mis - privacy issues
DESCRIPTION
MIS Privacy IssuesTRANSCRIPT
PRIVACY ISSUES
Privacy is . . .
• “the right to be left alone” or as
• “state or condition of limited access to a person.”
• A classic definition describes privacy as the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.
Key Elements of Information Privacy
1.Separateness - ability to describe the boundaries and ownership or access rights to information.
2.Restricted access - the ability to protect the identified data.
3.Beneficial use - implies that only data owners or parties explicitly authorized to receive the information are able to benefit from its use.
Privacy Issues
1. Cookie proliferation
2. Seizing cloud data
3. E-mail Concerns
4. Computer Matching
5. Wireless privacy challenges
6. Denial of service attacks
7. Software vulnerability
Cookie Proliferation
• The invisible cookie software agents that track your browsing habits and personal data.
• Advertising networks, marketers, and other data profiteers depend on cookies to learn more about who you are.
Seizing Cloud Data
• The files stored in Cloud based Data servers are vulnerable to privacy loopholes.
• Absence of adequate legal framework.
• 36 percent of the consumer content will be stored in the cloud by 2016.
E-mail Concerns
• Corporations and individuals are now using e-mail as a major means of communication.
• Two types of threats :
1.Spamming
2.Flaming
Spamming
•Sending of unsolicited e-mail by mass advertisers.
•Used to spread computer viruses or infiltrate systems.
Flaming
•Sending of critical and vulgar e-mail messages.
Computer Matching
• Selling of information about customers from database to other parties.
• Consumers are then subjected to a barrage of unsolicited promotional material.
Wireless Privacy Challenges
• Wifi transmission technology uses spread spectrum transmission
• Here a signal is spread over a wide range of frequencies and the particular version of spread spectrum transmission used .
• Standards like 802.11 was designed to make it easier for stations to find and here one another.
• This wifi standard can be easily penetrated by outsiders. Hackers may use this gap to access vital servers.
Denial of Service Attacks
• Hackers flood a network server or webserver with many thousands of false communication or requests for service to crash the network .
• The network receives somany querries that it cannot keep up with them and is thus unavailable to service legitimate request.
• It causes the website to shut down , making it impossible for legitimate users to access the site.
Software Vulnerability
• Software errors also pose a constant threat to information systems.
• The problem is the presence of hidden bugs or program code defects .
Measures to Protect Privacy
1. Web-bugs 2. Virtual Private Networking3. IPSec (Ipv6)4. Cookies5. Security outsourcing 6. Access control 7. Intrusion detection systems 8. Securing wireless networks 9. Ensure software reliability 10.Secured Socket Layer
Web-bugs• Which provides server capability to
monitor the behaviour of the visitor.
• Web bugs are tiny graphic files inserted in e-mail messages and web pages , which monitor the visitor behaviour .
• These tiny files identify the visitor , and keep track of pages visited and transmit this information to website monitor computer.
Virtual Private Networking (VPN)
• VPN technology provides the medium to use the public Internet backbone as an appropriate channel for private data communication.
• With encryption and encapsulation technology, a VPN essentially carves out a private passageway through the Internet.
IPSec (Ipv6)• IPSec provides security for transmission of
sensitive information over unprotected networks.
• IPSec acts at the network layer, protecting and authenticating IP packets between participating IPSec devices ("peers")
• With IPSec, data can be transmitted across a public network without fear of observation, modification, or spoofing.
Cookies• The technology produces tiny files deposited
on computer hard disk known as cookies.
• These cookies are designed to collect the data about the visitors and retain it for the future guidance.
Security Outsourcing
• The main security function can be outsourced to managed security service providers (mssp).
• It monitor network activity and perform vulnerability testing and intrusion testing.
• GUARDENT, COUNTERPANE, VERISIGN are some mssp’s now available.
Access Control
• These are the policies and procedures a company uses to prevent improper access to systems by unauthorized insiders and outsiders
Intrusion Detection Systems
• It is a full time monitoring tool placed at the most vulnerable points or hot spots of corperate networks.
• It is for detect and deter intruders continually. The system generates an alarm if it finds any suspicious program attacking.
Securing Wireless Networks• WEP provides some margin of security if wi-fi
users remember to activate it.• Wifi protected access improves data
encryption by replacing the static encryption keys with longer 128-bit keys that continually change ,making them harder to crack. wpa provides another facility known as extensible authentication protocol (EAP).
• It works with central authentication server to authenticate each user on the network before user can join it..
Ensure Software Reliability
• Devote more attention to software reliability and quality.
• Errors should be corrected at the early stage of software design before when it is programmed.
• Thorough testing ferther reduces software errors , even though it may be impossible to eliminate them completely.
Secured Socket Layer (SSL)
• SSL is a communication system that ensures privacy when communicating with other SSL-enabled products.
• SSL is a protocol that runs above TCP/IP and below HTTP or other top-level protocols.
• It is symmetric encryption nested within public-key encryption, authenticated through the use of certificates.
• An SSL connection can only occur between an SSL-enabled client and an SSL-enabled server.
THANK YOU