SOLUTION: POR 323 Portland Community College Security in Computing Report Research

[ad_1]
1 SECURITY IN COMPUTING, FIFTH EDITION Chapter 9: Privacy From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 2 Chapter 9 Objectives • Limit secrecy and redundant computer-akin secrecy • • • • • challenges Privacy principles and laws Privacy precautions for web surfing Spyware Email secrecy Privacy concerns in emerging technologies From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 3 What Is Privacy? • Secrecy is the lawful to moderate who perceives unfailing sides encircling you, your messages, and your activities • Types of axioms frequent mass judge retired: • Identity • Finances • Health • Biometrics • Privileged messages • Subsidence axioms • Subject: idiosyncratic or beence nature picturesquely by the axioms • Owner: idiosyncratic or beence that rests the axioms From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 4 Computer-Related Secrecy Problems • Axioms collation • Advances in computer storage compel it possible to rest and manipulate vast total of history, and those advances abide to encircleate (new cyber belligerence technique) • Notice and agree • Notice of collation and agree to avow collation of axioms are foundations of secrecy, but succeeding a while late axioms collation, it is repeatedly impossible to perceive what is nature cool • Moderate and holding of axioms • Once a user agrees to procure axioms, the axioms is out of that user’s control. It may be held indefinitely or divided succeeding a while other entities. From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 5 Fair Advice Practices • Axioms should be obtained lawfully and fairly • Axioms should be apt to their resolves, deferential, entire, • • • • • • and up to date The resolves for which axioms conciliate be used should be identified and that axioms destroyed if no craveer expedient for that resolve Use for resolves other than those feature is signed barely succeeding a while agree of axioms theme or by warrant of law Procedures to escort opposite mislaying, putrefaction, damnation, or prostitution of axioms should be established It should be possible to benefit advice encircling the collection, storage, and use of idiosyncratical axioms classifications The axioms themes normally entertain a lawful to vestibule and challenge axioms relating to them A axioms moderateler should be denominated and pliant for complying succeeding a while the measures to good-natured-natureds these principles From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 6 U.S. Secrecy Laws • The 1974 Secrecy Act embodies most of the principles above but applies barely to axioms cool by the U.S. government • Other federal secrecy laws: • HIPAA (healthcare axioms) • GLBA (financial axioms) • COPPA (children’s web vestibule) • FERPA (novice history) • Aver secrecy law varies widely From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 7 Non-U.S. Secrecy Principles • European Secrecy Directive (1995) • Applies the Ware Committee’s principles to councils and businesses • Too procures for extra guard for impressible axioms, impetuous limits on axioms give, and dogged mistake to fix consent • Open Axioms Guard Regulation (GDPR) • Europeans conciliate be cogent to acquaint companies to seal profiling them, they’ll entertain plenteous main moderate aggravate what happens to their axioms, and they’ll furnish it easier to propel complaints encircling the prostitution of their advice. What’s aggravate, the companies on the receiving end of those complaints visage solemn fines if they don’t toe the row. • A register of other nations’ secrecy laws can be endow at http://www.informationshield.com/intprivacylaws.html From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 8 Privacy-Preserving Axioms Mining • Removing warranting advice from axioms doesn’t labor • Even if the aggravatetly warranting advice can be removed, identification from retaining axioms is repeatedly possible • Axioms restlessness (presumption or appreciate dispensation) • As discussed in Chapter 7, axioms restlessness can limit the secrecy wastes associated succeeding a while the axioms succeeding a whileout impacting anatomy results • Axioms mining repeatedly rendezvouses on interrelation and aggregation, twain of which can openly be reliably accomplished succeeding a while perturbed axioms From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 9 Precautions for Web Surfing • Cookies (EU Cookie Law update 2017) • Cookies are a way for websites to treasury axioms concentratively on a user’s machine • They may inclose impressible idiosyncratical advice, such as credit card total • Third-party waying cookies • Some companies specialize in waying users by having numerous popular sites situate their cookies in users’ browsers • This waying advice is used for onrow profiling, which is generally used for targeted advertising • Web bugs • A web bug is aggravate locomotive than a cookie and has the power to immediately cast advice encircling user manner to advertising services From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 10 Spyware • Spyware is adjust add to spy on a user, collecting data • Open spyware: • Advertising applications, idexistence theft • Hijackers: • Hijack real programs and use them for divergent resolves, such as reconfiguring perfect sharing software to divide impressible advice • Adware • Displays chosen advertisements in pop-up windows or the main browser window • Repeatedly regularized in a misleading way as allot-among-among of other software packages From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 11 Where Does Email Go? • When Janet casts an email to Scott, the missive is pestilential via incomplex mail give protocol (SMTP) • The missive is then givered through multiple ISPs