Chapter 4 Readings The problem is information insecurity o Big cost: information theft, financial theft, productivity loss (when networks stop working and minor security inconveniences) o Real problem = insecure software (bad design, poorly implemented features, inadequate testing and security vulnerabilities from software bugs) o Externality = cost of a decision that’s borne by people other than those making the decision (vendors refuse to make better product but consumers are hurt) o In order to make them (vendors/corporations) change, we need to make it to be in their financial best interests (such as liability law that raises the cost to doing it wrong) The key to data security – Separation of duties o Achieved by disseminating the tasks and associated privileges for a specific security process among multiple people o Common policy so fraud requires collusion of 2 or more parties which reduces likelihood of crime o 2 primary objectives: prevention of conflict of interest, the appearance of conflict of interest, wrongful acts, fraud, abuse and errors detection of control failures that include security breaches, info theft and circumvention of security controls o restricts amount of power/influence held by any individual o ensures ppl don’t have conflicting responsibilities and are not responsible for reporting on themselves or their superiors o one person should not have control over all the diff aspects/tasks/processes (like making the design & checking the effectiveness of design/control) o there needs to be separation btwn development, operation and testing of security and all controls o SoD failures are listed as a material deficiency on audit reports when the risks are great enough Section 4.1 Information ethics All the definitions o Copyright is the legal protection afforded an expression of an idea, such as a song, book, or video game o Intellectual property is intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents o Patent is an exclusive right to make, use, and sell an invention and is granted by a govt to the inventor o Ethics is the principles and standards that guide our behavior toward other people o Privacy is the right to be left alone when you want to be, to have control over your personal possessions, and not to be observed w/o your consent o Confidentiality is the assurance that messages and info remain available only to those authorized to view them o Information Ethics govern the ethical and moral issues arising from the development and use of information technologies, as well as the creation, collection, duplication, distribution, and processing of info itself (w/ or w/o the aid of computer technologies) o Pirated Software is the unauthorized use, duplication, distribution, or sale of copyrighted software
o Counterfeit Software is software that is manufactured to look like the real thing and sold as such o Digital Rights Management
You've reached the end of your free preview.
Want to read all 15 pages?
- Spring '09
- Project Management