobile phones. The world of technology expanding so much that it is becoming increasingly difficult to find places that are not under some sort of surveillance. Many offices and schools implement these systems to keep track of students/employees and ensure they have a visual record of an incident if anything were to happen. Police use this in their cars to obtain a record of their activities on the job. Retail stores and ATMs use them to reduce crime/theft. Most of us have, at one point or another, waved at those small black and white television screens that show us "on TV" in stores, when the truth is we were waving at the video camera recording our every action for someone to review later on. And, more shockingly, the photos and videos people take today just using their phones can be used to link persons to crimes, events, locations, and so much more. while the expansion of video surveillance does create some privacy concerns, it has been useful (especially combined with other technology like facial recognition) in solving crimes like discovering the people responsible for the Boston bombing, as well as many other crimes. [11]

Computer Security and Privacy Legislation[edit]

Computer Security[edit]

Security Block

Computer security is the protection of computing systems and data that can be stored or accessed. Being educated about the computers security will benefit the user by enabling people to carry out their jobs, education, and research supporting critical business process, as well as, protecting personal and sensitive information. Good security standards found that 10 % of the security safeguards are technical and the other 90% security safeguards rely on the computer user to adhere to good computing practices. When using a computer, it benefits the user by understanding how to keep their computer and data secure. Some key steps are to use secured passwords, making sure it’s personal that no one will discover and that you always will remember it, in addition to, making sure the computer is protected, not clicking on unknown links, and not downloading unknown files or programs onto the computer. To help reduce the risk, look out for padlocks that appear in the URL bar before entering any personal information. This leads to the risks of the security of personal information, loss of business information or loss of employee and public trust. Other risks can be known for expensive reporting requirements in case of securing personal, financial or health information. [12]

The U.S. Safe Web Act of 2006[edit]

The U.S. Safe Web Act was brought about in December of 2006; the purpose of which was claimed to protect consumers from Internet fraud. With the growing popularity and growth of the Internet, this has become an increasingly dangerous threat. The Internet is consumed with fraudulent users, spyware, and telemarketing, and this law sought to put an end to some of this fraud. It gave the Federal Trade Commission (FTC) a decent deal more authority than they had previously had before it was passed, in hopes of protecting the consumers that use the Internet on a daily basis. There are a few things that the law changed that had not previously been allowed. First, it allowed the FTC to share information with foreign law enforcements and also aid them in investigations. In addition, it allows them to gain information from public law enforcement officials that they would not have previously been allowed to receive lawfully. This act also gave them more power and tools in consumer investigations. Finally, the act seems to strengthen the United States powers with other foreign countries, and allows them to share and work together in ways that previously would not have been allowed. In conclusion, it seems as though the whole purpose of the bill was to give the government more power, and to allow them to lawfully impose in more ways than before. [13]

Other Legislation Related to Privacy[edit]

Privacy is a contentious issue in current discussion

Related to the issues of computer privacy and personal privacy in general are the Do-Not-Call Implementation Act of 2003 and the CAN-SPAM Act of 2003. Both laws were created with the hopes of ensuring protection of privacy, yet whether or not these laws have accomplished this remains in question. The Do-Not-Call Implementation Act was designed to work in unison with the National Do Not Call Registry, which began in 2003 as well. This was developed to give individuals more control over the telemarketing calls that reach their households. The Do-Not-Call Implementation Act relates to the National Do Not Call Registry specifically in that it allowed for the enforcement of the registry by allowing for the Federal Trade Commision to collect fees for its maintenance.[14] U.S. Consumers can register by phone or online, and phone numbers now remain on the registry permanently because of the Do-Not-Call Improvement Act of 2007.

The CAN-SPAM Act of 2003 was designed to address the issue of unsolicited email messages (e.g. spam). According to the Bureau of Consumer Protection, the law covers all commercial messages, and it applies to not just business-to-customer messages but business-to-business messages as well.[15] The maximum penalty is $16,000 per violation, yet the effectiveness of this act remains in question because it remains largely unenforced. Critics assert that the law creates problems for state laws that would have “provided victims with practical means of redress.”[16]

Review[edit]

Key Terms[edit]