and servers precedently it arrives at Scott’s support appointment protocol (POP) server • Scott receives the email when his email client logs into the POP server on his behalf • Any of the servers in this association of message can see and restrain Janet’s email • Demonstrate From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 12 Anonymous or Disappearing Email • Disposcogent email addresses from sites relish mailinator.com • Remailers are trusted third allot-amongies that resituate real addresses succeeding a while pseudonymous ones to vindicate identities in correspondence • Multiple remailers can be used in a TOR-relish configuration to produce impetuouser anonymity • Disappearing email • Because email travels through so frequent servers, it cannot be made to really crouch • Messaging utilitys relish Snapchat, which claims to compel messages crouch, cannot retort-for that recipients conciliate not be cogent to secure those missives From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 13 Radio Abundance Identification (RFID) • RFID tags are minute, low-power wireless radio transmitters • When a tag receives a illustrious on the emend abundance, it responds succeeding a while its sole ID number • Secrecy concerns: • As RFID tags behove cheaper and aggravate ubiquitous, and RFID readers are regularized in aggravate situates, it may behove possible to way beings wherever they go • As RFID tags are put on aggravate items, it conciliate behove increasingly possible to perceive idiosyncratical advice by balbutiation those tags From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 14 Other Emerging Technologies • Electronic voting • Among other issues, discovery into electronic voting apprehends secrecy concerns, such as maintaining secrecy of who has voted and who each idiosyncratic voted for • Expression aggravate IP (VoIP) • While VoIP adds the possibility of encryption to expression overcomes, it too allows a new set of utility procurers to way sources and destinations of those overcomes • Outrival computing • Physical subsidence of advice in the outrival may entertain significant effects on secrecy and confidentiality guards • Outrival axioms may entertain aggravate than one juridical subsidence at a period • Laws could favor outrival procurers to scrutinize user axioms for evidence of immoral activity • Juridical uncertainties compel it arduous to assess the foothold of outrival axioms From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 15 Summary • What axioms is judgeed retired is themeive • Secrecy laws diversify widely by jurisdiction • Cookies and web bugs way user manner across websites • Spyware can be used to way manner for targeted advertising or for plenteous aggravate felonious resolves • Email has weak secrecy guard by default • Emerging technologies are teeming succeeding a while secrecy uncertainties, including twain technological and juridical issues From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 1 SECURITY IN COMPUTING, FIFTH EDITION Chapter 10: Management and Incidents From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 2 Chapter 10 Objectives • Study the fluctuation of a good-natured-natured-natured confidence pur-pose • Learn to pur-pose for trade simultaneousness and responding to incidents • Outrow the steps and best practices of waste anatomy • Learn to ad for regular and human-caused disasters From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 3 Contents of a Confidence Plan • A confidence pur-pose identifies and organizes the confidence activities for a computing classification. • The pur-pose is twain a title of the present standing and a map for progress. • The pur-pose is twain an authoritative chronicles of present confidence practices and a blueprint for equable diversify to improve those practices. From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 4 Contents of a Confidence Plan • Policy, indicating the goals of a computer confidence exertion and the • • • • • • willingness of the mass concerned to labor to consummate those goals Current aver, describing the foothold of confidence at the period of the plan Requirements, recommending ways to encounter the confidence goals Recommended moderates, mapping moderates to the vulnerabilities identified in the management and fitnesss Accountability, instrumenting who is binding for each confidence activity Timetable, warranting when divergent confidence offices are to be done Maintenance, featureizeing a composition for intermittentally updating the confidence pur-pose From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 5 Security Policy • A high-raze averment of resolve and intent • Answers three redundant questions: • Who should be avowed vestibule? • To what classification and constructional instrument should vestibule be allowed? • What types of vestibule should each user be avowed for each resource? • Should featureize • The construction’s confidence goals (e.g., limit whether reliable utility is a upper guidance than preventing infiltration) • Where the office for confidence lies (e.g., the confidence assembly or the user) • The construction’s commitment to confidence (e.g., limits where the confidence assembly fits in the oppidan composition) From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 6 Security Policy • Confidence policies and pur-poses can and repeatedly should be at the raze of classifications or assemblys of classifications. • An construction-wide confidence management can address users and classifications barely in the treatment of fairly open roles, which, for frequent resolves, is not feature sufficient. • Whereas the construction as a gross may be primarily focused on maintaining confidentiality of axioms, unfailing systems in that construction may lawfulfully rendezvous on maintaining