Computer Security Risks

Definición:

• Un riesgo de seguridad en computadoras es cualquier evento o acción que pueda causar pérdida o daño al hardware, software, datos, información, o capacidad de procesamiento.

Computer crime

• Cualquier acto ilegal que envuelva el uso de un sistema computadorizado

• Cybercrime

se refiere a actos ilegales llevados a cabo en linea o a través del internet

Cybercrime

• Hacker• Cracker• Corporate spy

• Unethical employees• Cyberextortionist• Cyberterrorist

Internet & Network attacks

• Online security service – web site donde se evalua el computador para verificar la vulnerabilidad de este para Internet o

e-mails

Malware (malicious software)

• Computer virus• Worms• Trojan horse

• Back doors• spyware

Safeguards

• Firewalls• Intrusion Detection

Software• honeypots

Unauthorized Access and Use (Safeguards)

• Identifying and Authenticating Users

* user names & passwords

* possessed objects

* biometric devices

Hardware Theft (safeguards)

• Cables that lock the equipment to a desk

Software Theft

• Steals software media

• Intentionally erases programs

• Illegally copies

Software Theft (safeguards)

• License agreement

• Character identification number

Information Theft (safeguards)

• Encryption

Name Method Plaintext Ciphertext

Transposition Switch the order of characters

SOFTWARE OSTFAWER

Expansion Insert characters between existing characters

USER UYSYEYRY

Substitution Replace characters with other characters

INFORMATION WLDIMXQUWIL

Compaction Remove characters and store elsewhere

ACTIVATION ACIVTIN

Information Theft (safeguards)

• Digital certificates

• Digital signature

• Secure Sockets Layer (SSL)

• Secure HTTP (S-HTTP)

System Failure

• Uninterruptible Power Supply (UPS)

• Backup

Wireless Security

• Firewalls

• Wired Equivalent Privacy (WEP)

• Wi-Fi Protected Access (WPA)

• 802.11i network

Computer Ethics

• Guias morales que dirigen el uso de computadoras y de sistemas de información.

• Areas de discusión:– Uso no autorizado de computadoras y networks– Piratería de software– Derechos de propiedad intelectual– Códigos de conducta– Privacidad de la información– Presición de la información

IssueIssue EthicalEthical UnethicalUnethical

1) A company requires employees to wear badges that track their whereabouts while at work.

2) A supervisor reads an employee’s e-mail.

3) An employee uses his computer at work to send e-mail messages to a friend.

4) An employee sends an e-mail message to several coworkers and blind copies his supervisor.

5) An employee forwards an e-mail message to a third party without permission from the sender.

6) An employee uses her computer at work to complete a homework assigment for school.

7) The vice president of your Student Government Association (SGA) downloads a photograph from the web and uses it in a flier recruiting SGA members.

8) A student copies text from the web and uses it in a research paper for his English Composition class.

9) An employee sends political campaign material to individuals on her employer’s mailing list.

10) As an employee in the registration office, you have access to student grades. You look up grades for your friends, so they do not have to wait for delivery of grades reports from the postal service.

11) An employee makes a copy of software and install it on her home computer. No one uses her home computer while she is at work, and she uses her home computer only to finish projects from work.

12) An employee who has been laid off install a computer virus on his employer’s computer.

13) A person designing a web page finds one on the web similar to his requirements, copies it, modifies it, and published it as his own web page.

14) A student researches using only the web to write a report.

15) In a society in which all transactions occur online (a cashless society), the government tracks every transaction you make and automatically deducts taxes from your bank account.

16) Someone copies a well-known novel to the web and encourages others to read it.

Information Technology Code of Conduct

1) Computers may not be used to harm other people.

2) Employees may not interfere with others’ computer work.

3) Employees may not meddle in others’ computer files.

4) Computers may not be used to steal.

5) Computers may not be used to bear false witness.

6) Employees may not copy or use software illegally.

7) Employees may not use others’ computer resources without authorization.

8) Employees may not use others’ intellectual property as their own.

9) Employees shall consider the social impact of programs and systems they design.

10) Employees always should use computers in a way that demonstrates consideration and respect for fellows humans.

Intellectual Property Rights

• Are the rights to which creators are entitled for their work.

• Copyright

gives authors and artist exclusive rights to duplicate, publish, and sell their materials.

Information Privacy

• The right of individuals and companies to deny or restrict the collection and use of information about them.

Techniques that companies and employers use to collect Techniques that companies and employers use to collect personal datapersonal data

• Electronic Profiles• Cookies• Spyware and Adware

• Spam• Phishing

Social Engineering

• Is defined as gaining unauthorized access or obtaining confidential information by taking advantage of the trusting human nature of some victims.

Health Concerns of Computer Use

• Repetitive strain injury (RSI)

• Computer vision syndrome (CVS)

• Ergonomics and Workplace Design

• Computer Addition

• Green computing

Green Computing Suggestions

• Use computers and devices that comply with the ENERGY STAR program.

• Do not leave the computer running overnight• Turn off the monitor, printer, and other devices when not

in use.• Use paperless methods to communicate.• Recycle paper.• Buy recycled paper.• Recycle toner cartridges.• Recycle old computers and printers.• Telecommute (save gas).