Hardware theft
The theft of computer hardware [17]
System failure
The complete malfunction of a computer system
Freeware
Copyrighted software that may be used free of charge [18]
Full disk encryption (FDE)
A technology that encrypts everything stored on a storage medium automatically, without any user interaction. [19]
Self-encrypting hard drive
A hard drive that uses full disk encryption (FDE) [20]
Ruggedized device
A device (such as a portable computer or mobile phone) that is designed to withstand much more physical abuse than its conventional counterpart [21]
Surge suppressor
A device that protects a computer system from damage due to electrical fluctuations [22]
Uninterruptible power supply (UPS)
A device containing a built-in battery that provides continuous power to a computer and other connected components when the electricity goes out [23]
Disaster recovery plan
A written plan that describes the steps a company will take following the occurrence of a disaster [24]
Software piracy
The unauthorized copying of a computer program
Digital counterfeiting
The use of computers or other types of digital equipment to make illegal copies of currency, checks, collectibles, and other items. [25]
Marketing database
A collection of data about people that is stored in a large database and used for marketing purposes
Opt out
To request that you be removed from marketing activities or that your information not be shared with other companies [26]
Presence technology
Technology that enables one computing device (such as a computer or mobile phone) to locate and identify the current status of another device on the same network [27]


Review Questions[edit]

1. Observing or reviewing employees’ actions while they are on the job is _____.

2. _____ _____ Software can be used to record an individual’s computer usage, such as capturing images of the screen, recording the actual keystrokes used, or creating a summary of Web sites and programs accessed.

3. ______ _____ is the use of video cameras to monitor activities of individuals, such as employees or individuals in public locations, for work-related or crime-prevention purposes.

4. True or False. Electronic profiling is the act of using electronic means to collect a variety of in-depth information about an individual, such as name, address, income, and buying habits.

5. Unsolicited, bulk e-mail sent over the Internet is ____.

6. A device that protects a computer system from damage due to electrical fluctuations is ____.

7. True or False. Encryption can be used for privacy purposes, in addition to security purposes.

8. Color copying money is an example of ____.

9. True or False. Very few major U.S. companies monitor the online activities of their employees.

10. The rights of individuals and companies to control how information about them is collected and used.


Answers

1. Employee Monitoring 2. Computer Monitoring 3. Video Surveillance 4. True 5. spam 6. Surge suppressor 7. True 8. Filter 9. False 10. Information privacy


  1. http://www.consumerreports.org/cro/news/2013/06/with-1-6-million-smart-phones-stolen-last-year-efforts-under-way-to-stem-the-losses/index.htm
  2. http://www.android.com/
  3. http://www.allgov.com/usa/ca/news/top-stories/state-sues-sap-over-failed-payroll-system-in-yet-another-tech-failure-131122?news=851725
  4. http://www.webopedia.com/TERM/S/software_piracy.html
  5. http://www.geek.com/mobile/automated-electronic-profiling-the-art-and-science-550246/
  6. http://www.ecommercetimes.com/story/73966.html
  7. http://en.wikipedia.org/wiki/Spam_(electronic)
  8. http://en.wikipedia.org/wiki/Database_marketing
  9. http://monitoring-software-review.toptenreviews.com/
  10. http://www.huizenga.nova.edu/Jame/articles/employee-monitoring.cfm
  11. http://www.cnn.com/2013/04/26/tech/innovation/security-cameras-boston-bombings/
  12. http://it.ucmerced.edu/security/information-security-awareness-training/what-computer-security
  13. http://www.ftc.gov/reports/us-safe-web-act-first-three-years-federal-trade-commission-report-congress
  14. https://www.govtrack.us/congress/bills/108/hr395
  15. http://www.business.ftc.gov/documents/bus61-can-spam-act-compliance-guide-business
  16. https://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003
  17. http://wiki.answers.com/Q/What_is_hardware_theft_and_vandalism
  18. https://en.wikipedia.org/wiki/Freeware
  19. http://en.wikipedia.org/wiki/Disk_encryption
  20. http://www.computerweekly.com/feature/Self-encrypting-drives-Whats-holding-back-SED-hard-drive-encryption-security
  21. http://en.wikipedia.org/wiki/Rugged_computer
  22. http://www.thefreedictionary.com/surge+suppressor
  23. http://en.wikipedia.org/wiki/Uninterruptible_power_supply
  24. http://en.wikipedia.org/wiki/Disaster_recovery_plan
  25. http://en.wikibooks.org/wiki/The_Computer_Revolution/Digital_Counterfeiting
  26. http://en.wikipedia.org/wiki/Opt-out
  27. http://en.wikipedia.org/wiki/Telepresence