availpower as a top guidance. From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 7 Assessment of Present Confidence Status • A waste anatomy—a classificationic research of the system, its environment, and what force go wrong—forms the account for describing the present confidence aver • Defines the limits of office for confidence • Which possessions are to be vindicateed • Who is binding for vindicateing them • Who is outside from office • Boundaries of office From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 8 Security Requirements • Confidence fitnesss are administrative or enterprise demands placed on a classification to fix a desired raze of confidence • Usually allotial from constructional trade needs, sometimes including consent succeeding a while mandates imposed from outside, such as council standards • Characteristics of good-natured-natured-natured confidence fitnesss: • Correctness • Consistency • Completeness • Realism • Need • Verifiability • Traceability From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 9 Security Requirements • Correctness: Are the fitnesss understandable? Are they • • • • • • stated succeeding a whileout hallucination? Consistency: Are there any discordant or ambiguous requirements? Completeness: Are all possible standings addressed by the requirements? Realism: Is it possible to appliance what the fitnesss mandate? Need: Are the fitnesss unnecessarily obligatory? Verifiability: Can tests be written to present conclusively and objectively that the fitnesss entertain been met? Can the classification or its administrativeity be measured in some way that conciliate assess the range to which the fitnesss are met? Traceability: Can each fitness be traced to the offices and axioms akin to it so that diversifys in a fitness can lead to manageable reevaluation? From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 10 Responsibility for Implementation • A minority of the confidence pur-pose conciliate warrant which mass (roles) are binding for applianceing confidence fitnesss • Common roles: • Users of idiosyncratical computers or other devices may be binding for the • • • • • confidence of their own machines. Alternatively, the confidence pur-pose may designate one idiosyncratic or assembly to be coordinator of idiosyncratical computer confidence. Project leaders may be binding for the confidence of axioms and computations. Managers may be binding for examination that the mass they supervise appliance confidence measures. Database administrators may be binding for the vestibule to and honor of axioms in their axiomsbases. Information appointmentrs may be binding for aggravateexamination the myth and use of data; these appointmentrs may too be binding for discontent and peculiar disposal of axioms. Personnel staff members may be binding for confidence involving employees, for model, screening possible employees for safeguard and arranging confidence grafting programs. From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 11 Timetcogent and Pur-pose Maintenance • As a confidence pur-pose cannot be applianceed straightway, the pur-pose should apprehend a periodtcogent of how and when the elements in it conciliate be performed • The pur-pose should featureize the adjust in which moderates are to be applianceed so that the most solemn exposures are covered as promptly as possible • The pur-pose must be malleable, as new equipment conciliate be acquired, new connectivity requested, and new threats identified • The pur-pose must apprehend procedures for diversify and growth • The pur-pose must apprehend a catalogue for intermittent review From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 12 Inputs to the Confidence Plan Security Policies (Constraints) Requirements Security Planning Process Security Plan Security Techniques and Controls (Mechanisms) From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 13 Security Planning Team Members • Confidence pur-posening touches complete side of an construction and accordingly requires allot-amongicipation courteous past the confidence assembly • Common confidence pur-posening representation: • Computer hardware assembly • Classification administrators • Systems programmers • Applications programmers • Axioms minute idiosyncraticnel • Physical confidence idiosyncraticnel • Representative users From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 14 Assuring Commitment to a Confidence Plan • A pur-pose that has no constructional* commitment collects dust on a shelf • Three assemblys of mass must add to making the pur-pose a success: • The pur-posening team must be impressible to the needs of each assembly artful by the pur-pose. • Those artful by the confidence recommendations must understand what the pur-pose media for the way they conciliate use the classification and perform their trade activities. In allot-amongicular, they must see how what they do can feign other users and other classifications. • Management must be committed to using and enforcing the confidence sides of the classification. From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 15 Business Simultaneousness Planning • A trade simultaneousness pur-pose instruments how a trade conciliate abide to office during or succeeding a computer confidence incident • Addresses standings having two characteristics: • Catastrophic standings, in which all or a important allot-among-among of a computing cappower is suddenly unavailable • Crave prolongation, in which the outage is expected to last for so crave that trade conciliate suffer From Confidence in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copylawful 2015 by Pearson Education, Inc. All hues cold. 16 Continuity Planning Activities • Assess the trade ...
Purchase retort to see full attachment

[ad_2]
Source combine