http://dn58412/is531/is531_sp15.html lecture 12 information security and confidentiality (chapter...
TRANSCRIPT
![Page 1: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/1.jpg)
http://www.csun.edu/~dn58412/IS531/IS531_SP15.html
Lecture 12Information Security and
Confidentiality (Chapter 12)
![Page 2: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/2.jpg)
1. Privacy, confidentiality, information privacy, and information security and the relationships among them.
2. How information system security affects privacy, confidentiality, and security.
3. The significance of security for information integrity
4. Potential threats to system security and information.
5. Security measures to protect informationIS 531 : Lecture 12 2
Learning ObjectivesLearning Objectives
![Page 3: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/3.jpg)
Security ConcernSecurity Concern• Information security and confidentiality of
personal information represent major concerns in today’s society amidst growing reports of stolen and compromised information.
• Globalization and increased use of internet• Evolving technology and intrusion techniques• Information must be protected through a
combination of electronic and manual methods
IS 531 : Lecture 12 3
![Page 4: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/4.jpg)
Information SecurityInformation Security
• The protection of information against threats to its integrity, inadvertent disclosure, or availability determines the survivability of a system
IS 531 : Lecture 12 4
![Page 5: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/5.jpg)
PrivacyPrivacy
• Freedom from intrusion, or control over the exposure of self or of personal information
• The right to determine what information is collected, how it is used, and the ability to review collected information for accuracy and security
IS 531 : Lecture 12 5
![Page 6: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/6.jpg)
ConfidentialityConfidentiality
• The protection of healthcare information is mandated by the Health Insurance Portability and Accountability Act (HIPAA) and the Joint Commission requirements.
• Must not disclose patient-related information without consent
• Share info only with the parties requiring it for client treatment
• Mostly due to careless communication in a public area or with appropriate person
IS 531 : Lecture 12 6
![Page 7: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/7.jpg)
Information/Data Information/Data PrivacyPrivacy
• The storage and disclosure/dissemination of personally identifiable information
• The right to choose the conditions and extent to which information and beliefs are shared
• The right to ensure accuracy of information collected
IS 531 : Lecture 12 7
![Page 8: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/8.jpg)
ConsentConsent
• The process by which an individual authorizes healthcare personnel to process his or her information based on an informed understanding of how this information will be used
• Entails making the individual aware of risks to privacy and measures to protect it
IS 531 : Lecture 12 8
![Page 9: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/9.jpg)
Information System SecurityInformation System Security
• Ongoing protection of both information stored in the system and the system itself from threats or disruption
• Primary goals :– Protection of client confidentiality– Protection of information integrity– Timely availability of information when
needed
IS 531 : Lecture 12 9
![Page 10: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/10.jpg)
Security PlanningSecurity Planning
• Safeguard against: – Downtime– Breeches in confidentiality– Loss of consumer confidence– Cybercrime– Liability– Lost productivity
• Ensure compliance with HIPAA
IS 531 : Lecture 12 10
![Page 11: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/11.jpg)
Steps to SecuritySteps to Security
• Assessment of risks and assets• An organizational plan• A “culture” of security• The establishment and enforcement of
policies
IS 531 : Lecture 12 11
![Page 12: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/12.jpg)
Threats to System Security Threats to System Security and Informationand Information
• Human threats– Thieves– Hackers and crackers– Denial of service attacks– Terrorists– Viruses, worms– Revenge attacks– Pirated Web sites
IS 531 : Lecture 12 12
![Page 13: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/13.jpg)
Threats to System Security Threats to System Security and Information …and Information …
• On-site threats– Poor password management– Compromised device– Human error– Unauthorized insider access– Flooding site– Power fluctuations
• Fires and natural disasters
IS 531 : Lecture 12 13
![Page 14: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/14.jpg)
Security Measures Security Measures
• Firewalls—barrier created from software and hardware
• Antivirus and spyware detection• User sign-on and passwords or other
means of identity management• Access on a need-to-know basis • Automatic sign-off• Physical restrictions to system access
IS 531 : Lecture 12 14
![Page 15: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/15.jpg)
AuthenticationAuthentication
• Process of determining whether someone is who he or she claims to be
• Methods: – access codes, – logon passwords, – digital certificates, – public or private keys used for
encryption– biometric measures
IS 531 : Lecture 12 15
![Page 16: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/16.jpg)
PasswordPassword• String of alphanumeric characters to type in
for system access• Inexpensive but not the most effective
means of authentication• Do:
– Choose 8-12 character passwords– Avoid obvious passwords– Using the first characters of your favorites verses
/ sayings.– Including special characters, lower and upper
cases, numbers .
IS 531 : Lecture 12 16
![Page 17: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/17.jpg)
Password …Password …
• Don’t: – Post or write down passwords.– Leave computers or applications running
when not in use.– Re-use the same password for different
systems.– Use the browser “save password” feature.
• Never share passwords.• Change password frequently
IS 531 : Lecture 12 17
![Page 18: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/18.jpg)
BiometricsBiometrics
• Identification based on a unique biological trait– fingerprint– voice – iris pattern / retinal scan– hand geometry / palmprint– face recognition– etc…
IS 531 : Lecture 12 18
![Page 19: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/19.jpg)
Antivirus SoftwareAntivirus Software
• Computer programs that can locate and eradicate viruses and other malicious programs from memory sticks, storage devices, individual computers, and networks
• Detect and eliminate malwares / spywares that install themselves without the user’s permission to collect passwords, PIN numbers, account numbers then send them to another party
IS 531 : Lecture 12 19
![Page 20: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/20.jpg)
Antivirus SoftwareAntivirus Software
IS 531 : Lecture 12 20
Source : http://anti-virus-software-review.toptenreviews.com/
![Page 21: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/21.jpg)
Proper Handling and Disposal Proper Handling and Disposal
• Acceptable uses• Audit trails to monitor access• Encourage review for accuracy• Establish controls for information use after-
hours and off-site• Shred or use locked receptacles for the
disposal of items containing personal health information
IS 531 : Lecture 12 21
![Page 22: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/22.jpg)
Implications for Mobile Implications for Mobile ComputingComputing
• Shared responsibility for information and information system security
• Devices are easily stolen.• Devices should require authentication and
encryption to safeguard information security.
• Devices should never be left where information may be seen by unauthorized viewers.
• Verify wireless networks before use.
IS 531 : Lecture 12 22
![Page 23: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/23.jpg)
FirewallFirewall
IS 531 : Lecture 12 23
![Page 24: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/24.jpg)
Physical vs. Logical Physical vs. Logical Access / ControlsAccess / Controls
IS 531 : Lecture 12 24
![Page 25: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/25.jpg)
EncryptionEncryption
IS 531 : Lecture 12 25
I S 5 3 1 01001001 01010011 00110101 00110011 00110001
10010101 00110011 01010011 00110011 00010100
01101010 11001100 10101100 11001100 11101011
Binary CodesASCII (American Standard Code for Information Interchange) : 8 bits EBCDIC (Extended Binary-Coded Decimal Interchange Code ) : 16 bitsUnicode : 32 bits and more
![Page 26: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/26.jpg)
EncodingEncoding
IS 531 : Lecture 12 26
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
DROPBOX TONIGHT
F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
IWTUGTC YTSNLMY
Normal sequence :
Encoded sequence :
Message :
Encoded message :
![Page 27: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/27.jpg)
Public KeysPublic Keys
IS 531 : Lecture 12 27
![Page 28: Http://dn58412/IS531/IS531_SP15.html Lecture 12 Information Security and Confidentiality (Chapter 12)](https://reader035.vdocuments.mx/reader035/viewer/2022062407/56649cec5503460f949b7df6/html5/thumbnails/28.jpg)
ReferencesReferences
• CMU - Security 101 (2011)http
://www.cmu.edu/iso/aware/presentation/security101-v2.pdf
• CMU - Governing for Enterprise Security (2005)https://resources.sei.cmu.edu/asset_files/TechnicalNote/2005_004_001_14513.pdf
IS 531 : Lecture 12 28